1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

Silence On The Wire

A Field Guide to Passive Reconnaissance and Indirect Attacks

About.com Rating 4.5 Star Rating

By

Silence On The Wire
There are plenty of overt and direct threats to computer and network security. Intrusion detection, antivirus software and firewall applications are great at monitoring and blocking known or direct attacks. But, lurking in the shadows are a variety of insidious attacks that may go unnoticed. Zalewski provides an in-depth look at passive reconnaissance and indirect attacks and how to protect your systems.

About The Book

FOREWORD
by Solar Designer

INTRODUCTION
A Few Words about Me
About This Book

CHAPTER 1: I CAN HEAR YOU TYPING
Where we investigate how your keystrokes can be monitored from far, far away

CHAPTER 2: EXTRA EFFORTS NEVER GO UNNOTICED
Where we learn how to build a wooden computer and how to obtain information from watching a real computer run

CHAPTER 3: TEN HEADS OF THE HYDRA
Where we explore several other tempting scenarios that occur very early on in the process of communications

CHAPTER 4: WORKING FOR THE COMMON GOOD
Where a question of how the computer may determine the intent of its user is raised and left unanswered

CHAPTER 5: BLINKENLIGHTS Where we conclude that pretty can also be deadly, and we learn to read from LEDs

CHAPTER 6: ECHOES OF THE PAST
Where, on the example of a curious Ethernet flaw, we learn that it is good to speak precisely

CHAPTER 7: SECURE IN SWITCHED NETWORK
Or, why Ethernet LANs cannot be quite fixed, no matter how hard we try

CHAPTER 8: US VERSUS THEM
What else can happen in the local perimeter of "our" network? Quite a bit!

CHAPTER 9: FOREIGN ACCENT
Passive fingerprinting: subtle differences in how we behave can help others tell, who we are

About The Book (Continued)

CHAPTER 10: ADVANCED SHEEP-COUNTING STRATEGIES
Where we dissect the ancient art of determining network architecture and computer's whereabouts

CHAPTER 11: IN RECOGNITION OF ANOMALIES
Or what can be learned from subtle imperfections of network traffic

CHAPTER 12: STACK DATA LEAKS
Where you will find a yet another short story on where to find what we did not intend to send out at all

CHAPTER 13: SMOKE AND MIRRORS
Or how to disappear with grace

CHAPTER 14: CLIENT IDENTIFICATION: PAPERS, PLEASE!
Seeing through a thin disguise may come in handy on many occasions

CHAPTER 15: THE BENEFITS OF BEING A VICTIM
In which we conclude that approaching life with due optimism may help us track down the attacker

CHAPTER 16: PARASITIC COMPUTING, OR HOW PENNIES ADD UP
Where the old truth that having an army of minions is better than doing the job yourself is once again confirmed

CHAPTER 17: TOPOLOGY OF THE NETWORK
On how the knowledge of the world around us may help track down rogue attackers

CHAPTER 18: WATCHING THE VOID
When looking down the abyss, what does not kill us makes us stronger

CLOSING WORDS
Where the book is about to conclude

BIBLIOGRAPHIC NOTES

INDEX

My Review

Excellent!

Zalewski's book is packed with information. The level of detail and technical difficulty of a lot of the information seem to make the book geared more toward those already familiar with computer security and information warfare rather than security novices. Those who are familiar with computer and network security may feel that parts of the book are too basic or beneath the level they are looking for, but Zalewski generally has a goal in mind and is just laying the groundwork to build up to it.

Most people in computer security, and even home users with little understanding of network security, are familiar with the major types of overt attacks (viruses, worms, phishing scams, spyware, etc.) and the countermeasures to protect their systems (antivirus, antispyware, firewalls, IDS, etc.), but this book uncovers the ominous volumes of data that can be extracted and exploited using passive reconnaissance techniques.

The book is called a "Field Guide" in the subtitle and it reads more or less like one. It provides the information and details you need in the trenches to wage an effective war against information insecurity. This is one that I would dub a "must read" for anyone working directly with network security.

©2014 About.com. All rights reserved.