BUY THIS BOOK
By Chris McNab
March 2004
Pages: 396
ISBN 10: 0-596-00611-X |
ISBN 13: 9780596006112
(Average of 7 Customer Reviews)
This book has been updated—the edition you're requesting is OUT OF PRINT. Please visit the catalog page of the latest edition.
The latest edition is also available on Safari Books Online.
Network Security Assessment offers an efficient testing model you can adopt, refine, and reuse to create proactive defensive strategies to protect your systems from the threats that are out there, as well as those still being developed. This thorough and insightful guide covers offensive technologies by grouping and analyzing them at a higher level--from both an offensive and defensive standpoint--helping administrators design and deploy networks that are immune to offensive exploits, tools, and scripts.
Full Description
There are hundreds--if not thousands--of techniques used to compromise both Windows and Unix-based systems. Malicious code and new exploit scripts are released on a daily basis, and each evolution becomes more and more sophisticated. Keeping up with the myriad of systems used by hackers in the wild is a formidable task, and scrambling to patch each potential vulnerability or address each new attack one-by-one is a bit like emptying the Atlantic with paper cup.
If you're a network administrator, the pressure is on you to defend your systems from attack. But short of devoting your life to becoming a security expert, what can you do to ensure the safety of your mission critical systems? Where do you start?
Using the steps laid out by professional security analysts and consultants to identify and assess risks, Network Security Assessment offers an efficient testing model that an administrator can adopt, refine, and reuse to create proactive defensive strategies to protect their systems from the threats that are out there, as well as those still being developed.
This thorough and insightful guide covers offensive technologies by grouping and analyzing them at a higher level--from both an offensive and defensive standpoint--helping administrators design and deploy networks that are immune to offensive exploits, tools, and scripts. Network administrators who need to develop and implement a security assessment program will find everything they're looking for--a proven, expert-tested methodology on which to base their own comprehensive program--in this time-saving new book.
Featured customer reviews
Very good indeed!, July 14 2005
Submitted by ruy_lopez [Respond | View]
Having now read [most of] this "controversial" book I can say I am pleased with the outcome.
The book's examples do tend to lean towards Linux users, with all but a few of the packages failing to configure or compile on my Mac OS 10.3.9 powerbook (its probably not impossible to get them all working). That said, the packages and codes I did manage to club together opened my eyes.
For instance I'd never have thought SSH could be subject to brute force attempts. So you can imagine how glad I was that I'd recently reviewed the use of password authorization in my SSH logins. Especially when I saw how easily "guess who" found some of the weak passes I set up to test it.
I don't want to put OS X users off this book because there's plenty for them to take home. Most of the scans and sweeps and X window exploits (I say most, when I mean practically all) failed to make a dent in my OS X setup. And if you use snort, even better. All of the stealth nmap scans were snort-logged and identified. And as far as Postfix is concerned; it boots "RCPT-brutes" off the login (not before, if I'm not mistaken, increasing the time between attempts, so that my user.txt only got through roughly 8-10 tries before grinding the brute to a halt).
The only thing to raise an eyebrow was Hydra's ease with pop3 but then most of you will only have 110 open for local traffic.
In summary then, an eye opening but reassuring experience for this Mac OS X user. This book compensates Mac OS X users for the lack of portability with confirmation that most of the common exploits and weaknesses bounce off the hood.
Experience speaks for itself!, December 17 2004
Rating:
Submitted by
James Ko, CISSP
[Respond | View]
This is a great book to have for those who are security practitioners.
While some may say this is very similar to those "hacking" books out on the market, I see a difference. One thing stands out is that the author provides a lot of his experience drawing from the field. He does not just talk about how to use the tools, he also goes into the reasons/depth behind why this is happening. For example, in the Windows Networking Services, I learned a lot about the Samba exploits and brute force password attacks. Another good example is the format string overflow, where the author provides a lot of pointers for further readings on the topic. Finally, the list of hacker sites listed in the Appendix comes in handy because there are tons of evil hacking tools (or treasures, depending how you look at it) out there that every security practitioners should know about to combat against these malicious hackers.
James Ko, CISSP
OAM & Security, Data Network Engineering
Network Security Assessment Review, March 13 2004
Rating:
Submitted by Steve McGrane
[Respond | View]
The sample chapter is definitive, covering all the right bases of network mapping and scanning techniques. I've preordered a copy, and think its great that someone with a past has written this (instead of others who have written very simple books aligned with SANS and other organizations). Can't wait to get this book in the post in the coming weeks!!
Network Security Assessment Review, March 11 2004
Rating:
Submitted by xavier mitchell
[Respond | View]
hmm,
I found the sample chapter pretty useful - perhaps I'm not as clever as some of the other people here.
is this a witch hunt? I'm not from USA, not read the *whole* book which hasn't been released yet, but looks to me like a lot of very excited people in US. yawn. I can't find the book on PDF to download. seems like a lot of talk. also labtekwon who are you? you can't find some guy on google - so its a conspiracy... hahah we make fun of people like you over here. I searched for your name, but couldn't find it. post some links to where you are mentioned - maybe you are all same person! I wish people just review the book, your comments are all worthless.
Network Security Assessment Review, March 07 2004
Rating:
Submitted by Shahid
[Respond | View]
Chris, I read the beta chapter and your book is a eye opener! I already preordered it and desparately waiting for its release. Keep up the good work and ignore the ignarant people.
Network Security Assessment Review, March 07 2004
Rating:
Submitted by Kyle
[Respond | View]
Just a note of clarification - the "reader review" referred to earlier was deleted because it contained an explicit call to violence and was not in fact a review of the book at all.
Network Security Assessment Review, March 06 2004
Rating:
Submitted by Chris McNab
[Respond | View]
Well it's 3:50am on Sunday morning, and I've been talking to Kyle and my editors about some character assassination attempts by an individual who seems hell-bent on branding me as a terrorist. What is funny to me, are the convictions and motives of this anonymous individual, who is part of the GOBBLES group, and responsible for similar character assassination attempts in the past (leading to Ryan Russell's dismissal from SecurityFocus.com, for example). ORA have provided me with a lot of support over this, and my book will be published.
In response to this individual's allegations, which contain some elements of truth, but a lot of incorrect details, I've put together an article for O'Reilly, titled The Journey From Poacher to Gamekeeper, which fully documents the truth of my career as a teenage hacker (from 1996-1999) and as a security consultant (from 2000 to present), including my membership of various groups, including Rhino9, and Masters of Downloading. This article is available for you to all read from Monday, in black and white, so that you can draw your own conclusions.
My book is not plagarised from the ISS Ethical Hacking PDF, which was co-incidentally written by one of my technical reviewers a number of years ago! Also, I have a number of personal and professional references from individuals in USA and UK government and law enforcement, so I can't see how I could possibly be a terrorist with this endorsement.
Anway, on to the book--It is a technical attack and penetration guide, written in line with UK (CESG CHECK) and USA (NSA IAM) testing standards. I use my experience from both sides of the fence to fully discuss all of the techniques used by blackhat attackers and security consultants alike, allowing readers to correctly fortify and protect their networks from attack into the future.
A number of technical reviewers from professional security consultancy companies, the US military, government, and other areas, have given glowing reviews, and provided me with some excellent insight into areas of improvement for the book. Hopefully, by reading the book itself (which is not distributed until March 19th), you can draw your own conclusions, and post an accurate review in your own words here.
Network Security Assessment Review, March 05 2004
Rating:
Submitted by Kyle
[Respond | View]
Considering the fact that this book has not yet left our warehouse, I'm suprised by the amount and vehemence of the criticism. I hope that when the book reaches a larger audience, we'll have an informed and spirited dialogue about its strengths and weaknesses.
For the reviewer who last read the manuscript while it was still being written (I wont comment on the "hacking Chris's system" part), I hope you'll try again now that the book is finished, considering that significant changes are made in a book as it is developed.
One more thing,
I think most folks who are familiar with O'Reilly know that supporting terrorism is not what we're all about...
Happy Friday.
Media reviews "Readers will find cogent explanations of the many tools used by hackers to break into systems. Even experienced penetration testers are likely to learn about new and useful tools...Penetration testers and network security administrators will find much to commend this book. Nontechnical readers will find that the author does an excellent job of explaining complex protocols, tools, and concepts."
--Steven Weil, "Security Assessment," April 2005
"This is a great book to have for those who are security practitioners. While some may say this is very similar to those "hacking" books out on the market, I see a difference. One thing stands out is that the author provides a lot of his experience drawing from the field. He does not just talk about how to use the tools, he also goes into the reasons/depth behind why this is happening."
--James Ko, Nortel Linux User Group, December 2004
"Overall, 'Network Security Assessment' provides a good framework for anyone who is serious about running network security scans to security his perimeter and interior networks. The book is written in a style that is readable and understandable style; while more of an introductory text, it does not treat the reader as a dummy...If you are looking for a to-the-point book that does not get bogged down with screen prints and meaningless hacker stories and myths, 'Network Security Assessment' is a good place to start."
Rating: 8/10
--Ben Rothke, Slashdot.org, September 2004
http://books.slashdot.org/books/04/09/09/178246.shtml?tid=192&tid=172&tid=185&tid=6
Read all reviews
- Table of Contents
- Index
- Sample Chapter
- Examples
- Colophon
- Register Your Book
- View/Submit Errata
- View/Submit Review
Got a Question?
 © 2008, O'Reilly Media, Inc. (707) 827-7000 / (800) 998-9938 All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. |
About O'Reilly Privacy Policy Contacts Authors Press Room Jobs User Groups Academic Solutions Newsletters Writing for O'Reilly RSS Feeds |
Other O'Reilly Sites O'Reilly Radar Ignite Tools of Change for Publishing Digital Media Inside iPhone O'Reilly FYI makezine.com craftzine.com hackszine.com perl.com xml.com |
Sponsored Sites Inside Aperture Inside Lightroom Inside Port 25 InsideRIA |