Hacker Techniques, Tools and Incident Handling – Review by Bryan Bechard

A broad base of information security topics

Every year I see a coach on TV say the team needs to “emphasize the fundamentals” in their practices and next game. Not being able to do the basics well means the higher level plays will not work. Hacker Techniques, Tools, and Incident Handling covers a broad base of information security topics. Starting with the OSI reference model and going all the way up to sniffers, session hijacking and DOS attacks. By starting with the fundamentals and building on the previous chapter this book will give you great insight into a large spectrum of information security.

A book for newbies…

I recommend this book for newbies that do not know all the areas that need to be covered by modern information security programs. More experienced infosec pros who want to research outside their niche area of expertise will get a refresher course and get to know the latest hacking techniques. Full time pen testers or writing anti-virus signatures may find this book’s concepts and tools rudimentary.

“Think like an attacker…”

The opening chapter goes into the why systems get hacked in the first place and gives some insight into the attacker mind as to why they are trying to penetrate systems in the first place. The hope being if you can “think like an attacker” when you are evaluating systems then you will not miss things they are looking for. Then the authors review TCP/IP, crypto and physical security concepts that cover the essentials in each of those areas and what controls should be part of any infosec program.

The second section is an overview of how an attack is executed. Foot printing, port scanning, enumeration, wireless, web, database, and malware tools and countermeasures are covered. The authors do a good job of explaining what the vulnerability is and how it works. When they go into the various tools available to exploit them it is not much more than a list without explanation into how they work. (For an in depth look at tools check out Penetration Tester’s Open Source Toolkit.)

The final section is on incident response. This part of information security is a mystery to many because it does not have an IT equivalent. System and network admins can become security admins, web coders can switch to pen testing or code review, etc. However there is no direct equivalent to incident response in IT. Because of this it is often difficult for people to cross over into that part of infosec. This section is another good outline of how an incident should be handled and the steps needed to find, contain and mitigate intrusions. The wrap up chapter is on defensive tools. While in depth use is lacking, it is a list of systems to counteract the attack tools.

Evaluation

Hacker Techniques, Tools, and Incident Handling is a text book on the challenges an infosec team faces. I would give it to my new engineers who are getting their feet wet in the infosec pond or to IT teams that need an overview of the kinds of things I have to deal with on a daily basis as part of their education.

You can buy Hacker Techniques, Tools and Incident Handling from our international website (which is dominated in British Pound Sterling) or from our USA website (which is dominated in US Dollars and ships from a US warehouse).