Friday, January 18, 2008

Review of Security Power Tools Posted

Amazon.com just posted my four star review of Security Power Tools by a team of authors, mostly from Juniper. From the review:

I am probably the first reviewer to have read the vast majority of Security Power Tools (SPT). I do not think the other reviewers are familiar with similar books like Anti-Hacker Toolkit, first published in 2002 and most recently updated in a third edition (AHT3E) in Feb 2006. (I doubt the SPT authors read or even were aware of AHT3E.) SPT has enough original material that I expect at least some of it will appeal to many readers, justifying four stars. On the other hand, a good portion of the material (reviewed previously as "the most up-to-date tools") offers nothing new and in some cases is several years old.

3 comments:

dre said...

I couldn't find a bit of overlap between the two books (SPT and AHT3) after hours of comparison. Even the information on Nessus and Nikto didn't overlap.

Care to elaborate more on this?

Also - I don't remember anything significantly out of date in SPT besides mention of PGP Disk. Although it didn't take up much space (two small paragraphs and one picture) and led well into the next section on LUKS, which was very up-to-date.

The material in AHT3 seemed to be much more out-of-date -- are you sure that you don't have these two books confused?

Richard Bejtlich said...

dre,

I didn't say the books were identical. I mean that the authors of SPT seem to think they are writing something original, but AHT has been around for several years. If you want lists of tools discussed in both books, you should try spending your hours of comparison looking a little closer. ISIC, Nikto, Stunnel, Clamav, John the Ripper, VNC, Back Orifice, Nessus, Tripwire, IPFW2, Netfilter, Tcpdump, Ethereal, Snort, Netstumbler, Kismet... is that enough?

I don't think you read the whole review, or else you might understand what I meant by referencing old software... or, given your attitude of late, probably not, unfortunately.

Brian said...

I'd agree with your comments on Grannick's chapter. The rest of the book is really just a collection of 30-40 page white papers on a very wide variety of technical topics. I read the entire book and found many (but not all) chapters to be a good introduction. I think you were generous with four stars.