I read this book when it first came out in the 1960s. It became my favourite then, and it still is. I reread this book almost every year. When I call it a "living" classic, I mean precisely that: it is the fuel for living because it provides the mental scope, architecture and thinking processes to live a full and healthy life. The book has been an anchor for me for over 30 years precisely because it positions the role of imagination in such a clear fashion as the instrument of living. Imagination is not only healer of the hopeless, it is the healer of the process of living. I cannot thank the author enough for his contribution.

I loved this book every moment I was reading it, and it lifts my heart to open it at random and reread passages I highlighted. Lynch says he bases the book on two assumptions. First, he believes whatever is ill with the mentally ill is human. Second, he says that the well can put off the impossible burden of trying to be as well as they think they must be, and can enjoy the privilege of getting tired and being a little mad! He focuses on three major aspects of hope: imagination, mutuality and wishing. He says hopelessness usually involves some constriction of the imagination. Without imagination to picture ways out of difficulties, we lose energy and become too apathetic to wish for anything. On the other hand, Lynch believes our society places all the burden for having and using imagination on the individual. "Half of hope," he says, "is help." On some of the most exciting pages of this book, Lynch describes the theological significance of our being able to wish. If what we want is not sinful or outside the realm of reality, Lynch believes God wants to communicate autonomy to us. Not understanding this can paralyze us. In the world of the mental patient, Lynch has seen a person agonize over making the "right" decision between a cup of coffee or a cup of tea. He shares the metaphor of a child who makes a toy that can operate on its own and shouts, "Look at it go!" He believes that God similarly exults in giving us the ability to make wishes and that "every wish, no matter how small, is a truly creative act." This book encourages the full use of our God-given powers of creative imagination to help both ourselves and each other.

This is a book that grew in power from chapter to chapter. Here are some quotes that I think speak for themselves. "The task of imagination is to imagine the real." "The imagination is particularly well suited to form a pathway to reality because it can keep opposites together in a thought-provoking analogy or in a metaphor packed with new insight, or in a masterfully constructed story." "Truths that are mysterious, paradoxical and ironic become integrated into a person's life not through argument, but through action. These types of truths are 'higher than reason.' Having done the truth, that person now knows it from the inside." "Imagination liberates the person from the confines of the self." "Because imagination is the power through which a person escapes from the self and becomes actively related to the world, Schelling sees imagination as a form of love." "Art is not primarily 'self-expression,' but a sort of self-identification with another. That activity not only enhances the self, it constitutes a sort of report on a reality that has come in touch with the human." "Imagination gives expression to what lies deepest within the human: the spiritual life of will and reason as they strike a harmony with universal reason and the absolute will of God. The imagination, at its most profound, seeks to give expression to that harmony with God." If you love these quotes, you'll love this book.

It's difficult to find original material in most security books. "Hack Proofing Your Network, 2nd Edition" (HPYN2E) breaks that trend. Responding to feedback on the first edition, the authors have made numerous improvements in the second edition. If you're looking for relatively novel content in a security book, read the sections of HPYN2E I discuss next.

HPYN2E shines in many respects. The "laws of security" in chapter 2 are accurate and enlightening. Chapter 4 helps teach secure programming techniques by comparing insecure and secure code snippets. Chapter 4 also demonstrates debugging and disassembling code, usually not seen in security texts. Chapter 8 probably contains the most advanced coverage of buffer overflows I've read in a book. By actually showing and explaining stack traces, the authors share a level of detail sufficient to satisfy all but the most elite coders. Chapters on "diffing" (5) and format strings (9) are robust. Hardware hacking, thoroughly described in chapter 14, is fascinating. The author cared enough to include numerous clear photographs of disassembled equipment, and mentioned many helpful external web references.

While these great chapters comprise more than half of HPYN2E, the remainder is not exceptional. I was not happy with the rambling, wordy chapters on spoofing (12) and tunneling (13). Spare us the quotes from Dante's "Divine Comedy"! Still, this material is easily skimmed.

Because HPYN2E is written more from an intruder's point of view, the title doesn't seem to reflect the material. The book isn't exactly a "how to hack" manual, but it expertly illuminates many facets of compromising information resources.

When I read the first edition of this book, was truly disappointed. I was wondering how such people could have written such book. Not that the book was worthless, but too 'standard' to met the expectations I had from these guys.
Still the idea was very interesting (information directly from the real experts), and I kept waiting for a new edition.
Well the second edition is now out, and not only fulfills, but exceeds all my original expectations !!

Let's take a look:

The Approach:

Understanding attacks and vulnerabilities, by understanding 'how to hack' (good hacking of course. . . .ahem )

The Book:

Rewritten, expanded and improved, the book consists of 800+ pages well structured into 18 chapters (against 450+ pages and 15 chapters of the first edition).
Well written, well presented, with a real fancy table of contents, the chapters include url's, a FAQ section and a SOLUTIONS FAST TRACK one.
A lot of CLEVER code is included as well as helpful 'Tool & Traps' and 'Notes from the Underground. . . ' outlines.

The new sections (all outstanding) include:
- Hardware Hacking (otherwise only found in papers)
- Tunneling (excellent)
- IDS evasion (very easily explained)
- Format strings attacks

The Intended Audience:

People willing to become network security pros.

Contents:

- Introduction to Security, Attacks and related Methodologies.
- Cryptography.
- Unexpected Input, Buffer Overflow, Format Strings.
- Sniffing, Hijacking and Spoofing.
- Tunneling, Hardware Hacking, Viruses (et al.).
- IDS Evasion.
- Automated Tools.
- Reporting Security Problems.

The Bottom Line:

It is not just a good book, it is the best book among high level network security books, and the only that compares with specialized papers. Only quite easier.
I got more than 60 papers on buffer overflows. None compares with the classical 'Smashing The Stack For Fun And Profit' by Aleph One. IMHO, however, the corresponding chapter from this book, does compare and is really easier to understand.
Finally, the 'piece de resistance' of the book, is the chapter about Spoofing. Really enjoyed it, and by the way got surprised reading the innovative (to me) technique to 'Spoof Connectivity Through Asymmetric Firewalls'. Good Job Dan ;-)
As an added bonus, as an owner of this book, you'll find a lot of code files, applications and links...

I have the first edition of this book also, and I was really glad to see the second edition come out. There are some great hacking books out now, but I really think these ones are the best. I found in depth coverage on a lot of stuff you just can't find any place else. Some very cool info. on administering hosts locked behind a firewall and tips for making a "poor man's VPN". I also like that a lot of big names wrote the book, and their personalities really come through. A lot of tech. books can be a little dry even if they are well written. This one is actually entertaining also.

I am a senior engineer for network security operations. I am not a Solaris system administrator, but I read "Hack Proofing Sun Solaris 8" (HPSS8) to learn more about securing Solaris systems. HPSS8 addresses a wide variety of Solaris security issues, and is suitable for beginning and intermediate system administrators.

HPSS8 is not a Solaris version of "Hack Proofing Linux" (HPL), which I reviewed in October. While HPL seems more like a catalog of open source security tools, HPSS8 focuses on explaining the features and configuration of Solaris hosts. The authors provide useful explanations of Trusted Solaris, with enhancements like Role Based Access Control and Mandatory Access Control. Admins unwilling to deploy Trusted Solaris can experiment with the SunSCREEN Basic Security Module (BSM), which raises a default Solaris 8 installation to the C2 security level. HPSS8 describes how to deploy Sun's Kerberos implementation, called Sun Enterprise Authentication Mechanism (SEAM). The book also introduced me to Sun's implementation of file-based access control lists to protect SUID files.

As a casual reader, not responsible for implementing these tools, I found HPSS8's coverage adequate. I learned about enterprise-grade security features I never knew existed. I'm not sure if admins needing in-depth explanations will find what they need in HPSS8.

HPSS8 appears to be written by authors who know their material. I found no errors, although I admit I am not a Solaris expert. The network security discussions, with which I am more familiar, seemed error-free as well. I appreciated the heavily technical buffer overflow explanation in ch. 10, and was surprised to learn in ch. 8 that Solaris by default routes packets between multiple interfaces. The only slip in editing appeared to be unnecessary "double coverage" of Snort (in ch. 3 and ch. 8), probably written by different authors.

If you're a junior Solaris admin and you need to lock down your machines, securely operate web, email, caching, routing, firewalling, and related services, HPSS8 will definitely help you. Senior Solaris admins will probably not learn new tricks. Security professionals who want to familiarize themselves with Solaris features will enjoy reading HPSS8, as I did.

(Disclaimer: I received a free review copy from the publisher.)