Silence On The Wire rises head and shoulders above other security-related titles with which it may well share shelf-space. Purportedly dealing with reconnaisance and indirect attacks, this title offers a thrilling, low-level introduction to all manner of security issues, with an emphasis on core knowledge. Rather than offering bland practical tutorials, Silence breaks the mould for such titles, in presenting intriguing methodologies, anecdotes and essential background.

Indeed, early chapters, which explain the real basic matter of contemporary computing with reference both to Turing's work and a hypothetical wooden computer, form an essential introduction for anyone remotely involved or interested in computation. And rather than drily detailing exploits, author Michal Zalewski shares his compelling skillset and readily communicates the Sherlock-like delight in his subject matter. In his hands computer and networked security issues become as thrilling and in the end as pleasing as any shorter work of Conan Doyles. Indeed, material is both highly readable and intriguingly photogenic. Visualisations of PRNG (Pseudo Random Number Generators) under various OSes expose both ideas and aesthetics.

Silence On The Wire attempts to address the entire life cycle of any piece of data, from the first keypresses moulding that information and content, through the application itself at all levels of abstraction, through OS, routers and wider Internet. Rarer vulnerabilities are addressed at each stage and numerous intriguing by-ways are explored. Leaving oft-covered exploits to others means that Zalewski can choose to concentrate on the more exciting and unusual attacks, which nevertheless reveal a good deal about security and systems.

Silence is a tough work to pin down in this respect, and at times, with numerous chapters, it does tend to lose its bite. And with nevertheless good material culled from the author's work for Phrack, the esteemed hacker/cracker journal, it does often seem that Silence was written at speed. And not all will warm to Zalewski's somewhat flowery and overwrought style which can prove distinctly tiresome at times and does present perhaps the only flaw in this otherwise crystalline and complex work. Yet this wayward, not to say picaresque journey, which throws in fascinating explanations of keystroke timing exploits, blinkenlights snooping and parasitic computing, says far more about security issues than any simple catalogue of attacks, remedies and techniques. Silence digs deep into every aspect of networking, well exposed with practical anecdotes and indeed examples for further work, coding and study. In the context of passive fingerprinting, the Internet Protocol (IP) and Transmission Control Protocol (TCP) packets are well dissected, even for networking beginners, and Zalewski rightfully assumes no prior knowledge, relying purely on the reader's intelligence.

It's hard to find a work to compare with Silence in any field of computational study, let alone security, and with good pointers to further reference works there's much to be gained from each chapter. Material covering so-called black-hole monitoring, observing and analyzing unsolicited packets stands out as being of particular note, alongside other chapters which well stress essential analysis of network and packet flaws. Exposing the net as a vast field for detective work should spur on many to dig deeper into essential security.

Author: Michal Zalewski
Publisher: No Starch Press
ISBN: 1593270461

Review by Martin Howse