ch02.htm

来自「Maximum Security (First Edition) 网络安全 英文」· HTM 代码 · 共 487 行 · 第 1/2 页

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>

<HEAD>
	
	<TITLE>Maximum Security -- Ch 2 -- How This Book Will Help You</TITLE>
</HEAD>

<BODY TEXT="#000000" BGCOLOR="#FFFFFF">

<CENTER>
<H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR>
<FONT COLOR="#000077">Maximum Security: </FONT></H1>
</CENTER>
<CENTER>
<H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2>
</CENTER>
<CENTER>
<P><A HREF="../ch01/ch01.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch03/ch03.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> 
<HR>

</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">2</FONT></H1>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">How This Book Will Help You</FONT></H1>
</CENTER>
<P>Prior to writing this book, I had extensive discussions with the Sams.net editorial
staff. In those discussions, one thing became immediately clear: Sams.net wanted
a book that was valuable to all users, not just to a special class of them. An examination
of earlier books on the subject proved instructive. The majority were well written
and tastefully presented, but appealed primarily to UNIX or NT system administrators.
I recognized that while this class of individuals is an important one, there are
millions of average users yearning for basic knowledge of security. To accommodate
that need, I aimed at creating an all-purpose Internet security book.</P>
<P>To do so, I had to break some conventions. Accordingly, this book probably differs
from other Sams.net books in both content and form. Nevertheless, the book contains
copious knowledge, and there are different ways to access it. This chapter briefly
outlines how the reader can most effectively access and implement that knowledge.
<H2><FONT COLOR="#000077"><B>Is This Book of Practical Use?</B></FONT></H2>
<P>Is this book of practical use? Absolutely. It can serve both as a reference book
and a general primer. The key for each reader is to determine what information is
most important to him or her. The book loosely follows two conventional designs common
to books by Sams.net:

<UL>
	<LI>Evolutionary ordering (where each chapter arises, in some measure, from information
	in an earlier one)<BR>
	<BR>
	
	<LI>Developmental ordering (where you travel from the very simple to the complex)
</UL>

<P>This book is a hybrid of both techniques. For example, the book examines services
in the TCP/IP suite, then quickly progresses to how those services are integrated
in modern browsers, how such services are compromised, and ultimately, how to secure
against such compromises. In this respect, there is an evolutionary pattern to the
book.</P>
<P>At the same time, the book begins with a general examination of the structure
of the Internet and TCP/IP (which will seem light in comparison to later analyses
of sniffing, where you examine the actual construct of an information packet). As
you progress, the information becomes more and more advanced. In this respect, there
is a developmental pattern to the book.
<H2><FONT COLOR="#000077"><B>Using This Book Effectively: Who Are You?</B></FONT></H2>
<P>Different people will derive different benefits from this book, depending on their
circumstances. I urge each reader to closely examine the following categories. The
information will be most valuable to you whether you are

<UL>
	<LI>A system administrator<BR>
	<BR>
	
	<LI>A hacker<BR>
	<BR>
	
	<LI>A cracker<BR>
	<BR>
	
	<LI>A business person<BR>
	<BR>
	
	<LI>A journalist<BR>
	<BR>
	
	<LI>A casual user<BR>
	<BR>
	
	<LI>A security specialist
</UL>

<P>I want to cover these categories and how this book can be valuable to each. If
you do not fit cleanly into one of these categories, try the category that best describes
you.
<H3><FONT COLOR="#000077"><B>System Administrator</B></FONT></H3>
<P>A system administrator is any person charged with managing a network or any portion
of a network. Sometimes, people might not realize that they are a system administrator.
In small companies, for example, programming duties and system administration are
sometimes assigned to a single person. Thus, this person is a general, all-purpose
technician. They keep the system running, add new accounts, and basically perform
any task required on a day-to-day basis. This, for your purposes, is a system administrator.
<H4><FONT COLOR="#000077"><B>What This Book Offers the System Administrator</B></FONT></H4>
<P>This book presumes only basic knowledge of security from its system administrators,
and I believe that this is reasonable. Many capable system administrators are not
well versed in security, not because they are lazy or incompetent but because security
was for them (until now) not an issue. For example, consider the sysad who lords
over an internal LAN. One day, the powers that be decree that the LAN must establish
a connection to the Net. Suddenly, that sysad is thrown into an entirely different
(and hostile) environment. He or she might be exceptionally skilled at internal security
but have little practical experience with the Internet. Today, numerous system administrators
are faced with this dilemma. For many, additional funding to hire on-site security
specialists is not available and thus, these people must go it alone. Not anymore.
This book will serve such system administrators well as an introduction to Internet
security.</P>
<P>Likewise, more experienced system administrators can effectively use this book
to learn--or perhaps refresh their knowledge about--various aspects of Internet security
that have been sparsely covered in books mass-produced for the general public.</P>
<P>For either class of sysad, this book will serve a fundamental purpose: It will
assist them in protecting their network. Most importantly, this book shows the attack
from both sides of the fence. It shows both how to attack and how to defend in a
real-life, combat situation.
<H3><FONT COLOR="#000077"><B>Hacker</B></FONT></H3>
<P>The term hacker refers to programmers and not to those who unlawfully breach the
security of systems. A hacker is any person who investigates the integrity and security
of an operating system. Most commonly, these individuals are programmers. They usually
have advanced knowledge of both hardware and software and are capable of rigging
(or hacking) systems in innovative ways. Often, hackers determine new ways to utilize
or implement a network, ways that software manufacturers had not expressly intended.
<H4><FONT COLOR="#000077"><B>What This Book Offers the Hacker</B></FONT></H4>
<P>This book presumes only basic knowledge of Internet security from its hackers
and programmers. For them, this book will provide insight into the Net's most common
security weaknesses. It will show how programmers must be aware of these weaknesses.
There is an ever-increasing market for those who can code client/server applications,
particularly for use on the Net. This book will help programmers make informed decisions
about how to develop code safely and cleanly. As an added benefit, analysis of existing
network utilities (and their deficiencies) may assist programmers in developing newer
and perhaps more effective applications for the Internet.
<H3><FONT COLOR="#000077"><B>Cracker</B></FONT></H3>
<P>A cracker is any individual who uses advanced knowledge of the Internet (or networks)
to compromise network security. Historically, this activity involved cracking encrypted
password files, but today, crackers employ a wide range of techniques. Hackers also
sometimes test the security of networks, often with the identical tools and techniques
used by crackers. To differentiate between these two groups on a trivial level, simply
remember this: Crackers engage in such activities without authorization. As such,
most cracking activity is unlawful, illegal, and therefore punishable by a term of
imprisonment.
<H4><FONT COLOR="#000077"><B>What This Book Offers the Cracker</B></FONT></H4>
<P>For the budding cracker, this book provides an incisive shortcut to knowledge
of cracking that is difficult to acquire. All crackers start somewhere, many on the
famous Usenet group alt.2600. As more new users flood the Internet, quality information
about cracking (and security) becomes more difficult to find. The range of information
is not well represented. Often, texts go from the incredibly fundamental to the excruciatingly
technical. There is little material that is in between. This book will save the new
cracker hundreds of hours of reading by digesting both the fundamental and the technical
into a single (and I hope) well-crafted presentation.
<H3><FONT COLOR="#000077"><B>Business Person</B></FONT></H3>
<P>For your purposes, business person refers to any individual who has established
(or will establish) a commercial enterprise that uses the Internet as a medium. Hence,
a business person--within the meaning employed in this book--is anyone who conducts
commerce over the Internet by offering goods or services.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>It does not matter whether these
	goods or services are offered free as a promotional service. I still classify this
	as <I>business</I>. 
<HR>


</BLOCKQUOTE>

<H4><FONT COLOR="#000077"><B>What This Book Offers the Business Person</B></FONT></H4>
<P>Businesses establish permanent connections each day. If yours is one of them,
this book will help you in many ways, such as helping you make informed decisions
about security. It will prepare you for unscrupulous security specialists, who may
charge you thousands of dollars to perform basic, system-administration tasks. This
book will also offer a basic framework for your internal security policies. You have
probably read dozens of dramatic accounts about hackers and crackers, but these materials
are largely sensationalized. (Commercial vendors often capitalize on your fear by
spreading such stories.) The techniques that will be employed against your system
are simple and methodical. Know them, and you will know at least the basics about
how to protect your data.
<H3><FONT COLOR="#000077"><B>Journalist</B></FONT></H3>
<P>A journalist is any party who is charged with reporting on the Internet. This
can be someone who works for a wire news service or a college student writing for
his or her university newspaper. The classification has nothing to do with how much
money is paid for the reporting, nor where the reporting is published.
<H4><FONT COLOR="#000077"><B>What This Book Offers the Journalist</B></FONT></H4>
<P>If you are a journalist, you know that security personnel rarely talk to the media.
That is, they rarely provide an inside look at Internet security (and when they do,
this usually comes in the form of assurances that might or might not have value).
This book will assist journalists in finding good sources and solid answers to questions
they might have. Moreover, this book will give the journalist who is new to security
an overall view of the terrain. Technology writing is difficult and takes considerable
research. My intent is to narrow that field of research for journalists who want
to cover the Internet. In coming years, this type of reporting (whether by print
or broadcast media) will become more prevalent.
<H3><FONT COLOR="#000077"><B>Casual User</B></FONT></H3>
<P>A casual user is any individual who uses the Internet purely as a source of entertainment.
Such users rarely spend more than 10 hours a week on the Net. They surf subjects
that are of personal interest.
<H4><FONT COLOR="#000077"><B>What This Book Offers the Casual User</B></FONT></H4>
<P>For the casual user, this book will provide an understanding of the Internet's
innermost workings. It will prepare the reader for personal attacks of various kinds,
not only from other, hostile users, but from the prying eyes of government. Essentially,
this book will inform the reader that the Internet is not a toy, that one's identity
can be traced and bad things can happen while using the Net. For the casual user,
this book might well be retitled How to Avoid Getting Hijacked on the Information
Superhighway.
<H3><FONT COLOR="#000077"><B>Security Specialist</B></FONT></H3>
<P>A security specialist is anyone charged with securing one or more networks from
attack. It is not necessary that they get paid for their services in order to qualify
in this category. Some people do this as a hobby. If they do it, they are a specialist.
<H4><FONT COLOR="#000077"><B>What This Book Offers the Security Specialist</B></FONT></H4>
<P>If your job is security, this book can serve as one of two things:

<UL>
	<LI>A reference book<BR>
	<BR>
	
	<LI>An in-depth look at various tools now being employed in the void
</UL>



<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>In this book, <I>the void</I> refers
	to that portion of the Internet that exists beyond your router or modem. It is the
	dark, swirling mass of machines, services, and users beyond your computer or network.
	These are quantities that are unknown to you. This term is commonly used in security
	circles to refer to such quantities. 
<HR>


</BLOCKQUOTE>