This chapter provides an overview of a variety of different vulnerabilities and exploits as they relate to computers and networks. While not the focus of this book, this chapter motivates the requirement for securing systems, which is the focus of this book. We've provided numerous references for further study.
For Further Reading
Anonymous. Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network. Indianapolis, IN: Sams.net Publishing, 1997.
Atkins, Derek, et al. Internet Security: A Professional Reference, Indianapolis, IN: New Riders Publishing, 1996.
Barret, Daniel J. Bandits on the Information Superhighway. Sebastopol, CA: O'Reilly & Associates, 1996.
Chapman, D. Brent, and Elizabeth D. Zwicky. Building Internet Firewalls. Sebastopol, CA: O'Reilly & Associates, 1995.
Cheswick, William R., and Steven M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Reading, MA.: Addison-Wesley, 1994.
Cooper, Frederic J., et al. Implementing Internet Security. Indianapolis, IN: New Riders Publishing, 1995.
Denning, Dorothy E. Information Warfare and Security. New York, NY: Addison-Wesley, 1998.
Garfinkel, Simson, and Gene Spafford. Practical UNIX and Internet Security, 2d ed. Sebastopol, CA: O'Reilly & Associates, 1996.
Garfinkel, Simson, and Gene Spafford. Web Security & Commerce. Sebastopol, CA: O'Reilly & Associates, 1997.
Hughes, Larry Jr. Actually Useful Internet Security Techniques. Indianapolis, IN: New Riders Publishing, 1995.
Icove, David, et al. Computer Crime: A Crimefighter's Handbook. Sebastopol, CA: O'Reilly & Associates, 1995.
Klander, Lars. Hacker Proof: The Ultimate Guide to Network Security. Las Vegas, NV: Jamsa Press, 1997.
Kyas, Othmar. Internet Security Risk Analysis, Strategies, and Firewalls. London: International Thomson Computer Press, 1997.
Pabrai, Uday O., and Vijay K. Gurbani. Internet and TCP/IP Network Security Securing Protocols and Applications. New York, NY: McGraw-Hill, 1996.
Siyan, Karanjit, and Chris Hare. Internet Firewalls and Network Security. Indianapolis, IN: New Riders Publishing, 1995.
Interesting Cracker Tales
These references do not provide any technical details but do relate stories about (in)famous attacks.
Dreyfus, Suelette. Underground Tales of Hacking, Madness, and Obsession on the Electronic Frontier. Kew, Australia: Mandarin, 1997.
Littman, Jonathan. The Watchman. Boston, MA: Little, Brown, 1997.
Shimomura, Tsutomu, with John Markoff. Takedown. New York, NY: Hyperion, 1996.
Stoll, Cliff. The Cuckoo's Egg. New York, NY: Pocket Books, 1990.
For information related to Domain Name Service (DNS), InterNetNews (INN), and Dynamic Host Configuration Protocol (DHCP), check out the home of the Internet Software Consortium (ISC),
The home of sendmail, a commonly used mail transfer agent (MTA), has lots of good information about sendmail-related vulnerabilities:
For good general security information, links, and references, visit the Information Systems Security Association site,
Professional certification in the field of security is available from (ISC)2. This site also has information about technical, physical, personnel, and many other areas of security. Their home page is
For an excellent collection of security tools and resources, visit the home of the Computer Operations, Audit, and Security Technology (COAST) site at
which also contains a great many links. Check them out!
Other good security sites include:
The following Web sites are considered full-disclosure sites because they publish details of various vulnerabilities and often offer code samples that exploit some of the vulnerabilities. The purpose of listing these sites here is to inform you about what the bad guys already know.