of
"The Art of Deception” By Kevin D. Mitnick & William L. Simon
M. J. Banks
Monsters University
Spring 2013
ITS 20000-01 Ethical & Legal Issues
This review will entail
observations of “The Art of Deception” by By Kevin D. Mitnick and William L.
Simon; overall, it will portend the quality of the book. While assessing
tactical hacking and the authors’ suggested approaches at stopping the malicious
intents relayed, foremost the personable affectations needed to deceive the
deceivers, and relaying how the book presents itself for the layperson. The amount of intrigue given from the book is
acceptable to hobbyist and analogue readers alike, proffering enough useful
knowledge for IT managers also, in entirety can become excessive to the
uninitiated techie, and outlines the certainty of the dichotomy of hacker and
security professional. This inroad to
technical security oftentimes panders to all readers with isolated scenarios
that touch upon literary noire elements, simple altruistic tales that illumine
otherwise trivial elements of the technical world as the perils that they are
and can be, validated by proven security measures it maintains standing as
designed, a partial manual to avoid human error. Infamous Mr. Mitnick relies as much on his
criminal past as he does the gathered solutions written in the book to prove the
value of the guide. Balanced against humble brags and common knowledge the book
is a descent read for people of the nerd community.
Book Review: “The Art of Deception”
‘Deception’ begins with a close
focus on threats based in the computer world and a call to acknowledge, define,
and prevent them. Slowly it brings the readers on a journey that eventually
forces the reader to realize the necessity of network hardware firewalls,
intrusion detection systems (IDS), antivirus (AV) software, and other security
protocols digital and physical, each in individuated experiences. Each serial foray into a security threat is
predictably simple, which allows the reader to learn typical solutions to the
most typical problems, distinguishing the book as persuasive rather than rigidly
technical. Easily enough to read, it has many explanations for novice readers
and can at times redundantly explain things. In other instances, the writers
impose lulls to security scenarios with elongated personal attestations, which
served to explain the flaw of neglecting dangers of a mere unfortunately trusted
and unattended hackers. The prose points balanced with the technical aspects
make for a descent book to read, but probably a better audiobook.
In the book,
Mitnick explains his role in becoming a famous hacker, by means of a national
FBI search due to ruining several millions of dollars in the monies of corporate
America through his hacking skills, duly ending in incarceration by the federal
government, and since has strived for legitimate business ventures. My
assessment being that he intimates in his writing sympathy for hackers in his
own way, yet now consults corporate institutions and security firms around the
world to the malicious hacker element. Logically inundated with a need for IT
security these companies hire security admins to propose, design, implement,
maintain, and improve the valuable networks they implement for large amounts of
commerce all day every day. The book scenarios define users and a network,
credentials and insecure situations, showing that hacking has the simplicity of
stolen passwords as much as the complex actions of network intruders. In regards to detection, threats found
case-by-case present as autonomous and predictable threats, dealt with
formulaically to stop the intrusion. Given to the forthcoming information, the
threats remain unto themselves human.
The book’s
subtitle, “Controlling the Human Element of Security” is a certainty to the
narrative, from personal confessions to common threats, a good handbook to moral
legality in a growing network, formal it continues to educate the reader to the
shocking industrious nature of a hacker, eventually telling that threats from
within a company are as viable as from without. Commonly the book paints the
same pictures as do today’s spy movies, wherein patient thieves wait for the
time to strike, using falsified data and pretenses, under the auspices of
professional courtesy. Before explaining how to be suspicious in each scenario,
each life lesson styled chapter stresses the importance of security through
secrecy in the aspects of personal info, passwords, badges, etc.
It’s not
exactly the most informative of books for a student with a degree in computer
sciences, but does discuss many techniques and insights, the balanced views of
hacker and security professional give the book weight, and the depth of hacker
profiling compartmentalized by chapter gives an interesting twist to an
otherwise textbook. In attempts to leave little to the imagination a descent
compilation of hacker events and social engineering crimes are presented in an
entertaining book that deserves a second read, but not a third, worthy of
recommendation to the generation prior to millennials, and moderate approval
among them, given that the examples are plausible hypothetical.
Not to spoil the finer points of
anarchy the book reveals, some favorite points included beating speeding tickets
with a holiday, bypassing a rotating password with inclement weather, top-level
clearance with a fake persona, and gaining restricted access by exploiting kindness,
among many other hacker exploits. It is a very ‘spy-world’ book that enlightens
obvious circumventions unknown to the average well-mannered individual and goes
as far to explain why a person becomes victim in each scenario, thus making the
book fairly useful to modern corporate interests.
~