Slashdot Mirror
Assessing Network Security
Assessing Network Security starts with a nice overview of key principles of security (definitely not news for industry practitioners, but nice anyway), and then goes on to defines vulnerability assessment, penetration testing and security audit. A critically important section on reporting the findings is also nicely written, and shows that the authors are knowledgeable, and interested in showing a complete security process rather than just the looking-for-leaks part.
The authors then go into developing and maintaining pentesting skills, including advice on choosing training and resources (nice for those starting in the field). The actual pentesting process is split into non-intrusive (combining the usual "intelligence gathering" with port scans, sweeps and various host queries) and intrusive tests (such as running a vulnerability scanner, brute-forcing passwords, DoS testing and others). Some entries seem to belong in both categories (such as sniffing) but are placed into the intrusive section, for whatever reason. Up-to-date content (wireless, Bluetooth and web assessment, for instance) is well represented.
The authors also include a fairly insightful social engineering testing section (touching on dumpster diving and other non-network assessment methods). My favorite chapter was the one presenting various case studies - examples of specific threats/tests against Web, email, VPN and domain controller systems.
Among other features that I liked in Assessing Network Security were 'notes from the field' sidebars with fun stories related by authors, and FAQs at the end of each section. On the down side, the book is somewhat Windows-focused (although it is amazingly vendor-neutral in most respects, considering the source). The book is also somewhat dry, although the sidebars provide some needed relief when the text gets too process-oriented at times.
Assessing Network Security is largely about methodology, but I'd have preferred to see a bit more technical content, since it is a 600-page volume. I think the checklists present in the Appendix are a great step in that direction.
Overall, I enjoyed the book and think it is both a great guide and a reference for most security professionals, especially for those starting to be involved with penetration testing.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Security Strategist with a security information management company and maintains the security portal info-secure.org. He wrote Security Warrior and contributed to Know Your Enemy, 2nd Edition . You can purchase Assessing Network Security from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.
is that a euphamism for 'the most boring book to hit the world since Inside OLE2?'
I never got more than a quarter of the way through that, i fell asleep every time i tried to pick it up.
i saw internal MS OLE training i saw Kraig Brockshmit did back in about 95 - jesus it was boring. we are talking boredom in an entirely new area of bordem till then undiscovered by man
"...On the down side, the book is somewhat Windows-focused..."
Not to be an ass, but so are most computers.
Maybe I'm missing something, but when did M$ OS become a network OS? I haven't seen any winblows routers or switches? The book should be Windows Penetration testing, and to fix that problem, just press the off button. I get sick and tired of hearing M@ included in the same sentence as network. It's a stinking OS, not a router. M@ couldn't compete with Cisco, Juniper, etc...
Seriously though, this book is written by three Microsoft security researchers, I guess that said enough.
Assumption is the mother of all fuck-ups. You consider the security researchers incompetent because they are (or were) part of the Microsoft team?
So, because some Linux kernel coders make mistakes which lead to 'r00t3d' boxes, all Linux kernel coders are incompetent?
I think you're thinking a little bit simplistic here.
In need of reliable and affordable server monitoring?
Yeah, my Cisco 6509 and Checkpoint Firewall are running Windows...
This sig is the express property of someone.
With all these folks pointing out the funny irony of all this, I'm here with what I think are valid questions --
What's up with creating an inherently insecure system and selling a book on security? Shouldn't they use that same advice to create better products? Almost like the conspiracy theory of making someone ill and then selling them the cure.
Maybe the book brings up interesting points and great ideas...but it's like asking me to believe everything Baghdad Bob said.
Ben Smith (one of the authors) is also actively involved in Microsoft's private trainer newsgroups, and has always been a good source of information for security related questions that are way, way out of what "the theory" is normally limited to.
The utility of the book comes from not just spreading the word about security, but having to do so in forums and formats that require it to be relevant, useable and correct.
As a security consultant and trainer myself I can attest to the gap between theory and practice and the need to put security issues in to terms that are able to be applied in the real world.
Comments above that assume that just because someone works for Microsoft, they don't know how things work in reality are generalisations made out of ignorance or jealousy. This book is a good example that the truth about Microsoft employees, like security, is often misunderstood.
it's really too bad that microsoft classified port scanning tools (nmap) as "attack tools."e p/0002.html
http://seclists.org/lists/nmap-hackers/2004/Jul-S