Press Release


Email. Email press release link

April 15, 2005

"Network Security Tools": Write, Hack, and Modify Open Source Security Tools

Sebastopol, CA--Each time a software vulnerability is discovered and announced, organizations that use the affected software have to rush to install vendor-issued patches before their networks are compromised. But vendors are often one step behind the announcement, and even casual attackers with few skills are able to launch assaults and compromise the networks of major corporations before the patch is installed. This makes it vital for anyone with hosts connected to the Internet to perform routine audits to detect unpatched remote vulnerabilities.

But how does one go about performing a thorough network assessment? According to Nitesh Dhanjani and Justin Clarke, authors of Network Security Tools (O'Reilly, US $34.95), most security books teach readers only how to use the out-of-the-box functionality provided by existing network security tools, which is often limited. "Malicious attackers are sophisticated enough to understand that the real power of the most popular network security tools doesn't lie in their out-of-the-box functionality, but in the framework that allows you to extend and tweak their functionality," explain Dhanjani and Clarke. "These sophisticated attackers also know how to quickly write their own tools to break into remote networks."

Although a security tool will occasionally do exactly what a network administrator wants, right out of the box, more frequently, it's necessary to customize the tool to fit the needs of the network structure. In Network Security Tools, Dhanjani and Clarke show network administrators how to use popular open source security assessment tools such as Ettercap, Hydra, Metasploit, Nessus, Nitkeo, and Nmap, and then customize them to defend against even the most experienced attackers.

While most security books focus on keeping networks and systems secure, Network Security Tools also provides information on determining vulnerabilities in web applications. "Historically, network and operating system-level vulnerabilities have been the sweet spot for attackers," Dhanjani and Clarke observe. "These days, though, hardened firewalls, patched systems, and secure server configurations make these vulnerabilities less desirable than web applications. By their nature, web applications are designed to be convenient for the end user, and security is either overlooked or built in as an afterthought."

Beginning with an overview of the popular open source security tools, the book discusses the common customizations and extensions for these tools. The first half of the book, "Modifying and Hacking Security Tools," provides overviews describing how the specific tool is used to test for vulnerabilities. It also explains how tools like port scanners, packet injectors, network sniffers, and web assessment tools function. Clear, step-by-step instructions show how to use both the plug-ins and code for security testing. The second half of the book, "Writing Network Security Tools," shows how to customize the open source assessment tools and write even more specialized attack and penetration tools. Topics covered include:

  • Writing customized network sniffers and packet injection tools
  • Writing plugins for Nesssus, Ettercap, and Nikto
  • Developing exploits for Metasploit
  • Performing code analysis for web applications
  • Writing kernel modules for security applications
  • Understanding rootkits
  • Network Security Tools takes an evenhanded and accessible approach--neither tediously academic nor overly sensational--allowing readers to review security problems quickly and implement new, practical solutions. In an age when security is crucial, this book is the resource every network administrator needs when locking down a network.

    Additional Resources:

    Network Security Tools
    Nitesh Dhanjani and Justin Clarke
    ISBN: 0-596-00794-9, 324 pages, $34.95 US, $48.95 CA
    order@oreilly.com
    1-800-998-9938; 1-707-827-7000

    About O'Reilly

    O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

    Return to: O'Reilly Press Room

    Recent Press Releases


    12/3/14 O'Reilly Media Announces New Event--Bitcoin & The Blockchain: An O'Reilly Radar Summit
    11/5/14 O'Reilly Media Acquires Video-Training Firm Infinite Skills
    10/7/14 O'Reilly and Cloudera Announce Expanded Partnership
    9/18/14 Databricks and O'Reilly Media Launch First Apache Spark Developer Certification Program
    8/4/14 O'Reilly Media Acquires Full Ownership of Safari Books Online

    Press Release Archive »

    Resources

    Press Contacts

    Corporate

    Sara Winge
    800/998-9938 x7109

    Media Relations - North America

    Sara Peyton
    800/998-9938 x7118

    Media Relations - Germany

    Corina Pahrmann
    +49-221-973160-22

    Media Relations - Japan

    Kenji Watari
    +81-3-3356-5227

    Media Relations - United Kingdom

    Helen Coding
    +44 (0)1252-721284

    Media Relations - Conferences

    Maureen Jennings
    800/998-9938 x7083