Silence on the Wire et plus d'un million d'autres livres sont disponibles pour le Kindle d'Amazon. En savoir plus

Acheter neuf

ou
Identifiez-vous pour activer la commande 1-Click.
Acheter d'occasion
D'occasion - Comme neuf Voir les détails
Prix : EUR 4,58

ou
 
   
Amazon Rachète votre article
Recevez un chèque-cadeau de EUR 4,50
Amazon Rachète cet article
Plus de choix
Vous l'avez déjà ? Vendez votre exemplaire ici
Désolé, cet article n'est pas disponible en
Image non disponible pour la
couleur :
Image non disponible

 
Commencez à lire Silence on the Wire sur votre Kindle en moins d'une minute.

Vous n'avez pas encore de Kindle ? Achetez-le ici ou téléchargez une application de lecture gratuite.

Silence on the Wire - A Field Guide to Passive Reconnaissance and Indirect Attacks [Anglais] [Broché]

Michal Zalewski
4.0 étoiles sur 5  Voir tous les commentaires (1 commentaire client)
Prix : EUR 31,79 Livraison à EUR 0,01 En savoir plus.
  Tous les prix incluent la TVA
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Il ne reste plus que 5 exemplaire(s) en stock (d'autres exemplaires sont en cours d'acheminement).
Expédié et vendu par Amazon. Emballage cadeau disponible.

Formats

Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 17,40  
Broché EUR 31,79  
Broché --  
Vendez cet article - Prix de rachat jusqu'à EUR 4,50
Vendez Silence on the Wire - A Field Guide to Passive Reconnaissance and Indirect Attacks contre un chèque-cadeau d'une valeur pouvant aller jusqu'à EUR 4,50, que vous pourrez ensuite utiliser sur tout le site Amazon.fr. Les valeurs de rachat peuvent varier (voir les critères d'éligibilité des produits). En savoir plus sur notre programme de reprise Amazon Rachète.

Offres spéciales et liens associés


Descriptions du produit

Silence on the Wire Written by a well-known figure in the security/hacking community, this book stimulates readers to think more creatively about security problems and focuses on non-trivial and significant problems, not hype. The captivating narrative examines the journey of a packet of information, from input to destination, the secrets it divulges, and the security problems it faces along the way.

Détails sur le produit

  • Broché: 312 pages
  • Editeur : No Starch Press (15 avril 2005)
  • Langue : Anglais
  • ISBN-10: 1593270461
  • ISBN-13: 978-1593270469
  • Dimensions du produit: 23,5 x 18 x 2,2 cm
  • Moyenne des commentaires client : 4.0 étoiles sur 5  Voir tous les commentaires (1 commentaire client)
  • Classement des meilleures ventes d'Amazon: 133.656 en Livres anglais et étrangers (Voir les 100 premiers en Livres anglais et étrangers)
  •  Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?


En savoir plus sur l'auteur

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Dans ce livre (En savoir plus)
Parcourir les pages échantillon
Couverture | Copyright | Table des matières | Extrait | Index | Quatrième de couverture
Rechercher dans ce livre:

Commentaires en ligne 

5 étoiles
0
3 étoiles
0
2 étoiles
0
1 étoiles
0
4.0 étoiles sur 5
4.0 étoiles sur 5
Commentaires client les plus utiles
4.0 étoiles sur 5 Excellent livre 15 octobre 2006
Par Pierre
Format:Broché
Un excellent livre à vocation moyennement technique mais qui donne de nombreuses idées et directions de recherche en sécurité. Préface du célébre "solar designer"... Bref, livre très sympathique !
Avez-vous trouvé ce commentaire utile ?
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.5 étoiles sur 5  30 commentaires
64 internautes sur 69 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Very helpful for senior technical security workers 25 avril 2005
Par Stephen Northcutt - Publié sur Amazon.com
Format:Broché
If you have been a senior technical analyst in an infosec shop for several year, you have seen most of this before, in fact some of it has been published before. However, I have never seen so much information in one place on the subject of passive reconnaissance. Who needs horror movies? Read this book and follow it up with Black Ice by Verton and you probably will not sleep for a week!

If you work in information warfare, this should be mandatory reading! If you are responsible for very high value targets like Walmart's dataprocessing, or Intel's or Citibank's it is imperative that you read Zalewski's work page by page.

I don't think the book will work for those new to networking and technical security. It almost could but the book's layout reads more like a thesis, or an IEEE journal paper than a helpful book that teaches and equips. I do this stuff for a living and had to stop several times and say, "OK what is the point".

If this goes to second printing or second edition, I recommend the use of tools such as text boxes and callouts to make the main points easier to follow.

Chapter 9 was the biggest disappointment. The author is truly an expert and could have taught the reader so much more about the interpretation of the header fields.

However, those are nits, no book can be perfect. The book is well worth the money for the right reader! I am glad I got to read it and will recommend it for the SANS conference book store!
32 internautes sur 34 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 A mix of novel insights backed by standard background details 20 mars 2006
Par Richard Bejtlich - Publié sur Amazon.com
Format:Broché
I received Silence on the Wire (SOTW) almost one year ago. When I first tried reading the book, I couldn't get past Ch 1. In fact, I didn't try reading anything for three months, hoping I could re-engage SOTW. Eventually I put SOTW aside and read other books, only to return to SOTW this week. I'm glad I gave SOTW a second chance. There's plenty to like in this book if you look for the details that interest you.

Don't get me wrong; SOTW is one of the most innovative and original computing books available. You will find it even more interesting if you are not familiar with many of the works the author summarizes or describes. Those of you who have been active for the last 5-10 years will recognize research on poor Initial Sequence Numbers, various timing attacks, remotely counting hosts behind NAT, and so on. In some cases the author added novel insights to this old research, or presented related but obscure new variations. NAT detection via MSS clamping (Ch 11) is one example.

In some cases the author describes really cool techniques based on research I had not encountered. Parasitic storage and getting remote hosts to solve computational problems (Ch 16) are amazing ideas. Kudos to the author for including a bibliography, with references to many interesting papers.

SOTW suffers from one major flaw. SOTW sometimes wastes far too much time getting to "the point." For example, Ch 2 spends 20 pages explaining internal CPU workings and logic gates before finally talking about timing attacks. This bothered me on two fronts. One, many readers do not need a rehash of computing basics. Two, I was less inclined to slog through those 20 pages because I did not know why they were included.

This tendency to spend far too much time on background material appears in other SOTW chapters. Ch 5 spends 15 pages on modems and Ethernet before getting to "the point." (Ch 6 also repeats Ethernet basics.) Ch 9 includes way to many pages describing IP, UDP, TCP, and ICMP headers -- basic data found in any introductory networking book. Ch 14 describes the Web, HTTP, cookies, etc. The truth is that computing newbies are not going to appreciate many deeper insights in SOTW. If one accepts the premise that the audience must be intermediate-advanced to like the book, why waste their time on basic material?

I found only a few minor flaws. First, the author repeatedly starts sentences with "Too,". That should have been edited out. Second, p 80 states that "20 meters" is "just under 100 feet". It's more like 66 feet. On p 194 we read that sending a SYN packet to a closed port elicits a "RST". I see this frequently in networking books, which is frustrating; a SYN to a closed port elicits a RST ACK. (The authors uses the correct terminology later in the book, however.) On pp 130-131 the text and a table claims that TCP sequence numbers are "echoed back" in the SYN ACK and ACK segments. This isn't the case, as the numbers are incremented, not echoed. On p 129 the author repeats the claim that Kevin Mitnick used a TCP spoofing attacking against Tsutomo Shimomura, although that is most likely not true.

Overall, SOTW is a fascinating book. The intended audience will probably find it most rewarding to skim the text for valuable insights, and skip details on the basics of VLANs, STP, DTP, and the like. On a philosophical level, SOTW's frequent invocation of Turing and other luminaries reminded me that computer science is not the same as computer operations. Universities that churn out computer scientists are producing students not likely able to cope with the reality of intruders exploiting methods outlined in SOTW.
34 internautes sur 39 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Deep and penetrating look at security 19 juillet 2005
Par Ben Rothke - Publié sur Amazon.com
Format:Broché
Irrespective of the myriad proclamations of systems or products being hackerproof, bulletproof and the like; given enough time and money, everything is breakable. Security purists may argue that one-time pads are provably and perfectly secure. While that is correct in the pristine halls of academic cryptography, the real world is littered with many one-time pads of dubious security.

The fact that everything is breakable from an information security perspective is good news to Luddites and bad news for the paranoid. Hopefully, most people fall between those two opposites and with that, Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks is an fascinating book on knowing when to be suspicious and when to be complacent.

The premise of the book is that there are countless ways that a potential attacker can intercept information and sniff data. The title points out that these silent stealth-like attacks are often difficult to detect, and all the more so to defend against. The better you understand the threats, the better you can monitor and defend against them.

The author writes about his work with data reconnaissance and details how computers and networks operate, with a special emphasis on how they process and transmit data. With such transmissions, there are significant security threats; which is what this book details.

Make note that this is not a For Dummies type of book. It is written for security engineers and experienced system administrators that have a heavy background in networking and security. Electronic engineers will feel very much at home with the many schematics and encodings in the code. The book is written for those that are very comfortable with programming and complex networks.

The books 260 pages contain four parts and 18 chapters. Part one details the long journey that a keystroke takes. Between the keyboard and the ultimate destination of the data, there are myriad ways the data can be misappropriated. These include traditional attacks, in addition to protocol attacks and problems with the CPU.

Part 2 details how data is transmitted and the various avenues of attack that can be launched against the data. Note that the subtitle of the book is a field guide to passive reconnaissance and indirect attacks. The book is all about the passive types of attacks that are often quite prevalent, yet overlooked. In the section The Art of Transmitting Data, the author details the electronic mechanisms on how data traverses a network and the avenues of attacks. One of the easiest attacks is the monitoring of modem or router lights. With the proper analysis and deduction, an attacker can surmise a significant amount about the nature of the traffic.

Part 2 closes with an interesting overview of how to provide better security to switched Ethernet networks. The author notes that that Ethernet networks don't provide a universal and easy way to ensure the integrity and confidentiality (two pillars of security) of the data they transmit, or are they engineered to withstand malicious, intentionally injected traffic. Ethernet is simply a means for interfacing a number of local, presumably trusted systems. With such a premise, it is no wonder that security issues abound.

Part 3 spends about 100 pages on routing and security issues involved with TCP/IP. While there is not a significant amount of new information in these chapter (passive fingerprinting, fragmentation attacks, sequence number issues and more have been heavily documented), it provides a good overview of the inherent insecurity with the TCP/IP set of protocols.

Part 4 is closes with the authors notion of parasitic computing, which is when computations and storage in normal network traffic are hidden. With parasitic computing, data can be stored in mail queues and ICMP echoes, where remote hosts perform remote computations on them.

If you are looking for a book on quick tips to securing your network, Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks will not fill your need. This is a book written for those that want to know what goes on deep in the recesses of their computers, switches and network protocols. After reading the book, some may view it as an exercise in theoretical problems that bare little resemblance to the real world. But the fact is that many security problems that are originally labeled as theoretical and academic, end up being quite practical and devastating. Many software vendors will reply to a threat with a reply that it only applies to a lab scenario, only to quickly retreat and create a patch.

On the down side, the book can be dry at times. When you combine mathematical formulas, electronic engineering and abstract computer security, the book occasionally reads like James Joyce.

Overall, Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks is a most valuable book. It is a densely back whirlwind of deep technical information that gets to the very underpinning of computer security. Silence on the Wire makes you think about serious security problems that you never thought of before, or were even aware existed. Read it and get ready to be humbled.
16 internautes sur 17 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 The best (most unique, most interesting) security book I've read, period. 1 octobre 2005
Par Solinym - Publié sur Amazon.com
Format:Broché|Achat vérifié
I have an extensive library of computer security books, and this is by far the most interesting, most novel, most entertaining computer security book I own. I am actually going through each of the footnotes, reading every paper mentioned in the book. This books is not a textbook for system cracking or defending your system, like O'Reilly's Practical Unix and Internet Security (my second favorite security book). Instead Zalewski has gone somewhere entirely new, showing how your computer leaks information to other parties without 99.999% of the population realizing it. I do network security for a living, am a privacy fanatic, and figured I'd learn a few new things. I was overwhelmed by the amount of new information I learned. Reading this book was a humbling yet exhilirating experience. Some of the sections are written so clearly a lay person could understand them, but other sections assume a great deal of knowledge of computer lore, particularly TCP/IP networking. Buy this book, then run silent, run deep.
13 internautes sur 14 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 This One Goes On The Short List of 24 juillet 2005
Par sixmonkeyjungle - Publié sur Amazon.com
Format:Broché
Excellent!

Zalewski's book is packed with information. The level of detail and technical difficulty of a lot of the information seem to make the book geared more toward those already familiar with computer security and information warfare rather than security novices. Those who are familiar with computer and network security may feel that parts of the book are too basic or beneath the level they are looking for, but Zalewski generally has a goal in mind and is just laying the groundwork to build up to it.

Most people in computer security, and even home users with little understanding of network security, are familiar with the major types of overt attacks (viruses, worms, phishing scams, spyware, etc.) and the countermeasures to protect their systems (antivirus, antispyware, firewalls, IDS, etc.), but this book uncovers the ominous volumes of data that can be extracted and exploited using passive reconnaissance techniques.

The book is called a "Field Guide" in the subtitle and it reads more or less like one. It provides the information and details you need in the trenches to wage an effective war against information insecurity. This is one that I would dub a "must read" for anyone working directly with network security.

[...]
Ces commentaires ont-ils été utiles ?   Dites-le-nous
Rechercher des commentaires
Rechercher uniquement parmi les commentaires portant sur ce produit

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Thème:
Première publication:
Aller s'identifier
 

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon
   


Rechercher des articles similaires par rubrique


Commentaires

Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?