Building Open Source Network Security Tools: Components and Techniques

This book was the perfect reference manual for the busy network administrator that needs to quickly create powerful tools to enforce and monitor network security. From concept to implementation Schiffman will give you a thorough understanding of why and how to create open-sourced security tools that you can start using immediately. Using this book as a reference I was able to create a customized network sniffer and a few vulnerability analysis tools. Another great addition to my library that I highly recommend.

This exclusive book by Mike Schiffman, a recognized security authority, will not make a good bedtime reading even for the majority of hardcore security professionals. However, the value of this book is not in how fun it is to read, but in the amazing depth and breadth of network security material.Starting from interesting and original security tool taxonomy - attack, active recon, passive recon and defense -, the book takes the steep road uphill towards the descriptions of several popular security libraries (two written by the book author himself). Libnet (packet injection), libpcap (packet capture), libnids (network IDS development), libsf (OS fingerprinting), libdnet (network parameters manipulation) and openssl (crypto) are covered in the excruciating level of detail. Code and API walkthrough, all functions, variables and primitives are covered complete with usage notes for various platforms. Each chapter is topped off by a complete security tool example, designed and developed using the library. Many pages of superbly commented tool source code are included in the chapter end.Complete code is also provided at the publisher download site. Experimenting with the code is a good part of the fun brought by the book, so download is highly suggested.The book is most useful for those wishing to gain truly in-depth understanding of network security tools and for aspiring tool builders. After all, the book is much easier to read and understand then just plain source, even if well commented.Another bonus is a comprehensive description of buffer overflow and format string exploits, provided in the chapter on attacks and vulnerabilities.The book ends with painfully detailed "firewalk" recon tool description, created by Mike Schiffman. It starts with design (with flowcharts and diagrams) and goes onwards to implementation and code walkthrough. 2200 lines of tool source code conclude this mighty volume.Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

There are many security books on the shelves today. Most of them describe the same hacker tools and methods. They don't get very technical and once you've read one, you've read them all. Building Open Source Network Security Tools is a different breed of security book.Building Open Source Network Security Tools , just as the name suggests, is about how to build network security tools. This is a technical book, so you are going to have a little knowledge of C and your networking principles. This is definitely not a managers book. First the book describes some basic principles in developing security software. This is a quick primer in case you have never been involved in software development. Next the book goes on to describe several commonly used libraries like libnet and libpcap. For each library, the structures and functions are explained, then there is sample code. I have written programs using libpcap and libnet before and I still learned something. There is even a section on OpenSSL programming. OpenSSL is a rather large and cryptic, no pun intended, library (in my experience anyways). This book sheds some light on it! These chapters are a great reference to have when making a new security tool. The author then goes on to explain the several techniques like attack and penetration and active reconnaissance. Not only does the author tell you how they would in a technical sense, he provides code that does it, and explains each piece. This is very useful since most tools in the wild aren't very well commented ;) There is also a chapter on buffer overflows and format string vulnerabilities. These chapters are very well done and do a good job in explaining how they work and how to write code to use them. It may sound like this is an offensive hacker book, but it also gives examples on how to write defensive programs, like a port scan detection tool. At the end of the book the author ties it all together with a large program that utilizes many of the techniques mention in the book. I found this book to be very refreshing. I had been waiting for a good security programming reference, and this is it. As a part of the Honeynet Project, I have seen a large number of compromises and tools, and one thing I've found is that in order to truly know who your enemy is, and how they operate, you need to know how their tools work. I wish this book had been released years ago when I first became interested in network security. It would have saved me from stumbling around old web pages and dead links. If you're an information security professional, this book is a must have for your library.

It looks like I can now pull down all the pcap and libnet source (and header) file printouts which are taped around my cube. This book is the reference book that I have been looking for. *The* definitive reference book for libnet, pcap, openssl, and more. Great book!

Finally! I have needed this book for years. This book works as a good reference or a how to book for those who need custom network security tools. It helped me finish a tool that I have been working on for months. This will become a standard book for all security professionals.