LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Announcements page

Recent Features

KSM runs into patent trouble

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

"Network Security Assessment" Released by O'Reilly

[Posted April 12, 2004 by cook]

From:  "Kathryn Barrett" <kathrynb-AT-oreilly.com>
To:  lwn-AT-lwn.net
Subject:  "Network Security Assessment" Released by O'Reilly
Date:  Wed, 07 Apr 2004 15:11:11 -0700

For Immediate Release
For more information, a review copy, cover art, or an interview with
the author, contact:
Kathryn Barrett (707) 827-7094 or kathrynb@oreilly.com
	
Security through Attack: Know Your Network
O'Reilly Releases "Network Security Assessment"

Sebastopol, CA--An increasingly popular approach to network security is to
think like the bad guys: by understanding the methods and motivations of
those who attempt to penetrate your defenses, you'll be better able to
withstand their assault. Unfortunately, most network administrators merely
poke at their systems in a haphazard fashion.  With a constant barrage of
techniques used to compromise both Windows and Unix-based systems--and no
end to the ingenuity and determination of those who employ them--keeping
current with the latest modes of attack is just another responsibility a
network administrator juggles.  Short of becoming a security expert (if
that luxury were possible), what can you do to ensure the safety of your
systems?

"Network Security Assessment" (O'Reilly, US $39.95) by
former-teen-hacker-turned-security-analyst Chris McNab provides a
methodical approach to identifying and assessing the risks in computer
networks. Using steps laid out by professional security analysts and
consultants to identify and assess risks, the book offers an efficient
testing model that network administrators can adopt, refine, and reuse to
create defensive strategies to protect their systems from the threats that
are out there, as well as those still being developed.

The book focuses on a single area of network security in detail: that of
undertaking IP-based network security assessment in a structured and
logical way. "Assessment is the first step any organization should take to
start managing information risks correctly," says McNab. Over the last
five years, McNab has achieved a one hundred percent success rate in
compromising the networks of financial services companies and
multinational corporations. With "Network Security Assessment," McNab
hopes to use his expertise to help others by clearly defining an effective
best practice network assessment methodology.

"By assessing your networks in the same way a determined attacker does,
you can take a more proactive approach to risk management," McNab notes.
"Throughout this book there are bulleted checklists of countermeasures to
help you devise a clear technical strategy and fortify your environments
at the network and application levels."

This thorough and insightful guide begins by introducing the tools
attackers use and quickly moves through the various ways an attacker can
learn about the vulnerabilities in your network.  The bulk of the book
examines the components of your network, the different services you run,
and how they can be attacked. Some of the topics covered are:

-Tools that perform assessment
-Testing common services such as SSH, DNS, and LDAP
-Testing Microsoft Windows services, including NetBIOS, CIFS, and RPC
-Testing web applications running on Apache and Microsoft IIS
-Database service assessment for Oracle, SQL Server, and MySQL
-Assessing VPN services, including IPsec, FWZ, and PPTP
-Application risks
-Risk mitigation information and strategies, including checklists

"Network Security Assessment" is written in line with the most important
assessment standards used by the US and UK governments, respectively, for
critical national infrastructure testing and assurance: USA NSA IAM and UK
CSEG CHECK. Network administrators who need to develop and implement a
security assessment program will find everything they're looking for in
this time-saving new book--a proven, expert-tested methodology on which to
base their own comprehensive program.

Additional Resources:

Chapter 4, "IP Network Scanning," is available online at:
http://www.oreilly.com/catalog/networksa/chapter/index.html

For more information about the book, including table of contents, index,
author bio, and samples, see:
http://www.oreilly.com/catalog/networksa/

For a cover graphic in JPEG format, go to:
ftp://ftp.ora.com/pub/graphics/book_covers/hi-res/059600611x.jpg

Network Security Assessment
Chris McNab
ISBN 0-596-00611-X, 507 pages, $39.95 US, $57.95 CA
order@oreilly.com
1-800-998-9938
1-707-827-7000
http://www.oreilly.com

About O'Reilly
O'Reilly & Associates is the premier information source for leading-edge
computer technologies. The company's books, conferences, and web sites
bring to light the knowledge of technology innovators. O'Reilly books,
known for the animals on their covers, occupy a treasured place on the
shelves of the developers building the next generation of software.
O'Reilly conferences and summits bring alpha geeks and forward-thinking
business leaders together to shape the revolutionary ideas that spark new
industries. From the Internet to XML, open source, .NET, Java, and web
services, O'Reilly puts technologies on the map. For more information:
http://www.oreilly.com

# # #

O'Reilly is a registered trademark of O'Reilly Media, Inc. All other
trademarks are property of their respective owners.
(Log in to post comments)

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds