Dissecting the Hack: The F0rb1dd3n Network approaches the subject of hacking in an interesting way.
Part fiction, part reference manual, its target audience are people who want to or should know more about information security, but can't keep their attention onto the subject for long enough to learn or can't translate technical details into a believable, realistic scenario.
About the authors
Jayson E Street is a current member on the Board of Directors for the Oklahoma "InfraGard", VP for ISSA OKC and has been a longtime member of the Netragard "SNOsoft" research team. Former consultant with the FBI and Secret Service on attempted network breaches, he is a well-known information security speaker at a variety of conferences, and the co-founder of ExcaliburCon.
Kent Nabors is a VP of Information Security for a multibillion dollar financial institution. His background includes security policy development, systems implementation, incident response, and training development.
Brian Baskin is a digital forensics professional employed by CSC and serves as the Deputy Lead Technical Engineer with the Defense Cyber Investigations Training Academy. He devotes much of his time to researching the evolving Internet crimes, network protocol analysis, and Linux and Unix intrusion responses.
Inside the book
This book consists of two parts, and both tell the same story.
The first part - called "The F0rb1dd3n Network" - is a short (some 125 pages long) thriller that sees Bob and Leon, two kids with plenty of knowledge about the digital world, get caught up in a rather realistic case that starts as industrial espionage and ends as…well, you'll have to discover it for yourself.
The second part has been titled "Security Threats Are Real", and is a companion piece to the first part. In it, tools and techniques used by the characters in the fictional part are explained, and details, resources and references are given so that the reader can see that all these things are possible in the real world - and, hopefully, have that realization sink in.
You can read the book in any way you want. Fiction first, then the reference manual - or the other way around. You can also wade through both of them simultaneously. If you're already somewhat familiar with concepts such as log analysis, wardriving, wireless scanning, authentication security, traffic obfuscation and the like, you can read the fiction part first and then go through the manual after that.
But, if these words make you draw a blank, I would recommend reading the story and stopping to check each reference when it pops up. When that happens, you'll be offered a page number that tells you which part of the manual to consult to understand what the characters are doing or talking about. This way, the happenings in the story will hopefully keep you interested enough to search for the answers in the back of the book.
I remember when this book first came out last year, and was almost immediately pulled because it turned out that the technical editor plagiarized most of the STAR section. But, I'm glad to see that the authors weren't sidetracked by this unfortunate event and produced - along with a new technical editor - a really good book.
This book delivers on what it promises to do, and is perfect for those who are only starting out to learn more about the subject of information security. The references and the explanations in the STAR section offer technical details but they do it in a very comprehensible way, which should please the readers. As far as experienced security professionals go, they can pick up the book as a fun, short piece of fiction, but I doubt they will learn something they didn't already know.