Mister Reiner gave me a copy of this book quite a while ago. I have finally gotten around to reading it and I was pleasantly surprised. With so many quality titles out there on computer security, honestly I was a bit skeptical, but this book brings in a breath of fresh air.
I loved Mister Reiner’s introduction. I feel that his battle of convincing co-workers that their network has in fact been penetrated is echoed in many workplaces around the world. Sometimes the hardest people to convince that there has been a computer intrusion are those who are in charge of securing the network.
With the majority of my experience being in the small business field I was very impressed with chapter 2, “The Standard Security Template”. This is probably one of the best step by step views of securing a new small network system that I have yet seen in print. Most books focus on large corporate networks, but Mister Reiner has provided an excellent setup guide for securing a small network. Mister Reiner also covers the basic knowledge needed to secure a system and the importance of system documentation.
Next, Mister Reiner takes a look at hackers and their tactics. Chapter 5, “Hacking 201 – Getting more technical” is one of my favorite chapters. In this chapter, Mister Reiner gives you a unique, over the shoulder view of a hack in progress. Even though it is not a technical, in-depth, step by step how to, it still gives you an amazing view into what hackers target and how they would operate against an online database server.
Mister Reiner continues with a look at the different skill level of hackers and how their skill level determines their operational techniques. This includes recon, mapping of a network, and using E-Mail to penetrate a system. Once penetrated, Mister Reiner shows some of the techniques hackers use to consolidate their hold on the network using smart Trojans and sleepers.
Finally, Mister Reiner wraps up the book with a look at the monumental task of deciphering and catching malicious traffic through logs and intrusion detection systems. With the holes in operating systems and applications, volumes of data to monitor and the ever present human factor, I wholeheartedly agree with Mister Reiner’s summation. Which is, to completely secure a system, we need to “Throw out all the hardware, operating systems and applications we use now – and reengineer everything from scratch.”
“OWNED: Why Hacking Continues to be a Problem” gives a very good look at network security, the tactics of hackers and the struggles of securing systems against these threats. The book is not overly technical and is easy to read. If you are new to computer security and want to know more, I highly recommend this book.