Clockfort's Tech Blog

Security Warrior by Cyrus Peikari and Anton Chuvakin
ISBN: 9780596005450

This book is an excellent introduction into the world of computer security. I was a bit surprised at the contents; the book features many more offensive techniques, like reverse engineering binaries, performing successful stack/heap overflows, attacks on a variety of server/network platforms, and defeating IDS/forensic technologies. I had initially expected the book to be more focused on security defense, which is covered, but certainly not in a typical ratio. I wouldn’t complain though, because as is stated in this book several times, a good offense is a good defense. For instance, upon introducing stack overflows, the authors wisely quip how a company could save a great deal of money and embarrassment if its employees found such vulnerabilities before they leak into the wild.

If I did have one bad thing to say about Security Warrior, it’s that I happen to know quite a bit about its entire first section already, so I found parts quite tiresome. Having already read such texts as Chris Eagle’s “The Ida Pro Book”, this book’s section on disassembly seemed a paltry introduction in comparison; however, it seems this amount would be about right to gently introduce someone to the subject, were they not already aware of this field of computer security knowledge.

All in all, Security Warrior is a good introductory text to a wide variety of computer security related topics, and hopefully the reader will leave interested in implementing at least a few of the defensive strategies listed, or want to become more familiar with some of the more interesting attack vectors. Further reading/knowledge will be needed other than the information found here in order to do useful security work, but, Security Warrior certainly at least gets the ball rolling and the interest piqued.

ISBN: 9781593271862
The Book of Xen: A Practical Guide for the System Administrator

Most Xen documentation on the Internet can be a tad focused on the single-computer, single-admin personal-use Xen administration case. This book, thankfully, is not. This is definitely the book to keep on your shelf if you require tips and tricks for setting up your own VPS hosting service, with its world full of  malevolent users needing to be kept in their place, quotas for bandwidth, disk I/O, CPU time, and memory usage, and allowing your users to configure their own instances without you having to step in every time they blow out their /boot partitions.

There are plenty of concepts covered in here for other use-cases (besides just hosting your own VPS provider) as well, including remote-mounting disks over NFS/iSCSI/AoE, migrating live Xen instances across a cluster of servers, and backing up disk images and machine states.

The Book of Xen provides a fair and balanced view of Xen management; that is to say, while it it does talk often about the many distro-specific ways of easily bootstrapping and configuring a new virtual server (like Debian’s debootstrap, Red Hat’s virt-install, or even creating images in Citrix XenServer) it also covers vendor and distro-neutral ways of performing all the required installation and management tasks. The Book of Xen is also fair in that it also goes on to describe the use and configuration of Microsoft, BSD, and Solaris Xen dom0 and domUs as well, with the caveat that support for Xen is weak and upcoming on such platforms as FreeBSD, and that HVM is required for many of these more exotic operating systems like “Microsoft Windows”, as there are no Xen hooks in the Windows kernel.

I particularly liked the Book of Xen’s first chapter, which, unrelated to the rest of the book’s sysadmin-oriented content, was a good overview of the technical underpinnings of the Xen hypervisor platform, and how it interacts with the hardware and virtualized machines from a very low-level perspective. As it is stated later in the book, and something that I agree with, the authors believe that one must know a technology, how it works, and its more basic manual and command line tools, before ever trusting a GUI or web interface to do the same. It will also surely aid debugging later when something goes wrong, as the administrator will have a good idea as to where the problem might lie.

All in all, I liked the book and would recommend it to anyone setting up their own Xen servers, however, I wished it would have had more information about Xen on the Intel Itanium (which is touched upon in the book as being a supported platform, but not talked about further) and I wish it had talked more about some of the topics they covered, like giving users access to their own Xen management consoles, in the common situation where there are many physical machines that a user’s instance could be on, a situation which completely broke their offered solutions for this situation and others.

ISBN: 9781886411951
How Not to Program in C++: 111 Broken Programs and 3 Working Ones, or Why Does 2+2=5986

Do you enjoy puzzles? Do you enjoy debugging other people’s code? If so, you’ll enjoy this book.

If reference materials or traditional educational coding books were like newspapers, then this book would be the crossword puzzle page. Just like any crossword puzzle, some sections are harder than others, and the puzzles in this book are no exception.  If you can’t quite figure out the subtle differences between pointers, addresses, double pointers, etc, then this listing of the plethora of ways that you can get yourself into trouble while programming in C++ will likely prove too difficult to solve at parts. Without a doubt though, anyone who fully knows C++ (and C, which is also covered in this book) and all its intricacies will not find most of the puzzles exceptionally difficult.

That being said, the book still proves a good read for anyone of higher programming skill; any reader will be scratching his or her head to find the truly subtle ways that the all-too-simple-looking sample programs have been broken. Luckily, there are helpful, very optional hints and answers in the back of the book one can read in order to get thinking on the right track without spoiling too much of the fun. Additionally, throughout the book’s puzzles, there are amusing programmer-related debugging horror stories and funny programming quips that provide a brief smile, even when one is wracking one’s brains out to find the misplaced comma, subtly misspelled keyword, missing semicolon, or devious memory misallocation that is keeping the answer of the problem elusive.

ISBN: 9780596101510

This epically-titled O’Reilly book is a well-organized collection of network configuration tips, stories, and common “gotchas”, as told by a self-admitted grouchy old network admin to younger, wet-behind-the-ears network administrators.

The author, in a move uncommon to most networking manuals, just cuts to the chase and says what needs to be said. Everything is told from a Cisco perspective, with Cisco terminology, and the only hint of variation allowed for is the occasional explanation when something is radically (or subtly, in some way that would ruin everything when you least expect it) different between CatOS and IOS. This is undeniably a good thing; it keeps the book short, and realistically, Cisco is one of the forefront leaders in the enterprise network market.

A wide range of topics are talked about – possible problems that you could run into with auto-negotiation on your fast-ethernet network, how to configure spanning tree or etherchannel, getting QoS to work properly, and a whole host of topics one should know when creating one’s own medium-to-large sized network. Even for those that already know how to implement these features, the author explains exactly when someone would want to use these features and how they evolved, and how they ought to be properly used.

I would recommend this book to anyone interested in enterprise networking – ranging from the relatively professionally uninitiated like myself (I only do networking administration for Computer Science House at the Rochester Institute of Technology) to those who are just transitioning from networking classes to actual jobs, who will benefit perhaps the most from the book’s tips and tricks from a person in industry, or even the average middle-aged network administrator, who may find a large portion of the book a snooze, but likely still pick up a trick or two that was previously unknown.