Title: The Hack - Counter Hack
Authors: Ed Skoudis
Publisher: Prentice Hall PTR
Published: Year 2002
Edition: 1st Edition
This is a review of a video lecture series targetted at network administrators and people who are looking to start a career in the security field. It will also go down well with people who are pressed for time, as you can handle each section of the course on your own time, something that invariably doesn't happen with a book.
The lecturer, Ed Skoudis, is very well known in the security community and regularly lectures for www.sans.org - one of the premier information security sites on the web. The course consists of two CD's which have videos broken down into different sections, also included on the CDs are all the tools he demonstrates during the lectures, as well as a sample chapter from a book he has recently authored. If that were not enough, you also get a workbook to go along with the lectures so that you can revise important information and write your own notes alongside the key points.
The whole approach of the CD is very hands-on, which is a refreshing change from the drab texts that we've all poured over at some point or the other. The course starts from scratch and in the introductory lecture, Skoudis walks you through a full installation of both Windows XP and Redhat Linux 7.2 on two separate machines so that you can have your own laboratory to try the tools out.
Whenever he is demonstrating something, the camera focuses right in on his monitor so that you can see exactly what he is typing at each screen. After you've set up the two systems, he talks you through getting them properly networked, and gives you a few tips on the hardware to buy when setting up your lab.
The rest of the lectures cover the five phases an attacker will use to get into your network. Using the laboratory created at the start, he demonstrates different tools an attacker will use at different stages. This approach is uncannily similar to the Introduction to Security Article we recently published here, and in fact we feel this course and our article complement each other very well.
Both break down attacks into the same broad phases :
• Gaining Access
• Maintaining Access
• Covering Tracks
And then get into the details of each phase.
The teaching methodology on this CD is fairly unique:
Skoudis first uses slides to explain the concept behind what the attacker is doing, before firing up the appropriate tool and showing it to you in action, after this he explains how you can secure your network against a tool of this kind. You will see him use wardialers, portscanners, sniffers, remote access trojans, covert channel systems, rootkits and more.
Best of all, you can try out exactly what he is doing using the tools included on the CD, you're not just left with a theoretical concept, you can implement the attack and figure out how to secure yourself against it. The course is also fairly evenly divided between Windows and Linux, he uses both operating systems to perform different attacks, and often attacks one system from the other. This ensures that the information will be relevant to you no matter which operating system you work with.
All in all this is an excellent primer to network security. Don't go looking for hard core technical details in this one, its targeted at people who understand the basics of networking but want to be shown their way around the complex world that makes up information security. What you'll get here are solid facts, a lot of tried and tested 'best practices', and a slickly executed demonstration of how real world tools work.
Skoudis has a way of illustrating concepts very clearly, if he uses a technical term, he will invariably give a laypersons explanation for it before proceeding. That said, I would have liked it if he applied the same practical approach that he uses for demonstrating attackers tools to showing how to secure the systems. It would also have been nice if the CD had come bundled with Realplayer (which is required to view the videos).