Skip to Main Content
Network Security Assessment, 2nd Edition
book

Network Security Assessment, 2nd Edition

by Chris McNab
November 2007
Intermediate to advanced content levelIntermediate to advanced
504 pages
13h 21m
English
O'Reilly Media, Inc.
Content preview from Network Security Assessment, 2nd Edition

Preface

It is never impossible for a hacker to break into a computer system, only improbable.

Computer hackers routinely break into corporate, military, online banking, and other networked environments. Even in 2007, as I am writing this second edition of Network Security Assessment, I still perform incident response work in these sectors. As systems generally become more secure, the methods used by these attackers are becoming more advanced, involving intricate repositioning, social engineering, physical compromise (stealing disks from servers or installing rogue wireless access points), and use of specific zero-day exploits to attack peripheral software components such as antivirus or backup solutions that are widely deployed internally within corporate networks.

By the same token, you would expect professional security consultants to be testing for these types of issues. In the vast majority of cases they are not. I know this because at Matta we run a program called Sentinel, which involves testing security assessment vendors for companies in the financial services sector. The Sentinel platform contains a number of vulnerable systems, and vendors are scored based on the vulnerabilities they identify and report.

Since 2004, Matta has processed nearly 30 global penetration testing vendors using Sentinel. In a recent test involving 10 testing providers, we found the following:

  • Two vendors failed to scan all 65536 TCP ports

  • Five vendors failed to report the publicly accessible MySQL service ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Network Security Assessment, 3rd Edition

Network Security Assessment, 3rd Edition

Chris McNab
Cyber Security and Network Security

Cyber Security and Network Security

Sabyasachi Pramanik, Debabrata Samanta, M. Vinay, Abhijit Guha
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596510305Supplemental ContentErrata Page