Skip to Main Content
Network Security Assessment, 2nd Edition
book

Network Security Assessment, 2nd Edition

by Chris McNab
November 2007
Intermediate to advanced content levelIntermediate to advanced
504 pages
13h 21m
English
O'Reilly Media, Inc.
Content preview from Network Security Assessment, 2nd Edition

Foreword

After managing the performance of over 20,000 infrastructure and applications penetration tests, I have come to realize the importance of technical testing and providing information security assurance.

This book accurately defines a pure technical assessment methodology, giving you the ability to gain a much deeper understanding of the threats, vulnerabilities, and exposures that modern public networks face. The purpose for conducting the tens of thousands of penetration tests during my 20+ years working in information systems security was “to identify technical vulnerabilities in the tested system in order to correct the vulnerability or mitigate any risk posed by it.” In my opinion, this is a clear, concise, and perfectly wrong reason to conduct penetration testing.

As you read this book, you will realize that vulnerabilities and exposures in most environments are due to poor system management, patches not installed in a timely fashion, weak password policy, poor access control, etc. Therefore, the principal reason and objective behind penetration testing should be to identify and correct the underlying systems management process failures that produced the vulnerability detected by the test. The most common of these systems management process failures exist in the following areas:

  • System software configuration

  • Applications software configuration

  • Software maintenance

  • User management and administration

Unfortunately, many IT security consultants provide detailed lists of specific ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Network Security Assessment, 3rd Edition

Network Security Assessment, 3rd Edition

Chris McNab
Cyber Security and Network Security

Cyber Security and Network Security

Sabyasachi Pramanik, Debabrata Samanta, M. Vinay, Abhijit Guha
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596510305Supplemental ContentErrata Page