Skimming through software, by reading security web sites and using Google, you can keep your self updated on the latest tools and attack/defense scenarios grounded on them. "Security Power Tools" is definitely the book you should check out as it is a focused on reading this kinds of information.

About the authors

A number of various writers and technical reviewers are credited in this book, so there's no point in providing details on all of them. All of the authors are operative inside the industry and have technical knowledge in different areas.

Inside the book

As I observed, this large 800+ pages O'Reilly publication is a product of coaction between a number of technical authors and experts that added with their own specialties. The book is concentrated on covering a large chunk of the security dood's arsenal, with particulars on different tool usage in a variety of scenarios. After a concise introduction on ethics and legal issues, the book is classified into six main topics which include reconnaissance, penetration, control, defense, monitoring and discovery.

When it refers reconnaissance, the readers are first presented with network and vulnerability scanning techniques and later writers go deeper with LAN reconnaissance tactics, ways of mangling with wireless networks and the way of creating custom packets.

The penetration section is spread out with a 30 page overview of Metasploit concept and continues with the "hacking" viewpoint upon the former wireless reconnaissance chapter. The two most fascinating topics of this part of the book are custom exploitation and an overview from exploitation framework applications.

Remote system control could be done with distinct ways, but the suitable section in "Security Power Tools" mostly revolves around using backdoors (prime focus on Back Orifice 2000) and deploying rootkits. Both the subjects have hardly around 25 pages each.

After almost 400 pages of tools and processes mainly utilized from the attacker's standpoint, the writers furnish their tips on maintaining your systems using firewalls, host hardening, email security with anti-spam and securing communications. The last mentioned are primarily connected with SSH and PGP usage.

The supervising division of the book comprises of sets of information about distinct technologies and techniques associated to host and network monitoring (centered on Snort), also as network capturing using tcpdump and Wireshark. Through the final 80 pages, authors work they way around forensic issues and favorite methods of application fussing.

Final thoughts

Being a big fan of Security Power Tools because it's a great concept, it is easy to use as a reference in specific situations, and the quality of the content is first-rate.