Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Botnets: The Killer Web App", Craig A. Schiller et al

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Botnets: The Killer Web App", Craig A. Schiller et al
Date: Tue, 03 Apr 2007 11:40:17 -0800 
BKBOTNTS.RVW   20070126

"Botnets: The Killer Web App", Craig A. Schiller et al, 2007,
1-59749-135-7,U$49.95/C$64.95
%A   Craig A. Schiller craigs@pdx.edu
%A   Jim Binkley
%A   David Harley david.a.harley@gmail.com
%A   Gadi Evron ge@linuxbox.org
%A   Tony Bradley tony@s3kur3.com
%A   Carsten Willems
%A   Michael Cross
%C   800 Hingham Street, Rockland, MA   02370
%D   2007
%G   1-59749-135-7 978-1-59749-135-8
%I   Syngress Media, Inc.
%O   U$49.95/C$64.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O  http://www.amazon.com/exec/obidos/ASIN/1597491357/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1597491357/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1597491357/robsladesin03-20
%O   Audience i Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   464 p.
%T   "Botnets: The Killer Web App"

I'm starting the review of this book sitting in the Baker Room at the
Microsoft Conference Center, attending ISOI II (the second set of
Internet Security Operations and Intelligence meetings).  We have just
finished singing along with Gadi Evron (who arranged both the
community and the meetings) to an Israeli pop song from a few years
back (and from a band with the oddly appropriate name of Mashina). 
Craig Schiller gave me a copy of the book last night at dinner.  (When
I asked Jim Binkley to autograph it for me he was jealous because he
hasn't yet received his own copy.)  Carsten Willems was here
yesterday, but I haven't seen him to ask him to sign it this morning. 
I'll have to ask for David Harley's autograph the next time he visits
Vancouver.

All of which is by way of saying that it may be difficult to be
objective about this book, but ...

The subtitle of chapter one, "A Call to Action," is correct.  Normally
one would expect a definition of the topic or technology of botnets,
but the text is more of an exhortation to pay attention to the
problem.  The history provided is piecemeal: it does not mention the
early DDoS (Distributed Denial of Service) systems (which were
application-specific botnets) nor the spambotnet wars of 2004.  The
definition of botnets in chapter two tends to be technical, rather
than functional, and the descriptions and categories could be grouped
in a more logical and organized manner.  A variety of alternative
command and control systems are described in chapter three: the
material is well written.  The one weakness is the lack of detail on
the standard IRC (Internet Relay Chat) control system, but this should
probably have been covered more fully in the introductory chapters. 
Chapter four describes some of the major botnet "client" software
families.  The content is too technical to be of use to the average
computer user, but isn't really all that detailed.  Technical
information about a variety of possible indications of botnet activity
is listed in chapter five.

The use of the Ourmon tool for detecting botnet traffic is discussed
in chapters six and seven.  (The structure of the text, and the reason
for two chapters, is not completely clear, although six is more on
installation and seven is more on use.)  Ourmon's examination of IRC
traffic is covered in chapter eight.  Chapter nine deals with more
advanced techniques.

Using the CWSandbox program for malware analysis is examined in
chapter ten.  Software tools, research communities, and other sources
of information are listed in chapter eleven.  Chapter twelve is a
(mostly) philosophical look at how we, as a society, should respond to
botnets.  There is also a brief section on protecting your own
computer so as not to become part of the problem, although assessment
and use of a number of the recommendations would be beyond the
capabilities of the average user.

Botnets are a significant problem, and one which has not been
adequately addressed in the current security literature.  Therefore,
this work is of major importance.  The book does provide a good deal
of useful information for network administrators and security
professionals, although better arrangement of the data and more
technical detail would have been even more helpful.  (The brief
attempts to address individual users are not successful.)  The text is
a decent professional reference, and hopefully it will promote further
attention and activity in this area.  (Security activity.  We don't
need any more botnet activity.)

copyright Robert M. Slade, 2007   BKBOTNTS.RVW   20070126


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
All persons ought to endeavor to follow what is right, and not
what is established.                                     - Aristotle
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Botnets: The Killer Web App", Craig A. Schiller et al, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Date:  [CISSP-D] Shon Harris -- 3rd Edition, Aun Ali Motani
Previous by Thread:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Thread:  [CISSP-D] REVIEW: "The Visible Ops Handbook", Kevin Behr/Gene Kim/George Spafford, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]