SANS GIAC Certification: Security Essentials Toolkit (GSEC) - Softcover

Review

The best way to develop a working knowledge of anything is to actually work with it--see it work, fail, and what happens when variables are adjusted. Under the guise of an exam preparation aid, SANS GIAC Certification: Security Essentials Toolkit guides its readers through a series of carefully designed experiments that collectively illustrate how attackers go about breaking into (or just plain breaking) their targets. The authors assume little background knowledge on the reader's part and take care to show you what you need to do in order to see the effects they're trying to demonstrate. This is, above all, a laboratory manual, and the authors deserve kudos for their effort to ensure that you can reproduce their results. A highly graphical design and wide, lay-flat binding make this book all the more useful as a hands-on companion.

The authors' dedication to standardization is evident from the first exercise (this book consists almost entirely of exercises), in which they show how to build a dual-boot system with both Linux and Windows 2000 installed. The idea is that you can build this system once, make an image of it, and then be able to repeatedly break and rebuild your system without wasting time. Subsequent exercises deal with different types of attacks and the defences that are effective against each. Each exercise has an explicitly illustrated procedure--usually illustrating a successful attack and a failed one (i.e., one that was defended against). You learn not only to install defensive software and trust it, but also to recognise evidence of attacks in log files and in behavioural symptoms. More security books--and technical books in general--should be like this one. --David Wall

Topics covered: The kinds of attacks--against Windows 2000 and Linux systems--that are covered on the SANS Institute's Global Information Assurance Certification (GIAC) exam, as well as the software tools and configuration strategies that you can use to protect your systems against them. The authors cover many attacks--including trojans, host spoofs, and others--and many defensive weapons (like firewalls and intrusion detection systems).

About the Author

About the Authors

Eric Cole has worked in the information security arena for more than 10 years. He holds several professional certifications and has helped develop several of the SANS GIAC certifications and corresponding courses. Eric has a BS and MS in computer science from New York Institute of Technology and is completing his Ph.D. in network security. He has extensive experience with all aspects of information security including the following: cryptography, stenography, intrusion detection, NT security, Unix security, TCP/IP and network security, Internet security, router security, security assessment, penetration testing, firewalls, secure Web transactions, electronic commerce, SSL, TLS,IPSec, and information warfare.

Eric has created and headed up corporate security for several large organizations, built several security consulting practices, and worked for more than five years at the Central Intelligence Agency. He was an adjunct professor at New York Institute of Technology and is currently an adjunct professor at Georgetown University. Eric is author of the book Hackers Beware and contributing author to Know Thy Enemy: The HoneyNet Project. Eric teaches a wide range of courses for SANS and is actively involved with several of there search projects that SANS is performing. He led the SANS Top 20 vulnerability consensus project and is actively involved with the Cyber Defense Initiative.

Mathew Newfield serves as a Senior Security Analyst for TruSecure Corporation. His background includes penetration testing, security architecture, and design and network consulting. He currently works with several companies in securing their environments and obtaining corporate security certifications.

John M. Millican has been providing information consulting services since 1978. During that time, he has supported numerous versions of Unix, including AT&T, CTIX, SCO Unix, AIX, Unixware, and Linux. John was the first person to earn all the GIAC Level 2 Certifications offered by the SANS Institute. He is certified by SANS GIAC for Intrusion Detection In Depth (GCIA); Advanced Incident Handling and Hacking Exploits (GCIH); Firewalls, VPNs, and Perimeter Protection (GCFW); Securing Windows (GCFW); Securing Unix (GCUX); and Auditing Networks, Perimeters, and Systems (GCNA). He is currently the chairman of the SANS Unix Security Certification Board. John also assisted in the development of the SANS Security Essentials Bootcamp.

Technical Reviewers

Mike Poor is a security analyst for Compugenx, a Washington, D.C.-based consulting company. He holds SANS, GSEC, and GCIA certifications. As a security analyst, he conducts vulnerability assessments, penetration tests and security audits and administers intrusion detection systems. Previously, Mike has worked in network engineering and systems, network, and Web administration. He is currently working on merging Snort, Shadow, and ngrep to bring more analytical power to the analyst.

Sheila Ettinger is gainfully employed as a Unix Systems Administrator at Concordia University in Montreal. In her previous life, she worked in contract research and as a technical writer, software tester, and Windows trainer. Sheila is currently part of the design team involved in a project to reorganize Concordia's IT services. (She is being dragged kicking and screaming into the world of Active Directory. We'll let you know if she survives.)

In addition to her day job, Sheila teaches evening computer courses at Concordia's Center for Continuing Education and is a Program Consultant for the center's Computer Institute. In her down time, she enjoys playing clarinet in a number of community concert bands and taking courses in the university's music department.

David Goldsmith has been working in the computer and network industry for over 10 years, of which he has focused the last 3 on Internet connectivity and system/network security. From 1990 to 1995, he worked for the USMC as a system/network administrator and systems engineer. From 1995 to 1999, he worked for Ocean Systems Engineering Corporation providing system administration and network security support for the USMC. David currently has his own business, Rappahannock Technologies, Incorporated, which focuses on providing network security consulting services to commercial companies. He holds a degree in computer science from the University of California, San Diego.