***** Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition. By Stuart McClure et al; published by McGraw-Hill Osborne Media, www.osborne.com (Web); 720 pages, $49.99.
This new book in the Hacking Exposed series won’t make you a “l33t haxor,” or “elite hacker” in the parlance of the trade, but it exposes a variety of common and not-so-common methods and tools, making it a good reference for the security practitioner.
Among the new material provided in this edition are niche subjects such as hardware hacking and private branch exchange hacking, a method of hacking telecommunications systems to make free calls or to gain backdoor system connectivity. The topics included in a chapter on hardware hacking are particularly important since they are often not covered in other books. However, it should be noted that the subject is introduced only to demonstrate the its importance to network security, so don’t expect it to be covered comprehensively.
Most of the book’s material is geared toward intermediate levels of experience, and the reader should have some basic understanding of networking, programming, and database architecture. While there are some details for “newbies,” a reader with no prior knowledge of the topic will soon be lost. At the other end of the spectrum, there is some material for experts, but highly experienced pros will find much of the information trite.
The book could have been better edited to cull out some material that is unnecessary either because it is too detailed, such as installation instructions for wireless hacking software, or because it is obvious, such as the occasional suggestion to look to Wikipedia for more information. The book could also benefit from a compiled acronym list because the acronyms used are not always defined in the narrative.
Overall, this is a very good reference document for IT professionals. The book is readable, not too dry, and includes enough examples and images to support and exemplify the subject matter. Helpful icons serve as a visual aid for quickly finding important points. And if the reader wishes to delve deeper into a given topic, there are plenty of additional resources listed, including commercial products, researchers, private organizations, and governmental organizations like NIST.
Reviewer: Coleman Wolf, CPP, CISSP (Certified Information Systems Security Professional), is an associate at ESD, Inc., a leading engineering and consulting firm located in Chicago. He has 20 years’ experience as a security professional and is a member of the ASIS International Information Technology Security Council.