Inside Internet Security: What Hackers Don't Want You To Know [ペーパーバック]

The book offers a good overview of information security, though with a lot of "talk". I found myself scanning 75% of the paragraphs for the meat....I'm a software engineer, and have read "Secret's and Lies", which offers a much more thorough and better review of the subject. Buy it, instead. Not only will you get a better education, but you'll actually read the entire book instead of skimming most of it.

...Neither this nor "Secrets and Lies" will offer much specific information on security loopholes, i.e. how to hack or avoid being hacked. "Hacking Exposed" does that, however, and is a good read, too.

As a new field where speed is essential and getting there first is sometimes more important than following the correct path, computing suffers from more than its share of unsubstantiated claims. However, it is a field of human endeavor like all others we engage in, which means the social laws apply here as well. The recent burst of the "Internet bubble" should have surprised no one, as it is just the basic laws of business finally asserting themselves. Since it involves humans doing things where the consequences can be very visible, it is inevitable that it will attract people who will deface or destroy something just for the attention it generates. Therefore, like all other things we do in life, it is necessary to remain wary when using the Internet, and this book generally delivers help without the hype.
When reading this book, it is clear that most of the problems involving computer security involve fundamental oversights or misfeasance on the part of someone. As I read through the examples in this book, I was reminded of the biography I read of the Nobel prize winning physicist Richard Feynman. He managed to obtain a reputation among his fellow workers as an expert safe cracker. However, as he makes quite clear when describing his life, most of this was just simple logic and luck in combination with oversight. The people around him tended to leave their combination locks on the last number, which reduced the possibilities and one time he managed to crack a safe by simply opening it, as it had not been properly latched. Some time ago, there was an announcement of a security flaw in Linux. It turned out that if some defaults were not altered after the install, it would be possible for unauthorized persons to access the system. If there is a flaw here, it is hardly a problem with Linux.
Therefore, most of the solutions presented in the book fall under the umbrella of common sense. Use "complex" passwords and don't write them down in obvious places such as in a desk drawer. Furthermore, do not give out sensitive information over the phone, which is something I preach to my young children. The recent hilarious case of Oracle operatives doing some dumpster diving outside the Microsoft offices points out that one of the most efficient security features is to destroy any paper containing sensitive information.
While most of the book is good, there was one point where I severely disagreed with the author. On page 45 there is a chart of components with 99.9% confidence of security and a computation concerning the confidence of security for ten such components as well as the hours and days of cumulative vulnerability based on these confidence levels. Granted, the author qualifies this as being merely a theoretical discussion, but it is still very misleading. Probabilities like this are most likely not additive, as following one path means the elimination of another. To say that having a component that is 99.9% secure means that it is "open" 8.8 hours of the year is simply not correct. In fact, the author does not really define precisely what is meant by a 99.9% confidence of security.
I also question one other premise of the book, namely that a hacker defacing a site is a catastrophe. What people care about is that the data inside and all critical transmissions are secure. As long as the bank vault is untouched, I am not greatly disturbed if someone spray paints the sign out front. Most web users are smart enough to appreciate this difference.
Being aware of the risks inherent in using the Internet is the most important thing you can do to cover your caboose when using it. In this book, you will learn that using the simple awareness and common sense caution that you always use when conducting business with strangers is the best approach to security on the Internet.

I am an Air Force officer and technical resource for a 50-person military intrusion detection operation. I constantly search for sources of information useful to front-line security personnel, and I rate books against that standard.

"Inside Internet Security" is a book managers and new security workers would find enlightening. I would not recommend it for anyone who's been "in the trenches" for 6-12 months or more. The content can be found in many other works and I did not learn anything new, save for minor trivia, such as the fact the AS/4000 includes an integrated firewall on a separate coprocessor card (p. 84).

This does not mean the book is without merit. Its length (250 pages) will not scare readers away, and its range of topics provide a solid introduction to the security realm. Still, this book isn't really about "what hackers don't want you to know," since the material is relatively basic. Books like "Hacking Exposed" probably come closer to explaining specific techniques for penetrating networks. I'm afraid what hackers really don't want "white-hats" to know isn't in print, either on paper or on the Internet.