Author: Matthew Monte
Audience: Network administrators and managers
Reviewer: Kay Ewbank
It's not enough to defend your network against attack, you need defensive and offensive strategies. This book help you develop a unified framework.
This isn't a book that attempts to give you a list of "do this and you'll be safe" type tips. Instead, Matthew Monte looks at security in terms of an ongoing battle with the would-be attackers so you can develop an overall strategy for staying safe.The whole book uses military analogies throughout the text, and give the distinct feeling that Monte sees the whole process as a war.
The idea is that you need to know the 'why' behind the attacks, as only by looking at the motivation for an attack can you come up with strategies that will keep protecting your network.
The book starts with a look at the difference between exploitation and attack, putting forward the view that this is just the latest incarnation of espionage. Monte then moves on to look at a typical attacker. As he points out, the attackers who get through are neither lucky nor invincible, but they are successful, and beating them means understanding them and the nature of their operations.
As with the rest of the book, the theoretical discussions are backed up with examples of where attacks have succeeded. The current types of attack in terms of how the attackers gain access is also covered in this chapter.
Defenders are looked at next, with the rather depressing observation that in terms of resources, a network defense is up against well trained individuals directly supported by hundreds of others, and indirectly supported by thousands. Monte first depresses you by observing that you're always going to be vulnerable because people, the need to be connected, and limited resources all work against you; he then points out that the attackers also have the same set of things working against them.
The next chapter is titled Asymmetries, and looks at how warring technologies leapfrog each other so that one side has an 'unfair' advantage - tanks versus cavalry sort of thing. However, Monte says the usually quoted asymmetries - cost and attribution - aren't actually asymmetric because the attackers have to put in time and effort to build an infrastructure then launch lots of unsuccessful attacks before getting lucky. However, they are motivated and focused.
Attacker Frictions are looked at next, where frictions are the unseen forces that act against movement and progress. What slows attackers down are things such as upgrades and updates, other attackers not being as good and triggering alarms, and flawed attack tools. Defender frictions - mistakes, inertia, complexity, and users - are all too familiar to anyone attempting to keep a network safe, but a chapter about them still makes interesting reading.
Up till this point, the book makes interesting reading in terms of giving a framework for discussing the problem, but you're unlikely to have learned anything to help you stop an attack. From this point onwards, the chapters are more about what you can do. There's a chapter on offensive strategy that sets out the tactics an attacker needs to use to successfully attack (and what you can do to counteract them), and more directly usefully, a chapter on creating a successful defensive strategy. The book ends with a chapter on offensive case studies that looks at some of the more notorious successful attacks such as Stuxnet and Flame.
Overall, the book is an interesting read, and putting the whole network security topic into context as a war using military thinking makes a lot of sense. I don't think you'll come away having discovered anything new, but you might come away with a more coherent way of thinking about the problem.
To keep up with our coverage of books for programmers, follow @bookwatchiprog on Twitter or subscribe to I Programmer's Books RSS feed for each day's new addition to Book Watch and for new reviews.
Hacking The Art Of Exploitation
Hacking The Next Generation
Stealing The Network
The Myths Of Security