Hot Best Seller

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks

Availability: Ready to download

There are many ways that a potential attacker can intercept information, or learn more about the sender, as the information travels over a network. Silence on the Wire uncovers these silent attacks so that system administrators can defend against them, as well as better understand and monitor their systems. Silence on the Wire dissects several unique and fascinating securit There are many ways that a potential attacker can intercept information, or learn more about the sender, as the information travels over a network. Silence on the Wire uncovers these silent attacks so that system administrators can defend against them, as well as better understand and monitor their systems. Silence on the Wire dissects several unique and fascinating security and privacy problems associated with the technologies and protocols used in everyday computing, and shows how to use this knowledge to learn more about others or to better defend systems. By taking an indepth look at modern computing, from hardware on up, the book helps the system administrator to better understand security issues, and to approach networking from a new, more creative perspective. The sys admin can apply this knowledge to network monitoring, policy enforcement, evidence analysis, IDS, honeypots, firewalls, and forensics.


Compare

There are many ways that a potential attacker can intercept information, or learn more about the sender, as the information travels over a network. Silence on the Wire uncovers these silent attacks so that system administrators can defend against them, as well as better understand and monitor their systems. Silence on the Wire dissects several unique and fascinating securit There are many ways that a potential attacker can intercept information, or learn more about the sender, as the information travels over a network. Silence on the Wire uncovers these silent attacks so that system administrators can defend against them, as well as better understand and monitor their systems. Silence on the Wire dissects several unique and fascinating security and privacy problems associated with the technologies and protocols used in everyday computing, and shows how to use this knowledge to learn more about others or to better defend systems. By taking an indepth look at modern computing, from hardware on up, the book helps the system administrator to better understand security issues, and to approach networking from a new, more creative perspective. The sys admin can apply this knowledge to network monitoring, policy enforcement, evidence analysis, IDS, honeypots, firewalls, and forensics.

30 review for Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks

  1. 5 out of 5

    Nick Black

    Amazon 2008-07-12, recommendation from a friend. An InfoSec book with truly new perspectives, let alone detailed technique, is one of the world's great rarities -- we Defenders of the True Faith, protecting the Internet and her citizens, normally must scour the academic literature, hunt down the deep Webs running on zombied machines for the lancing, draining, and strip-mining of information on Romanian, Russian, and Chinese efforts, and perform our own small researches and inquisitions under nigh Amazon 2008-07-12, recommendation from a friend. An InfoSec book with truly new perspectives, let alone detailed technique, is one of the world's great rarities -- we Defenders of the True Faith, protecting the Internet and her citizens, normally must scour the academic literature, hunt down the deep Webs running on zombied machines for the lancing, draining, and strip-mining of information on Romanian, Russian, and Chinese efforts, and perform our own small researches and inquisitions under night-roiled skies, hidden in shadows, CAT-5e umbilical cords tethered to a world that might as well not exist aside from the content it sends careening through the Backbone at two-thirds the speed of light. Ή ταν ή επί τας: either this, or upon this: the words of Spartan mothers (according to Plutarch) to their warrior-children, marching within the sharp orthogonals of the phalanx... Excuse me, I ramble. Zalewski has put together a fine book, packed with sophisticated and inventive attacks and defenses. I can pretty well assure even the most skillful and aware NetWarrior will find something in here worth the price of admission. Go find it used.

  2. 5 out of 5

    Nick

    This is probably the best-written guide to how networks and operating systems themselves work, and how knowledge of how these things do what they do in their own special way reveals much about what specifically is doing the talking. If that makes any sense. I loved it.

  3. 5 out of 5

    Alexei

    Silence on the Wire provides fascinating insight into security - rather than discussing the traditional security issues, rooted largely in implementation bugs, it discusses how the design of the fundamental protocols and technologies of the Internet creates room for subtle and sophisticated uses above and beyond what their designers intended.

  4. 5 out of 5

    Simmoril

    Absolutely fantastic book, a great survey of network analysis and passive reconnaissance. Zalewski's insights are ingenious. A definite must read for anyone studying network security.

  5. 5 out of 5

    Dozo

    Silence on the Wire's topic, passive listening to determine the information processed by a system, has never been more topical than now. I was looking forward to reading a book that illustrates some of these attack vectors and maybe some feasible usage and defence scenarios. In reality though, this book is about 80% basic computer science and 20% computer security. The strange things is that most of the basic computer science is pretty irrelevant to the actual attacks which are described at a high Silence on the Wire's topic, passive listening to determine the information processed by a system, has never been more topical than now. I was looking forward to reading a book that illustrates some of these attack vectors and maybe some feasible usage and defence scenarios. In reality though, this book is about 80% basic computer science and 20% computer security. The strange things is that most of the basic computer science is pretty irrelevant to the actual attacks which are described at a high level with a little application and defence. I couldn't work out why there was so much on boolean arthmetic and many other topics when it was barely used in the attacks. Although it's still a good resource to get some ideas of different passive attacks, the amount of padding doesn't render it as a particularly engaging book. I also found there was a lack of organisation; nothing really builds up to a whole. Attacks are arranged arbitrarily and some major pieces are glossed over. I can't help but feel it could be reduced by 60% and made into a short guide to different types of attack.

  6. 4 out of 5

    Jarek

    I came in a little skeptical: it's a book from 2005, and I already knew how Ethernet works and why you should make sure your encryption runs in constant time. But this was legitimately an interesting read, with many points and takeaways still interesting and applicable in 2017. If the idea of _understanding_ what the computer is doing -- and what implications that has on all kinds of security -- appeals to you, it's a book for you.

  7. 5 out of 5

    Jason Harper

    This was an interesting overview of how infomation is processed from the local system, to the local network, and then the Internet. The author does a good job of explaining how the various protocols were designed and the vulnerabilities built into these implementations, along with some possible threats. I would definitely recommend this book to someone getting started in network security.

  8. 4 out of 5

    Alex Gyoshev

    An awesome book. I understood quite a bit about TCP/IP, what can be learned from modem lights, and why my dial-up modem made those funny noises, all these years ago. A lot can be learned about a network by only listening, and this book shows how.

  9. 4 out of 5

    Nikolay Ivanov

    I love how this book describes how the internet became what its now. I would suggest it for a getting started for anyone doing anything related to the web and not only.

  10. 4 out of 5

    Box2

    One of the best hacking books I have ever read. Absolutely mandatory for infosec professionals and hackers.

  11. 4 out of 5

    Sara Rocutto

    Libro che non ho finito, ma che ho assai apprezzato: è abbastanza tecnico, ma se qualcuno desidera farsi un'idea del mondo della sicurezza informatica... c'è di che stupirsi!!

  12. 5 out of 5

    Hugh Smalley

    Author Michal Zalewski is respected in the hacking and security communities for his\n intelligence, curiosity and creativity, and this book is truly unlike anything else.\n Silence on the Wire is no humdrum white paper or how-to manual for protecting\n one's network. Rather, this narrative explores a variety of unique, uncommon and\n often elegant security challenges that defy classification and eschew the traditional\n attacker-victim model. There are many ways that a potential attacker can inte Author Michal Zalewski is respected in the hacking and security communities for his\n intelligence, curiosity and creativity, and this book is truly unlike anything else.\n Silence on the Wire is no humdrum white paper or how-to manual for protecting\n one's network. Rather, this narrative explores a variety of unique, uncommon and\n often elegant security challenges that defy classification and eschew the traditional\n attacker-victim model. There are many ways that a potential attacker can intercept information, or learn more about the sender, as the information travels over a network. Silence on the Wire uncovers these silent attacks so that system administrators can defend against them, as well as better understand and monitor their systems. *Silence on the Wire* dissects several unique and fascinating security and privacy problems associated with the technologies and protocols used in everyday computing, and shows how to use this knowledge to learn more about others or to better defend systems. By taking an indepth look at modern computing, from hardware on up, the book helps the system administrator to better understand security issues, and to approach networking from a new, more creative perspective. The sys admin can apply this knowledge to network monitoring, policy enforcement, evidence analysis, IDS, honeypots, firewalls, and forensics.

  13. 4 out of 5

    André

    MUSIC IS THE SILENCE BETWEEN THE NOTES (DEBUSSY) Dokumentiert das kreative Ausnutzen unbeabsichtigter Nebeneffekte in informationstechnischen Produkten; viele (konkrete) Anwendungsbeispiele waren zuletzt zwischen 1997-2004 relevant, manche sind es noch. Die Ansätze, um von einem Gegner unbeabsichtigte Auskünfte über ein Zielobjekt zu gewinnen, sind zumindest prinzipiell übertragbar: Unaufmerksame Entwickler, unvollständige Spezifikationen, kryptoanalytische Naivität und logische Fortgänge bestimm MUSIC IS THE SILENCE BETWEEN THE NOTES (DEBUSSY) Dokumentiert das kreative Ausnutzen unbeabsichtigter Nebeneffekte in informationstechnischen Produkten; viele (konkrete) Anwendungsbeispiele waren zuletzt zwischen 1997-2004 relevant, manche sind es noch. Die Ansätze, um von einem Gegner unbeabsichtigte Auskünfte über ein Zielobjekt zu gewinnen, sind zumindest prinzipiell übertragbar: Unaufmerksame Entwickler, unvollständige Spezifikationen, kryptoanalytische Naivität und logische Fortgänge bestimmter Entwurfsentscheidungen, die sich missbrauchen aber dank gewachsenem Überbau nicht leicht korrigieren lassen, begleiten die IT weiterhin (heute z.B. Keylogger auf Basis von Smartphone-Sensoren und Machine Learning, Metadaten-basierte Rekonstruktionen oder Cache/Timing-basierte Seitenkanalangriffen wie Meltdown und Spectre). Einige Techniken wurden gegen Produktivsysteme probiert, andere in Testumgebungen oder nur hypothetisch weitergedacht, die technischen Grundlagen für jeden Ansatz werden im Vorfeld eingeführt, kann man unnötig finden, sind aber meist knapp und sympathisch beschrieben (Logikgatter aus Holz). Zalewski beginnt ganz nah mit der verräterischen Stille zwischen Tastenanschlägen (timing patterns) und endet bei weit entfernten Rechnern in komplexeren Netzwerken. Silence on the Wire behandelt die technische Aufklärung (reconnaissance) - vor allem durch Fingerprinting und Timing-Patterns, nebst Emission-Attacks oder Dateileaks (nicht-genullte Puffer, Autofills oder zB. Rechneradressen in v1-GUIDs). In Mülleimern, sozialen Netzwerken oder Google-Ergebnissen wird nicht gewühlt, Social Engineering ist auch kein Thema. Hatte Freude mit dem Buch, vieles war mir mehr oder weniger bekannt, und wo weniger, passt es gut, dass Zalweski nicht mit technischen Details geizt. Fav-Kapitel waren "Strange Attractors ..." über Phasenraumrekonstruktion, und Parasitic bzw. Volatile Computing. Weiteres siehe Goodreads-Leseverlauf (meine Kapitelzusammenfassungen).

  14. 5 out of 5

    Koleś

    Despite the fact that this book is a little old as for the IT book about security, it is still an interesting read. Different look at security problems

  15. 4 out of 5

    Russ

    This book is probably one of my favorite books on security. Many security books rehash old topics that have almost been covered time and time again but this one does not. Fortunately, Michal Zalewski takes a very interesting approach to security. It is a very unique book because he takes a look at security vulnerabilities that involve passive reconnaissance. I really enjoyed learning about typing timing patterns, the blinking light vulnerability on modems and parasitic storage (and computing) we This book is probably one of my favorite books on security. Many security books rehash old topics that have almost been covered time and time again but this one does not. Fortunately, Michal Zalewski takes a very interesting approach to security. It is a very unique book because he takes a look at security vulnerabilities that involve passive reconnaissance. I really enjoyed learning about typing timing patterns, the blinking light vulnerability on modems and parasitic storage (and computing) were my favorite topics covered in his book. One of my favorite parts about the book is that he will begin to go into talking about how a specific piece of technology works (and you will be wondering, okay where is he going with this) and then right at the end you will suddenly understand the significance of it all and why the vulnerability occurs. I also really liked the part where he was talking about NMAP or Port Scans and how since the scanner uses a Linear Congruent Generator to generate the order of the ports to scan randomly I had never thought about how this could actually reveal the attackers time zone because given output from a weak LCG you can recover the seed used in the generator (which is often the time in milliseconds since January 1st 1970 I believe). I know NMAP has attempted to fix this by getting entropy from /dev/urandom but it still would be amazing as a forensic tool when tracking down a malicious attacker. I also thought his section on web bots was a very creative and ingenious paper. Above all this book inspires you to think outside of the book and to realize that seemingly unimportant information might not be so unimportant after all.

  16. 5 out of 5

    Julio Biason

    This is a book about passive detection. Or active detection. Or attacks. I really don't know, because the subject keeps jumping around so much you have no idea the point the author wants to make. There are plenty explanations for stuff, but mostly is dumbed down to the point it doesn't even make sense. Besides that, you have explanations for attacks that sounds really scary/cool (depending on your point of view) but after you think a bit about it, it is really hard to execute and, with the necess This is a book about passive detection. Or active detection. Or attacks. I really don't know, because the subject keeps jumping around so much you have no idea the point the author wants to make. There are plenty explanations for stuff, but mostly is dumbed down to the point it doesn't even make sense. Besides that, you have explanations for attacks that sounds really scary/cool (depending on your point of view) but after you think a bit about it, it is really hard to execute and, with the necessary access to do so, you wouldn't really need this kind of stuff. Also, there is plenty of "this author research" or "a research that yours truly did" that sounds more like "Hey, look how awesome I am" than "you should really worry about this thing". About the edition, there are original articles in their original form, but they are presented in mono spaced font in a weird indentation that doesn't fit any layout you chose (landscape, two columns landscape, portrait). Also, there are chapter footnotes and book footnotes and both follow the same format, which means you will find a "[1]", followed by a "[100]", followed by a "[2]". And the author uses "Too," instead of "Also," which, for a non-native English speaking person like me, sounds strange as hell.

  17. 4 out of 5

    Mark Hillick

    Zalewski is renowned throughout the InfoSec industry for simply being incredible and bringing many new ways of thinking to the industry through his research. In "Silence on the Wire", Zalewksi discusses security vulnerabilities and methods of attack that are simply mind-boggling. Although I've been in InfoSec for quite some time and there are areas of repetition for me, much of the book was fascinating and thought-provoking, from both a defender and attacker mindset. The one downside is that the b Zalewski is renowned throughout the InfoSec industry for simply being incredible and bringing many new ways of thinking to the industry through his research. In "Silence on the Wire", Zalewksi discusses security vulnerabilities and methods of attack that are simply mind-boggling. Although I've been in InfoSec for quite some time and there are areas of repetition for me, much of the book was fascinating and thought-provoking, from both a defender and attacker mindset. The one downside is that the book is quite inaccessible I feel for someone new to InfoSec and may scare them off :)

  18. 5 out of 5

    Ivan

    Genius work focusing on passive recon, and not a very hard read either. The explanation of the thoughts and discoveries behind his ideas is easily as interesting as the real-life examples of how they can be used. If you're trying to protect someone's data, you really NEED to understand what Zalewski has to say. And if you think your data can truly be secure, just try to understand, that is not the world we live in today... I bought this book for myself at HOPE 2006, but it was so good I gave it t Genius work focusing on passive recon, and not a very hard read either. The explanation of the thoughts and discoveries behind his ideas is easily as interesting as the real-life examples of how they can be used. If you're trying to protect someone's data, you really NEED to understand what Zalewski has to say. And if you think your data can truly be secure, just try to understand, that is not the world we live in today... I bought this book for myself at HOPE 2006, but it was so good I gave it to a friend and ordered another.

  19. 5 out of 5

    Nina

    This book focusses on security flaws that exist because of the way something was designed. They may not all be the most commonly exploited flaws, since some aren't so practical to take advantage of, but they sure are interesting to learn about. The book starts right within the heart of the computer and expands all the way out to the internet as a whole. It is less of a practical guide in that it neither really tells you how to exploit something, or how to protect you against said exploit, it mer This book focusses on security flaws that exist because of the way something was designed. They may not all be the most commonly exploited flaws, since some aren't so practical to take advantage of, but they sure are interesting to learn about. The book starts right within the heart of the computer and expands all the way out to the internet as a whole. It is less of a practical guide in that it neither really tells you how to exploit something, or how to protect you against said exploit, it merely seeks to explain how it works because of how things are.

  20. 4 out of 5

    Prasanna

    I read this right after Zalewski got hired by Google as their web security guru. He has good perspective on security engineering and it is reflected in the pages of this book. As we obsess over the things we can see and secure, this book takes the approach of understanding the people, not very unlike Art of Deception in ages past. Not all the vectors are going to be obvious but you need to anticipate them.

  21. 4 out of 5

    Adi

    It is a bit dated, and it will only get more so, but it only means you need to read it as soon as possible. For me it's a good example that an author can get in-depth about a technical subject and keep it interesting at all times. It really gave me some new insights about networking and it-sec. Solid recommendation!

  22. 5 out of 5

    Nemo

    Well another book finished that I have on my 'to-read-urgently' shelf since, well, I don't remember. The only problem is that in the while most of the stuff is REALLY outdated, but still a pleasant read.

  23. 4 out of 5

    Takedown

    A bit dated but still interesting book about cool low level tricks. I was especially fascinated about first part of the book and those hardware hacks.

  24. 4 out of 5

    Xiaolu

    I love the way the author describes the ways in which information that is sent through networks becomes vulnerable to attacks or surveillance.

  25. 4 out of 5

    Ryan Williams

    Poor structure and poorly written as well as a lot of content which was last relevant in 1997.

  26. 4 out of 5

    J.R.

    A great generalist's introduction to the ways information can leak from a system, especially as that system's design becomes more complex.

  27. 4 out of 5

    Andrew

    A fantastic and readable overview of a wide range of passive reconnaissance techniques, mixed with a good dose of computing history.

  28. 4 out of 5

    Kamil Grabowski

  29. 4 out of 5

    Ray

  30. 4 out of 5

    James Tipton

Add a review

Your email address will not be published. Required fields are marked *

Loading...
We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy.