The phrase think like a hacker is bandied about incessantly. For most people, they can’t think like a hacker any more than they could think like a podiatrist or a CPA.
With that, in Network Attacks and Exploitation: A Framework, (Wiley 978-1118987124), author Matthew Monte has written a great guide that while it won’t help you think like a hacker; it will provide you with the knowledge of how to secure your network, such that hackers will hopefully find an easier playground.
Monte takes a holistic approach and integrates a number of strategies to incorporate both an information security offensive and defensive approach to create a secure network.
The book starts off with an introduction to computer network exploitation (CNE). Monte writes that CNE is simply the latest reincarnation of espionage. As more and more of the worlds political, economic and military information is being stored on networks, and these are often insecure networks; a framework for organizing and analyzing CNE becomes necessary to national and corporate security interests.
Monte is a fan of military theorist Carl von Clausewitz and quotes him a number of times in the book. An interesting point he makes in reference to creating a secure network, based on von Clausewitz, is that in theory, defending should be easier than attacking. The reason being that the defense has the negative objective to maintain the status quo. While the offense must effect some whence while being resisted. But in the digital world, attackers working on the offense, nearly always have the upper hand, since they have more knowledge and tools to use against insecurely designed networks.
Creating a secure and resilient network is something that takes time, as the book notes. Monte’s main approach to build security in by creating an offensive strategy. Far too many organizations just want to buy hardware and software, without knowing what they are securing their network against. He writes that crafting an offensive strategy requires asking the right questions, and then proceeds to list about 50 essential questions. Answering these questions and customizing the response are fundamental to building a secure network.
Those looking to understand how they can create a high-level roadmap to build effective security into their networks will find Network Attacks and Exploitation: A Framework a helpful resource. At 170 pages, it’s not a comprehensive guide to designing secure network. But for those looking for a great introduction to the topic, it’s an essential one.