It's a truism that you set a thief to catch a thief. Hacking Exposed takes this truism into the 21st century by using the point of view of both the hacker and the administrator to explain how hackers get in, and how to stop them.
The book is targeted at those with only a small amount of experience in running a network (or hacking into one). The authors write about hackers in describing their reasons, techniques, software, and tools. The authors then look at security administrators by discussing countermeasures to the described methods of breaking in.
Hacking Exposed goes through each of the more popular operating systems (including Windows NT, Unix, Novell NetWare, and certain firewalls), vulnerability by vulnerability, rating each by Popularity, Simplicity, Impact, and Risk Rating. As most people run some form of Microsoft OS, these are the most scrutinized by hackers. Therefore, Chapters Four and Five are completely devoted to the known vulnerabilities in Windows 95, Windows 98, and Windows NT.
The book explains feasible attacks for each system, which are popular, and what tools exist to make the job of cracking a system easier. You are taken through numerous attacks, explaining exactly what attackers want, how they defeat the relevant security features, and what they do once theyve achieved their goal.
There are only two deficits in this book. The first is the lack of Linux information, while the second is a lack of depth in some areas. Instead, the book covers techniques that are obsolete (for example - phf is described many times, but as it is a well known problem, few administrators will run into it) or are of marginal interest, such as those requiring root or console access to run.
This doesnt imply Hacking Exposed is a bad book, but rather that computer security cannot be learned entirely from one book. Until someone publishes an interactive computer security course on CD-ROM, however, Hacking Exposed will provide one of the better introductions to the basics.