Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Cyber operations : building, defending, and attacking modern computer networks
O’Leary M., Apress, New York, NY, 2015. 744 pp. Type: Book (978-1-484204-58-0)
Date Reviewed: Jul 27 2016

Among the wide range of literature available on the topic, this book distinguishes itself for its practical and didactical cut, which gives the reader an overarching introduction to cyber operations, guiding him through the setup, attack, and defense of computer networks.

Cybersecurity, or computer security, is becoming increasingly important, and there is growing concern about it: commercial, government, and nongovernmental organizations from all private and public sectors, such as finance, healthcare, and retail, have to face cybersecurity issues to the extent they have to manage increasing volumes of data.

The way this manual is conceived is meant to support the learning of cyber operations through direct “hands-on” practice on systems as they were used between 2008 and 2013. Most of the tools and versions analyzed and attacked in the book are outdated and should have been patched today; however, the tools and techniques described can be easily adapted to the systems in use today.

The initial part of the book is a tutorial on how to install and set up a system environment using virtualization tools such as VMWare Workstation or VirtualBox. Several operating systems are discussed, including many Linux distributions and different versions of Windows, all including a complete ecosystem with Firefox, Java, and Flash Player.

Metasploit (a tool for developing and executing exploit code against a remote target machine) is used to demonstrate possible attacks to those systems; then, other tools such as Wireshark are used to dissect the attacks and show how to detect and analyze the signs left by attackers, and ultimately how to defend the systems.

The core part of the book extends the analysis from systems to complex networks, touching topics such as DNS, BIND, and Active Directory, and introducing tools and techniques to scan networks and attack them.

An entire chapter is dedicated to the analysis of logging in Windows and Linux systems. Finally, the focus moves to web servers and applications, and corresponding attacks, introducing the installation of Apache and IIS on Windows and Linux systems. Interesting applications such as PHP, MySQL, and MariaDB are installed and configured; common attacks (such as Heartbleed) are discussed; and countermeasures are described.

The book is very detailed and offers the reader an opportunity to move from theory to practice and gain a deeper understanding of actual cybersecurity issues. It cannot be considered exhaustive on the topic, especially because in this fast-paced world systems, vulnerabilities, and exploits change too rapidly to be captured in a book; however, it offers all the instruments needed for the first steps in cyber operations and gives the reader the basic knowledge required to continue learning about current systems and applications. I would definitely recommend it for anybody who is interested in cybersecurity matters and wants to have a peek into the practical aspects of this topic.

More reviews about this item: Amazon

Reviewer:  Diego Merani Review #: CR144639 (1611-0771)
Bookmark and Share
 
Security and Protection (C.2.0 ... )
 
 
Network Operations (C.2.3 )
 
 
Security and Protection (K.6.5 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Introduction to data security and controls (2nd ed.)
Edward R. I., QED Information Sciences, Inc., Wellesley, MA, 1991. Type: Book (9780894353864)
Aug 1 1992
Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
Davies D., Price W., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471900634)
Oct 1 1985
The development and proof of a formal specification for a multilevel secure system
Glasgow J., Macewen G. ACM Transactions on Computer Systems 5(2): 151-184, 1987. Type: Article
Oct 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy