BN.com Gift Guide

Hacking Exposed: Network Security Secrets & Solutions

Overview

About the Author

Stuart McClure, CISSP, CNE, CCSE (Mission Viejo, CA) is President/Founder of Foundstone, Inc., an elite security consulting and training company.
Joel Scambray, CISSP, CCSE (Lafayette, CA) is Managing Principal of Foundstone, Inc., an elite security consulting and training company. Joel is the author of Microsoft's "Ask Us About Security" column.
George ...
See more details below
Available through our Marketplace sellers.
Other sellers (Multimedia Set)
  • All (36) from $1.99   
  • New (3) from $8.50   
  • Used (33) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
Not Currently Available
$8.50
Seller since 2005

Feedback rating:

(1625)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
New

Ships from: Fort Worth, TX

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$8.50
Seller since 2005

Feedback rating:

(1625)

Condition: New
New

Ships from: Fort Worth, TX

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$45.00
Seller since 2014

Feedback rating:

(193)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Sending request ...

Overview

About the Author

Stuart McClure, CISSP, CNE, CCSE (Mission Viejo, CA) is President/Founder of Foundstone, Inc., an elite security consulting and training company.
Joel Scambray, CISSP, CCSE (Lafayette, CA) is Managing Principal of Foundstone, Inc., an elite security consulting and training company. Joel is the author of Microsoft's "Ask Us About Security" column.
George Kurtz, CISSP (Montville, NJ) is CEO/Founder of Foundstone, Inc., an eliete security consulting and training company. He is also a renowned Black Hat speaker and was an Extreme Hacking instructor
Read More Show Less

What People Are Saying

Barnaby Jack
"Whether you're a struggling novice or a seasoned pro--Hacking Exposed, Third Edition is required reading."
--Win32 Buffer Overflow Expert
Lance Spitzner
"A critical step to knowing your enemy is first understanding their tools. Hacking Exposed, Third Edition delivers just that...and more."
--Sun Microsystems GESS Security Team and the coordinator of the Honeynet Project
Marty Roesch
"If there was an Encyclopedia Britannica of computer security, it would be Hacking Exposed, Third Edition."
--creator of the Snort tool
Read More Show Less

Product Details

  • ISBN-13: 9780072193817
  • Publisher: McGraw-Hill Companies, The
  • Publication date: 9/1/2003
  • Series: McGraw-Hill Computer Security Series
  • Edition description: Older Edition
  • Edition number: 3
  • Pages: 729
  • Product dimensions: 7.38 (w) x 9.10 (h) x 1.83 (d)

Meet the Author

Stuart McClure, who recently co-authored Hacking Exposed Windows 2000, brings over a decade of IT and security experience to Hacking Exposed. For almost three years (and to an audience of over 400,000 readers), Stuart co-authored Security Watch (http://www.infoworld.com/security), a weekly column in InfoWorld addressing topical security issues, exploits, and vulnerabilities.

Prior to co-founding Foundstone, Stuart was a Senior Manager with Ernst & Young's Security Profiling Services Group, responsible for project management, attack and penetration reviews, and technology evaluations. Prior to Ernst & Young, Stuart was a Security Analyst for the InfoWorld Test Center where he evaluated almost 100 network and security products specializing in firewalls, security auditing, intrusion detection, and public key infrastructure (PKI) products. Prior to InfoWorld, Stuart supported IT departments for over six years as a network, systems, and security manager for Novell, NT, Solaris, AIX, and AS/400 platforms.

Stuart holds a B.A. degree from the University of Colorado, Boulder, and numerous certifications including ISC2's CISSP, Novell's CNE, and Check Point's CCSE.

Joel Scambray recently co-authored Hacking Exposed Windows 2000, expanding the international best-selling Hacking Exposed series to an unprecedented third title. Joel's writing draws primarily on his years of experience as an IT security consultant for clients ranging from members of the Fortune 50 to newly minted startups, where he has gained extensive field-tested knowledge of numerous security technologies, and has designed and analyzed security architectures for a variety of applications and products. Joel speaks widely on Windows 2000 security for organizations including The Computer Security Institute, The MIS Training Institute, SANS, ISSA, ISACA, and many large corporations, and he also maintains and teaches Foundstone's Ultimate Hacking Windows course. He is currently Managing Principal with Foundstone, Inc. (http://www.foundstone.com), and previously held positions as a Manager for Ernst & Young, Senior Test Center Analyst for InfoWorld, and Director of IT for a major commercial real estate firm. Joel's academic background includes advanced degrees from the University of California at Davis and Los Angeles (UCLA), and he is a Certified Information Systems Security Professional (CISSP).

George Kurtz is the CEO of Foundstone(http://www.foundstone.com), a cutting edge security solutions provider. Mr. Kurtz is an internationally recognized security expert and has performed hundreds of firewall, network, and eCommerce related security assessments throughout his illustrious security-consulting career. Mr. Kurtz has significant experience with intrusion detection and firewall technologies, incident response procedures, and remote access solutions. As CEO and co-founder of Foundstone, Mr. Kurtz provides a unique combination of business acumen and technical security know-how. These requisite skills are used to provide strategic direction to Foundstone, as well as to help clients understand the business impact of security. Mr. Kurtz's entrepreneurial spirit has positioned Foundstone as one of the premier "pure play" security solutions providers in the industry. Mr. Kurtz, who recently co-authored Hacking Linux Exposed, is a regular speaker at many security conferences and has been quoted in a wide range of publications, including The Wall Street Journal, InfoWorld, USA Today, and the Associated Press. Mr. Kurtz is routinely called to comment on breaking security events and has been featured on various television stations including: CNN, CNBC, NBC, FOX, and ABC.

Read More Show Less

Read an Excerpt

Part I: Casing the Establishment

Case Study-Giving Up the Goods

You're excited that your shiny new server with the latest and greatest in hardware just arrived from the factory preconfigured with enough bells and whistles to make it sing. Before you placed your order with (fill in the blank with most any large computer manufacturer), you fastidiously completed the configuration options form indicating you wanted Windows 2000 installed. In addition, you loaded up the server with every eCommerce application needed for deployment. "How handy," you thought. "I can simply order everything I need and ship this server to our data center, and I don't have to configure a thing." Life is good.

Your operations team receives the new server at the data center and follows your instructions to replace the aging NT server with this new one. You exude confidence that your hardware vendor has configured the system with meticulous care, even setting the IP address for you. The switch-over succeeds without a hitch. This customization-by-order takes plug-and-play to a new level, you think. Unfortunately, this takes hacking to a new level as well.

Your super server is actually a leaking sieve of information waiting to be pillaged by any hacker who happens to direct his or her efforts in your direction. With ports like 139 and 445 open to the world, even a novice hacker doesn't have to ask for much more. A quick "anonymous" connection to your server will yield a wealth of information that can be used to determine what users have administrator rights, the last logon date for a user, hidden share information, the last time a password was changed, and if a password is required at all! All of this information can be gleaned-or as we call it, enumerated-via a null session and a few open ports that were determined from footprinting your environment. Scanning and enumerating systems are basic skills most attackers will use to determine if your systems are ripe for picking. Once your system gives up the goods, you are toast.

In our experience, this scenario is all too real and represents a major portion of time spent by determined attackers. The more information that can be gleaned by an attacker, the greater the chances of a successful security breach. While the media likes to sensationalize the "push button" hack, a skilled and determine attacker may take months to footprint and enumerate a target environment before ever executing an exploit. Many users exacerbate this situation by naively trusting hardware manufacturers to securely configure their systems. While some vendors may make token attempts to turn off a service here or there, most systems come out of the box begging to be hacked. Don't get lulled into a false sense of security just because the factory preconfigured your system. Most systems are designed out of the box to reduce support calls, not to keep a hacker out.

The techniques discussed in Chapters 1 through 3 will serve you well. Footprint your own systems before someone with less than honorable intentions does it for you!

Chapter 1: Footprinting

Before the real fun for the hacker begins, three essential steps must be performed. This chapter will discuss the first one-footprinting-the fine art of gathering target information. For example, when thieves decide to rob a bank, they don't just walk in and start demanding money (not the smart ones, anyway). Instead, they take great pains in gathering information about the bank-the armored car routes and delivery times, the video cameras, and the number of tellers, escape exits, and anything else that will help in a successful misadventure.

The same requirement applies to successful attackers. They must harvest a wealth of information to execute a focused and surgical attack (one that won't be readily caught). As a result, attackers will gather as much information as possible about all aspects of an organization's security posture. Hackers end up with a unique footprint or profile of their Internet, remote access, and intranet/extranet presence. By following a structured methodology, attackers can systematically glean information from a multitude of sources to compile this critical footprint on any organization.

What Is Footprinting?

The systematic footprinting of an organization enables attackers to create a complete profile of an organization's security posture. By using a combination of tools and techniques, attackers can take an unknown quantity (Widget Company's Internet connection) and reduce it to a specific range of domain names, network blocks, and individual IP addresses of systems directly connected to the Internet. While there are many types of footprinting techniques, they are primarily aimed at discovering information related to the following environments: Internet, intranet, remote access, and extranet. Table 1-1 depicts these environments and the critical information an attacker will try to identify.

Why Is Footprinting Necessary?

Footprinting is necessary to systematically and methodically ensure that all pieces of information related to the aforementioned technologies are identified. Without a sound methodology for performing this type of reconnaissance, you are likely to miss key pieces of information related to a specific technology or organization. Footprinting is often the most arduous task of trying to determine the security posture of an entity; however, it is one of the most important. Footprinting must be performed accurately and in a controlled fashion.
Internet Footprinting
While many footprinting techniques are similar across technologies (Internet and intranet), this chapter will focus on footprinting an organization's Internet connection(s). Remote access will be covered in detail in Chapter 9.

It is difficult to provide a step-by-step guide on footprinting because it is an activity that may lead you down several paths. However, this chapter delineates basic steps that should allow you to complete a thorough footprint analysis. Many of these techniques can be applied to the other technologies mentioned earlier.

Step 1. Determine the Scope of Your Activities

The first item to address is to determine the scope of your footprinting activities. Are you going to footprint an entire organization, or are you going to limit your activities to certain locations (for example, corporate vs. subsidiaries)? In some cases, it may be a daunting task to determine all the entities associated with a target organization. Luckily, the Internet provides a vast pool of resources you can use to help narrow the scope of activities and also provides some insight as to the types and amount of information publicly available about your organization and its employees.

As a starting point, peruse the target organization's web page if they have one. Many times an organization's web page provides a ridiculous amount of information that can aid attackers. We have actually seen organizations list security configuration options for their firewall system directly on their Internet web server. Other items of interest include

  • Locations
  • Related companies or entities
  • Merger or acquisition news
  • Phone numbers
  • Contact names and email addresses
  • Privacy or security policies indicating the types of security mechanisms in place
  • Links to other web servers related to the organization
In addition, try reviewing the HTML source code for comments. Many items not listed for public consumption are buried in HTML comment tags such as "<," "!," and "--." Viewing the source code offline may be faster than viewing it online, so it is often beneficial to mirror the entire site for offline viewing. Having a copy of the site locally may allow you to programmatically search for comments or other items of interest, thus making your footprinting activities more efficient. Wget (http://www.gnu.org/software/wget/wget.html) for UNIX and Teleport Pro (http://www.tenmax.com/teleport/home.htm) for Windows are great utilities to mirror entire web sites.

After studying web pages, you can perform open source searches for information relating to the target organization. News articles, press releases, and so on, may provide additional clues about the state of the organization and their security posture. Web sites such as finance.yahoo.com or http://www.companysleuth.com provide a plethora of information. If you are profiling a company that is mostly Internet based, you may find by searching for related news stories that they have had numerous security incidents. Using your web search engine of choice will suffice for this activity. However, there are more advanced searching tools and criteria you can use to uncover additional information....

Read More Show Less

Table of Contents

Foreword
Commentary on the State of Network Security
Acknowledgments
Introduction
Pt. I Casing the Establishment
1 Footprinting 3
2 Scanning 29
3 Enumeration 63
Pt. II System Hacking
4 Hacking Windows 95/98, Me, and XP Home Edition 115
5 Hacking Windows NT 141
6 Hacking Windows 2000 219
7 Novell NetWare Hacking 275
8 Hacking UNIX 313
Pt. III Network Hacking
9 Dial-Up, PBX, Voicemail, and VPN Hacking 393
10 Network Devices 441
11 Firewalls 479
12 Denial of Service (DoS) Attacks 503
Pt. IV Software Hacking
13 Remote Control Insecurities 529
14 Advanced Techniques 553
15 Web Hacking 591
16 Hacking the Internet User 635
Pt. V Appendixes
A Ports 695
B Top 14 Security Vulnerabilities 701
Index 703
Read More Show Less

Introduction

Introduction

THE ENEMY IS IGNORANCE
"Observe your enemies, for they first find out your faults."
Antisthenes, Athenian Philosopher, 440 B.C.

Since the dawn of time, we have turned to our elders for knowledge and experience; their direction and guidance has staved off innumerable ills and misfortunes thrust upon us. But in today's esoteric and ever-changing underworld of computer security, few wise sages walk the corporate hallowed halls. The digital soldiers of today don't posses even a vague security roadmap, much less a proven framework for combating these obscure and wily enemies.

To improve your security and fight the enemy, you must know them, befriend them, and learn from them. Hackers are too resourceful and committed to be ignored. Hackers by their very nature continually reinvent themselves and their techniques, often becoming ghosts on the cyberlandscape, next to impossible to follow. Like a virus, they morph and adapt to survive making them painfully difficult to study. The world today is a chaotic digital battlefield. At every turn technology and computers are taking over our everyday world, offering simplified and efficient living, all the while hiding the dark secret that threatens its very existence. The wires that hold the billions of electrons of the Internet hold an enormous secret, one that we have only begun to unravel and expose to the open air: the world of the blackhat hacker. By reading books like Hacking Exposed, and watching and learning from these hackers, you can begin to understand their attacks, how they work, what they do, and what motivates them. Nothing else out there today more empowers security professionals to fight this battle.

Remove the Blinders

Hackers can find your computer on the Internet within 30 minutes. Every second of everyday, malicious hackers are patrolling the digital landscape looking for weak and easy prey. The environment is target rich as few understand security and even fewer can mitigate its risk. Did you know that over 819 vulnerabilities are released into the public every year. How many are you familiar with?

Little is known about this dark underworld and until recently few have had the know-how to discuss their tactics in a public forum such as this. The traditional means of battle require an enemy you can see and touch, one that abides by the laws of engagement and reason; qualities unknown in today's cyberanarchy. As security professionals, we are called to assess the scope of an attack, help companies recover from compromise, and provide concrete steps for hardening computer systems. But without knowledge of the enemy, how can we defend ourselves?

The following chapters are not fictional stories concocted by students of drama or horror. They are true techniques and stories about the reality of the digital battlefield in which we are forever immersed. The enemy is at the door, and they're all but invisible to but a few security experts. Within these pages is the advice of those experts. You are about to open yourself to the mind and motivation of the enemy, from which you will learn their motives, their techniques, but most important, you will learn how to defeat them.

What's New in the Third Edition

The digital world moves faster than thought. New hacker tools, techniques, and methodologies surface every hour it seems, and the task of collecting, disseminating, and translating them into English is a formidable challenge. As in the prior editions, we have exhausted ourselves to deliver to you the very latest in technologies and techniques.

New Content Abounds

Among the new items exposed in the third edition:

1. New attacks on 802.11 wireless networks
2. Code Red Worm analysis
3. New attacks on Windows, specifically Windows 2000 and Windows XP/.NET Server
4. Significantly updated eCommerce hacking methodologies
5. Coverage of all the new distributed denial of service (DDoS) tools and tricks
6. New format string vulnerabilities found in Windows and UNIX, which threaten to replace buffer overflows as the most insidious attacks available
7. New updated case studies at the beginning of each part, covering recent security attacks of note
8. Updated coverage of security attacks against Windows 9x, Millennium Edition (ME), Windows NT/2000/XP/.NET Server, UNIX, Linux, NetWare, and dozens of other platforms, with appropriate countermeasures
9. A revised and updated dial-up hacking chapter with new material on PBX and voicemail system hacking, and an updated VPN section
10. The ever-popular companion web site at http://www.hackingexposed.com with links to all tools and Internet resources referenced in the book
11. A CD-ROM with a selection of the top security tools ready to install, live links to the web sites where you can access the latest versions of the security tools mentioned in the book, and a default password database that contains a list of commonly used passwords

Easy to Navigate with Improved Graphics, Risk Ratings

With the help of our publisher, Osborne/ McGraw-Hill, we've used the popular Hacking Exposed format for this third edition:
  • Every attack technique is highlighted with a special icon in the margin like this:

This Is an Attack Icon

Making it easy to identify specific penetration testing tools and methodologies.
  • Every attack is countered with practical, relevant, field-tested work-arounds, which also have their own special icon:

This Is a Countermeasure Icon

Get right to fixing the problems we reveal if you want!
  • We've made prolific use of visually enhanced
Read More Show Less

Foreword

FOREWORD

vul.ner-a-ble adj. 1. Susceptible to physical or emotional injury. 2. Susceptible to attack: "We are vulnerable both by water and land, without either fleet or army" (Alexander Hamilton). 3. Open to censure or criticism; assailable. 4. Liable to succumb, as to persuasion or temptation.

Whether we recognize it or not, when connected to the Internet in our home or office, we are all vulnerable. In fact, connecting to the Internet makes you a member (either willing or unwilling) of a community in which everyone becomes part of an enormous system-one much larger than any individual and where time and distance are almost eliminated. The interconnectivity of the Internet brings all participants in close proximity to each other. Your "neighbor next door" is now a hacker in a foreign country with intent to harm or a young talented kid searching out your vulnerabilities just for kicks.

As with every community, not all of its citizens are upstanding members. You can't open a newspaper these days without coming across another sleepy, quiet community that has been rocked by violence or scandal. The same is true for the cyber community of the Internet. In the high-speed, highly connected worldwide Internet community, it's easy to see why some of the most significant negative events happen there and happen with great speed. Even more distressing is the fact that within the Internet community live some very smart people with extraordinary talent and free time who insist on using that talent for evil instead of good.

You don't have to look back very far into Internet history to see incredible advances in computer exploitation. Actually, I believe the rate at which vulnerabilities are discovered and exploited far surpasses Moore's Law for computing power advances. Maybe the security community should develop our own law that says: "Attackers on the Internet will eventually find and exploit every vulnerability. The more interesting the target, the faster this will occur." Unfortunately, most people on the Internet believe that they are not interesting targets. This is simply not true. Anyone running a firewall on his or her home PC can see that. It's much faster for me to count the number of countries in the world that have not tried to attach to my home PC than count the ones that have. Every day there are at least a dozen individuals out there that want to know if my computer will talk to them using one of several well known Trojan Horses or vulnerable software applications. Why do these people keep coming back day after day? Simple, they often have success finding and compromising vulnerable computers.

Hacking and exploitation used to be the work of relatively few highly skilled experts. Today, ready-made point and click, load and run, compile and execute tools put destructive capability in the hands of almost anyone looking to cause trouble. It wasn't long ago that we were learning about basic p ping and SYN floods as the primary method for denial of service attacks. Soon after, denial of service took a great step forward with distributed attacks co-opting "innocent" UNIX computers. This technique was quickly morphed to work on another platform even more easily exploited, the Windows platforms used by thousands of cable and DSL customers. A great example of accelerated development is in the worm techniques that propagate Trojan Horses without human intervention. Fall 2000 through summer 2001 brought us the Bymer worm, Linux Ramen worm, Lion worm, SADMIND, the Leave worm, and Code Red. Code Red is possibly the most costly automated attack to date with current estimates of damage and clean up exceeding several billion dollars. This "hacking on autopilot" is a huge force multiplier and greatly leverages the attackers available time, increasing the chances of success. For all of the different techniques employed by worms, they all have one thing in common: closing the vulnerabilities that they exploit would have prevented all of the damage done. The vulnerabilities exploited by these worms, and countermeasures for them, are described in the book you are now reading.

Security as Market Differentiator

Competition within industry is fierce, and increasingly, security is being viewed not only as an enabler of service, but also as a market differentiator. As this trend matures, visible security incidents could significantly impact stock prices as well as spin up the corporate public relations staff. Clearly, threats from Internet attacks will continue to increase, and companies are going to persist in turning to the Internet channel for some or all of their transaction flow. Despite security threats increasing everyday on the Internet, companies continue to expand their use and presence. Why? Because the Internet is a vital business enabler. Consequently, all of these companies must be on guard and ready to deal with the attention they will receive from individuals with malicious intent. While there are many risks to doing business on the Internet, the biggest one is to your company's reputation. Reputation damage from a security breach is one of the fastest ways to erode customer and trading partner trust. A security breach that exposes confidential information, yours or your customers, can be catastrophic to your business. No industry is exempt from its wrath.

Even the most security savvy companies will have vulnerabilities on their network and, because of this, must remain diligent to minimize risk. The first step is knowledge and with knowledge comes the opportunity to mature and improve. In your hands, you hold one of the most powerful tools available in the security business to help increase your knowledge. Read it, heed it, and use it. I hold great respect for the authors of this book. I have sought and received excellent advice from them over the years. In Hacking Exposed, they have written "The Book" on vulnerabilities and countermeasures. My hope is that you will use the information here to make your company a safer and more secure place. In the future, companies that have the fewest reputation issues from security problems will be the companies that invest in passionate and talented people, flexible technology to meet constantly changing security threats, and processes that ensure continuous improvement. The companies that don't will most likely make The Wall Street Journal headlines-and not in a positive way.

Pete Murphy, 8/4/2001
SVP, Vulnerability and Response Management
Bank of America

Peter F. Murphy is responsible for the Vulnerability and Response Management team at Bank of America. These responsibilities include the Bank of America Computer Incident Response Team (BACIRT), Intrusion Detection, Vulnerability Assessments, Threat Management, Forensic Investigations, Regional Workarea Recovery Centers, and Network Computing Group Contingency Planning and Testing.

Pete has seventeen years experience in systems development, technology auditing, and information security in the banking and finance industry. Pete is a member of the Information Systems Audit and Control Association, holds a Certified Information Systems Auditor certification, participates in the Vulnerability Assessment working group as part of the President's Commission on Critical Infrastructure Protection, and participates in the Network Security Information Exchange (NSIE) as part of the President's National Security Telecommunications Advisory Council (NSTAC).

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted August 16, 2001

    just a prediction.

    if this book is as informative, and well written than the preceding editions, it is well worth the money. The ultimate source for securing networks...

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)