18 October 2011

Silence on the wire


The problem with many security books is that they simply list a series of attacks against vulnerabilities in systems services. What happens to these books is that they lose validity as patches appear for vulnerabilities  explained, so that when book reach printers actually is outdated. 

But there are others who choose to be more conceptual and describe the risks caused by the designs rather than implementations. These books are much more didactic and useful to delve into the nature of the protocols and systems. Besides, its effect is much longer because the problems of an standard remains until the advent of the following standard (think for example in system security issues WEP). Silence on the wire belongs to this second set of books.

In it, author Michal Zalewski made a study of passive recognition techniques and indirect attacks on a fairly eclectic way, covering topics ranging from the deduction of passwords based on the timing of keystrokes, the parasitic use of processing power of entire networks of computers without permission from their owners, and other interesting topics like the use of the same network infrastructure as a means of hidden and anonymous mass storage, among others. Some of the chapters are strongly speculative and at first glance may seem hardly feasible but the truth is that they are all vectors of attack rarely  noticed and they serve as demonstration that until the last bit in the system design can be used by an attacker to compromise motivated enough. Other chapters in this book were before author's papers very well received in the Net for its innovative approach and the risk of alerting, as is the case of his study of implementations of pseudorandom number generators (PRGN) of most widely used operating systems, which used a mathematical transformation that allowed spatially represent the values ​​that were taking these generators and thus show that many of them drew statistically predictable values.

For all the above and more this is an excellent book should be indispensable in the library of any student of computer security warning that reading this book presupposes knowledge already acquired about networks and protocols such  that can be obtained through Kurose & Ross , Tanenbaum or Stallings .