| CARVIEW |
Select Language
HTTP/2 302
server: nginx
date: Sun, 03 Aug 2025 22:54:10 GMT
content-type: text/plain; charset=utf-8
content-length: 0
x-archive-redirect-reason: found capture at 20081224031757
location: https://web.archive.org/web/20081224031757/https://oreilly.com/catalog/9780596009632/
server-timing: captures_list;dur=0.493761, exclusion.robots;dur=0.019409, exclusion.robots.policy;dur=0.008823, esindex;dur=0.008341, cdx.remote;dur=582.513491, LoadShardBlock;dur=633.084888, PetaboxLoader3.resolve;dur=340.575216, PetaboxLoader3.datanode;dur=234.315747
x-app-server: wwwb-app224
x-ts: 302
x-tr: 1248
server-timing: TR;dur=0,Tw;dur=0,Tc;dur=0
set-cookie: wb-p-SERVER=wwwb-app224; path=/
x-location: All
x-rl: 0
x-na: 0
x-page-cache: MISS
server-timing: MISS
x-nid: DigitalOcean
referrer-policy: no-referrer-when-downgrade
permissions-policy: interest-cohort=()
HTTP/2 200
server: nginx
date: Sun, 03 Aug 2025 22:54:13 GMT
content-type: text/html
x-archive-orig-date: Wed, 24 Dec 2008 03:17:33 GMT
x-archive-orig-server: Apache
x-archive-orig-p3p: policyref="https://www.oreillynet.com/w3c/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONo OUR DELa PUBi OTRa IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE"
x-archive-orig-last-modified: Tue, 23 Dec 2008 11:16:45 GMT
x-archive-orig-accept-ranges: bytes
x-archive-orig-content-length: 47104
x-archive-orig-x-cache: MISS from olive.bp
x-archive-orig-x-cache-lookup: MISS from olive.bp:3128
x-archive-orig-via: 1.0 olive.bp:3128 (squid/2.6.STABLE13)
x-archive-orig-connection: close
x-archive-guessed-content-type: text/html
x-archive-guessed-charset: windows-1252
memento-datetime: Wed, 24 Dec 2008 03:17:57 GMT
link: ; rel="next memento"; datetime="Mon, 29 Dec 2008 01:00:20 GMT", ; rel="last memento"; datetime="Mon, 30 Jun 2025 00:07:50 GMT"
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org wwwb-events.archive.org
x-archive-src: 51_7_20081224010359_crawl107-c/51_7_20081224031655_crawl100.arc.gz
server-timing: captures_list;dur=0.448851, exclusion.robots;dur=0.016291, exclusion.robots.policy;dur=0.006959, esindex;dur=0.009732, cdx.remote;dur=1426.986089, LoadShardBlock;dur=240.666917, PetaboxLoader3.datanode;dur=170.715200, PetaboxLoader3.resolve;dur=211.452400, load_resource;dur=224.575693
x-app-server: wwwb-app224
x-ts: 200
x-tr: 2027
server-timing: TR;dur=0,Tw;dur=0,Tc;dur=0
x-location: All
x-rl: 0
x-na: 0
x-page-cache: MISS
server-timing: MISS
x-nid: DigitalOcean
referrer-policy: no-referrer-when-downgrade
permissions-policy: interest-cohort=()
content-encoding: gzip
Security Power Tools | O'Reilly Media
Security Power Tools
Featured customer reviews
Very good book for people interested in security, November 05 2008
This book covers most of the stuff you will need to have a good idea about server,PC and network security.Especially good topics related to network scanning with nmap ,metasploit and wireless security.
I think it would great if they added more topics on how to set up a firewall.But overall I used it for systems work that I do and also for some of my security classes.It will have everything from beginning from basic security to network monitoring and other complex issues.
In terms of readability it was good because I am new to security and I didn't have any problems reading and understanding it.I definitely recommend for any CS majors or sys admins.
Excellent: Practical Advice, October 15 2008
Security Power Tools
Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, Philippe Biondi
O?Reilly ? 1st Edition
https://oreilly.com/catalog/9780596009632/index.html
This is a detailed overview of tools that can be used to detect and defend against various security threats. The book generally groups software by category, with a section/chapter devoted to each tool. The software tool is thoroughly covered from download to installation to configuration. A fair amount of theory is covered for the various attack vectors discuss but the book focuses on practical, real-world examples.
The topics covered vary across a wide range but each is still covered with a good amount of depth which accounts for the books large size (856 pages). For each threat model covered, various tools that can be used for detection, avoidance, and protection are discussed along with user guides on how to acquire and set up the tools. The software discussed is generally open source and free of charge. Packages for all major PC operating systems are covered. Linux and Windows get the lion?s share of attention but Mac and Unix are covered as well. Of course most of the Linux tools are Unix tools as well. Many of the Windows tools talked about are Linux ports.
I enjoyed the book overall and in particular I enjoyed the ability to ?follow along? by downloading and working with the software packages covered in each section. Security professionals and hobbyist will certainly recognize many of the tools but a few might be new to many and even on the popular tools, some interesting features might not be know to all.
Summary:
- Practical explanations of each security topic are given for real world use.
- Focus is on example and practice
- A great book for security professionals and security hobbyist.
Great security book!, June 06 2008
Submitted by Jason [Respond | View]
I think this book should have been titled more along the lines of "Network Attack and Defense", but that doesn't detract from its contents. This is a great network-focused coverage of some of the things that the bad guys will do to get into your network and, to some extent, what you can do about it. I particularly enjoyed chapters five and eight on wireless recon and penetration, which have great coverage on how to set up various wireless tools on Linux (which can be a daunting task for the uninitiated), as well as chapter eighteen on network sniffing (Practical Packet Analysis makes a good followup to this chapter). The last chapter also tacks on a bit on binary reverse engineering, which seems like an afterthought in the context of the rest of the book, but is still a good read. Overall, another great security book from O'Reilly!
SPT - - A Security Tool Primer Worth Reading, February 14 2008
Security Power Tools (SPT) is O'Reilly Publishing's sister manual to their popular Unix Power Tools. It is written as a primer to various security tools, organized within seven sections, covering Legal and Ethics, Reconnaissance, Penetration, Control, Defense, Monitoring, and Discovery. While the target audience of SPT is security professionals, the book weighs in at just over 800 pages and probably has something for everyone working in a technical facet of IT.
Having said that, I really enjoyed reading this book. I read it nearly cover-to-cover, and while I was at least familiar with most of the material in the book, I was still able to find gems of knowledge, even in tools that I work with on a daily basis. Expect to read about some tools that you may already know about, like Nmap, Nessus, and The Metasploit Framework, but keep reading for a heap of other useful applications that you may not be familiar with.
One of the strengths of the book is the varying backgrounds of its contributing authors; just as the book covers a diverse tool set, the expertise of the authors is also diverse. The book was written collaboratively by twelve individuals, made up primarily of Juniper Networks' J-Security team. Despite an opportunity for vendor-bias towards Juniper products, the book remained vendor-neutral. The majority of the book focuses on open-source and free-ware applications, although there is commercial software covered as well. In fact, Chapter 9 - Exploitation Framework Applications covers Canvas and Core Impact exclusively; both commercial applications.
One of the chapters that makes this book unique is the chapter on Law and Ethics, written by Jennifer Stisa Granick. You may recognize Ms Granick from her representation of Michael Lynn in during the Cisco Gate ordeal at Black Hat 2005 (coincidentally, Michael Lynn is also one of the contributing authors of this book). She provides an insightful discussion on not only the legal implications of security work, but also the role that ethics plays in some of those "gray" areas that security professionals may find themselves in.
Another chapter that sets this book apart is Chapter 6 - Custom Packet Generation, which primarily focuses on the use of Scapy. The chapter is written by Phillipe Biondi, the author of Scapy, and he provides an excellent argument to "Decode, Do Not Interpret". He discusses the advantages of writing tools that will provide you with raw decoded information, without an interpretation of that information. For instance, if you scanned a port on a remote host, Biondi would argue that it would be better for your tool to tell you that the remote host returned a RST packet rather than telling you that the port is closed. Beyond this valuable discussion, Biondi provides a very thorough discussion of the uses of Scapy, along with several good examples. This chapter alone makes this book worth buying.
While I liked this book, there were also some problems that prevented me from giving it a 5-star rating. For starters, the preface describes the overwhelming amount of content that was edited out of this book to keep it within size constraints, yet there was quite a bit of content that detracted from the value-density of the book. As I mentioned previously, the majority of SPT is a security primer and should not be considered a reference. Given this position, I believe that there was too much step-by-step installation and setup content. As an example, Chapter 16 - E-Mail Security and Anti-Spam covered the installation and management of the Norton Anti-Virus client. I can appreciate the security-related value of anti-virus software, but I felt that a step-by-step walk through of a Norton product was irrelevant.
Additionally, while I previously stated that the diverse expertise of the authors was a benefit, the varied writing style detracted from the readability of the book. Content aside, I found some chapters to be fun to read while others were boring, due to a particular author's writing style.
In summary, I would recommend this book to anyone interested in an overview of where to get started in researching security tools for a particular purpose. While none of the discussions in the book are exhaustive, they will definitely get you started and arm you with enough information to know what you want and where to get it.
Very good book. I recommend., January 30 2008
This a good book. I recommend.
Each chapter is written as tutorial and not as man or help. It represent a good security toolbox.
The chapter on scapy is very good and well described.
I prefer the chapter on social engineering.
Azzeddine
Media reviews
"Here in a single volume is a veritable think-tank of state-of-the-art security techniques addressing the needs of the most popular computer platforms: Linux, Mac, Unix, and Windows. It is a real eye-opener to the vulnerabilities of computer networks and is therefore a must-have book for network administrators...Written by members of the Juniper Networks' Security Engineering team, with some guest authors, the twenty-three chapters cover the use of both offensive and defensive commercial and freeware tools, along with insider techniques, tips, and methods. The authors reveal the inner workings of a world that is foreign to most computer users, and show the ingenious ways which the "bad guys" have devised to compromise a target's personal data. (Reprinted with permission from The Kleper Report on Digital Publishing, copyright 2007, Graphic Dimensions, Lauderdale by the Sea, FL.)"
-- Michael Kleper, The Kleper Report on Digital Publishing
"I'd love to use this book in my system administrator training courses – it's a beautiful example of how to do problem analysis and counter-intelligence. I guess having the book describe these techniques in detail for the hostiles may be the price I have to pay to get the awareness and (hopefully) the motivation for the admin community to close the holes and do responsible system management."
-- David Boyes, Computers and Publishing, Inc
"Security Power Tools is chock-full of relevant content that is also accessible and straightforward...Security Power Tools is almost guaranteed to offer any intermediate- and advanced-level professional information and tools to fill in knowledge and memory gaps."
-- Bruce Gain, Processor: Products, News & Information Data Centers Can Trust
Read all reviews
By Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, Philippe Biondi
August 2007
Pages: 856
ISBN 10: 0-596-00963-1 |
ISBN 13: 9780596009632
(Average of 4 Customer Reviews)
What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms.
Full Description
What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms.
Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.
Security Power Tools details best practices for:
Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.
Security Power Tools details best practices for:
- Reconnaissance -- including tools for network scanning such as nmap; vulnerability scanning tools for Windows and Linux; LAN reconnaissance; tools to help with wireless reconnaissance; and custom packet generation
- Penetration -- such as the Metasploit framework for automated penetration of remote computers; tools to find wireless networks; exploitation framework applications; and tricks and tools to manipulate shellcodes
- Control -- including the configuration of several tools for use as backdoors; and a review of known rootkits for Windows and Linux
- Defense -- including host-based firewalls; host hardening for Windows and Linux networks; communication security with ssh; email security and anti-malware; and device security testing
- Monitoring -- such as tools to capture, and analyze packets; network monitoring with Honeyd and snort; and host monitoring of production servers for file changes
- Discovery -- including The Forensic Toolkit, SysInternals and other popular forensic tools; application fuzzer and fuzzing techniques; and the art of binary reverse engineering using tools like Interactive Disassembler and Ollydbg
Featured customer reviews
Very good book for people interested in security, November 05 2008
Rating:
Submitted by
Kumar Sharshembiev
[Respond | View]
This book covers most of the stuff you will need to have a good idea about server,PC and network security.Especially good topics related to network scanning with nmap ,metasploit and wireless security.
I think it would great if they added more topics on how to set up a firewall.But overall I used it for systems work that I do and also for some of my security classes.It will have everything from beginning from basic security to network monitoring and other complex issues.
In terms of readability it was good because I am new to security and I didn't have any problems reading and understanding it.I definitely recommend for any CS majors or sys admins.
Excellent: Practical Advice, October 15 2008
Rating:
Submitted by
jdruin
[Respond | View]
Security Power Tools
Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, Philippe Biondi
O?Reilly ? 1st Edition
https://oreilly.com/catalog/9780596009632/index.html
This is a detailed overview of tools that can be used to detect and defend against various security threats. The book generally groups software by category, with a section/chapter devoted to each tool. The software tool is thoroughly covered from download to installation to configuration. A fair amount of theory is covered for the various attack vectors discuss but the book focuses on practical, real-world examples.
The topics covered vary across a wide range but each is still covered with a good amount of depth which accounts for the books large size (856 pages). For each threat model covered, various tools that can be used for detection, avoidance, and protection are discussed along with user guides on how to acquire and set up the tools. The software discussed is generally open source and free of charge. Packages for all major PC operating systems are covered. Linux and Windows get the lion?s share of attention but Mac and Unix are covered as well. Of course most of the Linux tools are Unix tools as well. Many of the Windows tools talked about are Linux ports.
I enjoyed the book overall and in particular I enjoyed the ability to ?follow along? by downloading and working with the software packages covered in each section. Security professionals and hobbyist will certainly recognize many of the tools but a few might be new to many and even on the popular tools, some interesting features might not be know to all.
Summary:
- Practical explanations of each security topic are given for real world use.
- Focus is on example and practice
- A great book for security professionals and security hobbyist.
Great security book!, June 06 2008
Submitted by Jason [Respond | View]
I think this book should have been titled more along the lines of "Network Attack and Defense", but that doesn't detract from its contents. This is a great network-focused coverage of some of the things that the bad guys will do to get into your network and, to some extent, what you can do about it. I particularly enjoyed chapters five and eight on wireless recon and penetration, which have great coverage on how to set up various wireless tools on Linux (which can be a daunting task for the uninitiated), as well as chapter eighteen on network sniffing (Practical Packet Analysis makes a good followup to this chapter). The last chapter also tacks on a bit on binary reverse engineering, which seems like an afterthought in the context of the rest of the book, but is still a good read. Overall, another great security book from O'Reilly!
SPT - - A Security Tool Primer Worth Reading, February 14 2008
Rating:
Submitted by
Ben Nell
[Respond | View]
Security Power Tools (SPT) is O'Reilly Publishing's sister manual to their popular Unix Power Tools. It is written as a primer to various security tools, organized within seven sections, covering Legal and Ethics, Reconnaissance, Penetration, Control, Defense, Monitoring, and Discovery. While the target audience of SPT is security professionals, the book weighs in at just over 800 pages and probably has something for everyone working in a technical facet of IT.
Having said that, I really enjoyed reading this book. I read it nearly cover-to-cover, and while I was at least familiar with most of the material in the book, I was still able to find gems of knowledge, even in tools that I work with on a daily basis. Expect to read about some tools that you may already know about, like Nmap, Nessus, and The Metasploit Framework, but keep reading for a heap of other useful applications that you may not be familiar with.
One of the strengths of the book is the varying backgrounds of its contributing authors; just as the book covers a diverse tool set, the expertise of the authors is also diverse. The book was written collaboratively by twelve individuals, made up primarily of Juniper Networks' J-Security team. Despite an opportunity for vendor-bias towards Juniper products, the book remained vendor-neutral. The majority of the book focuses on open-source and free-ware applications, although there is commercial software covered as well. In fact, Chapter 9 - Exploitation Framework Applications covers Canvas and Core Impact exclusively; both commercial applications.
One of the chapters that makes this book unique is the chapter on Law and Ethics, written by Jennifer Stisa Granick. You may recognize Ms Granick from her representation of Michael Lynn in during the Cisco Gate ordeal at Black Hat 2005 (coincidentally, Michael Lynn is also one of the contributing authors of this book). She provides an insightful discussion on not only the legal implications of security work, but also the role that ethics plays in some of those "gray" areas that security professionals may find themselves in.
Another chapter that sets this book apart is Chapter 6 - Custom Packet Generation, which primarily focuses on the use of Scapy. The chapter is written by Phillipe Biondi, the author of Scapy, and he provides an excellent argument to "Decode, Do Not Interpret". He discusses the advantages of writing tools that will provide you with raw decoded information, without an interpretation of that information. For instance, if you scanned a port on a remote host, Biondi would argue that it would be better for your tool to tell you that the remote host returned a RST packet rather than telling you that the port is closed. Beyond this valuable discussion, Biondi provides a very thorough discussion of the uses of Scapy, along with several good examples. This chapter alone makes this book worth buying.
While I liked this book, there were also some problems that prevented me from giving it a 5-star rating. For starters, the preface describes the overwhelming amount of content that was edited out of this book to keep it within size constraints, yet there was quite a bit of content that detracted from the value-density of the book. As I mentioned previously, the majority of SPT is a security primer and should not be considered a reference. Given this position, I believe that there was too much step-by-step installation and setup content. As an example, Chapter 16 - E-Mail Security and Anti-Spam covered the installation and management of the Norton Anti-Virus client. I can appreciate the security-related value of anti-virus software, but I felt that a step-by-step walk through of a Norton product was irrelevant.
Additionally, while I previously stated that the diverse expertise of the authors was a benefit, the varied writing style detracted from the readability of the book. Content aside, I found some chapters to be fun to read while others were boring, due to a particular author's writing style.
In summary, I would recommend this book to anyone interested in an overview of where to get started in researching security tools for a particular purpose. While none of the discussions in the book are exhaustive, they will definitely get you started and arm you with enough information to know what you want and where to get it.
Very good book. I recommend., January 30 2008
Rating:
Submitted by
RAMRAMI
[Respond | View]
This a good book. I recommend.
Each chapter is written as tutorial and not as man or help. It represent a good security toolbox.
The chapter on scapy is very good and well described.
I prefer the chapter on social engineering.
Azzeddine
Media reviews
"Here in a single volume is a veritable think-tank of state-of-the-art security techniques addressing the needs of the most popular computer platforms: Linux, Mac, Unix, and Windows. It is a real eye-opener to the vulnerabilities of computer networks and is therefore a must-have book for network administrators...Written by members of the Juniper Networks' Security Engineering team, with some guest authors, the twenty-three chapters cover the use of both offensive and defensive commercial and freeware tools, along with insider techniques, tips, and methods. The authors reveal the inner workings of a world that is foreign to most computer users, and show the ingenious ways which the "bad guys" have devised to compromise a target's personal data. (Reprinted with permission from The Kleper Report on Digital Publishing, copyright 2007, Graphic Dimensions, Lauderdale by the Sea, FL.)"
-- Michael Kleper, The Kleper Report on Digital Publishing
"I'd love to use this book in my system administrator training courses – it's a beautiful example of how to do problem analysis and counter-intelligence. I guess having the book describe these techniques in detail for the hostiles may be the price I have to pay to get the awareness and (hopefully) the motivation for the admin community to close the holes and do responsible system management."
-- David Boyes, Computers and Publishing, Inc
"Security Power Tools is chock-full of relevant content that is also accessible and straightforward...Security Power Tools is almost guaranteed to offer any intermediate- and advanced-level professional information and tools to fill in knowledge and memory gaps."
-- Bruce Gain, Processor: Products, News & Information Data Centers Can Trust
Read all reviews
Got a Question?
"Here in a single volume is a veritable think-tank of state-of-the-art security techniques addressing the needs of the most popular computer platforms: Linux, Mac, Unix, and Windows. It is a real eye-opener to the vulnerabilities of
computer networks and is therefore a must-have book for network administrators."
--Michael Kleper, The Kleper Report on Digital Publishing
 © 2008, O'Reilly Media, Inc. (707) 827-7000 / (800) 998-9938 All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. |
About O'Reilly Privacy Policy Contacts Customer Service Authors Press Room Jobs User Groups Academic Solutions Newsletters Writing for O'Reilly RSS Feeds Terms of Service |
Other O'Reilly Sites O'Reilly Radar Ignite Tools of Change for Publishing Digital Media Inside iPhone O'Reilly FYI makezine.com craftzine.com hackszine.com perl.com xml.com |
Sponsored Sites Inside Aperture Inside Lightroom Inside Port 25 InsideRIA java.net |