|
||||||||||||||||||||
|
||||||||||||||||||||
|
||||||||||||||||||||
Nessus Network Auditing (Jay Beale's Open Source Security)
und über 1 Million weitere Bücher verfügbar für Amazon Kindle .
Erfahren Sie mehr
| ||||||||||||||||||||
|
Dieses Buch gibt es in einer neuen Auflage:
|
Produktinformation
|
Produktbeschreibungen
Kurzbeschreibung
This book focuses on installing, configuring and optimizing Nessus, which is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems.
As with many open source programs, Nessus is incredibly popular, incredibly powerful, and incredibly under-documented. There are many Web sites (including nessus.org) where thousands of users congregate to share tips, tricks, and hints, yet no single, comprehensive resource exists. This book, written by Nessus lead developers, will document all facets of deploying Nessus on a production network. -- Dieser Text bezieht sich auf eine andere Ausgabe: Taschenbuch .
Synopsis
This book focuses on installing, configuring and optimizing Nessus, which is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems. As with many open source programs, Nessus is incredibly popular, incredibly powerful, and incredibly under-documented. There are many Web sites (including nessus.org) where thousands of users congregate to share tips, tricks, and hints, yet no single, comprehensive resource exists.This book, written by Nessus lead developers, will document all facets of deploying Nessus on a production network. Nessus is the premier Open Source vulnerability assessment tool, and was recently voted the "most popular" open source security tool of any kind. This is the first book available on Nessus and it is written by the world's premier Nessus developers led by the creator of Nessus, Renaud Deraison. The dramatic success of Syngress' "Snort 2.0Intrusion Detection" clearly illustrates the strong demand for books that offer comprehensive documentation of Open Source security tools that are otherwise undocumented.
In diesem Buch
(Mehr dazu)
Einleitungssatz
In the war zone that is the modern Internet, manually reviewing each networked system for security flaws is no longer feasible. Lesen Sie die erste Seite
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis
In the war zone that is the modern Internet, manually reviewing each networked system for security flaws is no longer feasible. Lesen Sie die erste Seite
Mehr entdecken
Wortanzeiger
Ausgewählte Seiten ansehenWortanzeiger
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis
Tags(Was ist das?)Bei einem Tag handelt es sich um ein Schlagwort, das zum Produkt passt.
Tags erleichtern allen Kunden die Suche und die Sortierung ihrer Lieblingsprodukte. |
Kundenrezensionen
Es gibt noch keine Kundenrezensionen auf Amazon.de
5 Sterne
4 Sterne
3 Sterne
2 Sterne
1 Sterne
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com:
12 Rezensionen
9 von 9 Kunden fanden die folgende Rezension hilfreich
Long overdue but worth the wait
6. Dezember 2004
Format:Taschenbuch
'Nessus Network Auditing' (NNA) is the definitive (and only) guide to the Nessus open source vulnerability assessment tool. I recommend all security professionals read this book. You may start as a Nessus user, but the book will help you become part of the Nessus community.
NNA features twelve contributors, but it doesn't suffer the fate of other books with similar high author counts. NNA manages to present fairly original material in each chapter, without a lot of overlap. I credit the lead authors and editors for keeping the contributors on track. They could have reduced the number of crashing printer stories, however.
Several chapters stood out from the others. Ch 1 explains the need for conducting vulnerability assessment. Ch 3 makes a good case for always installing from source code and not trusting precompiled binaries. Chs 8 and 9 deliver real value with insights into Nessus internals, such as scanning architecture and the Nessus Knowledge Base. Ch 10 presents crude albeit workable ways to measure bandwidth to alleviate loads caused by scans. Ch 11 is an excellent rationale for the Nessus Attack Scripting Language (NASL) written by Nessus' creator. I would have liked to have seen an appendix based on an actual (perhaps sanitized) scan, showing how a security admin selected tests, ran the scan, and validated results.
NNA suffers a few problems. A few typos are present, but nothing that distracts from the book's content. I did find the ch 4 author's mention of the TCP "triple handshake" to be odd. While not wrong, this process is usually called the "three-way handshake." The screenshots in appendix B are of poor quality and should be replaced in future editions.
Note that the Nessus version used in NNA varies from 2.0.9 to 2.0.10a, and the current edition is 2.2.0. Version creep is part of every technical book, and did not make a big difference at this point. When Nessus 2.4 is released, watch for the adoption of the new BOSS GUI to clearly alter the face of the Nessus interface.
Overall, NNA is an excellent technical resource for anyone charged with auditing network security. I have a greater appreciation for the Nessus architecture and its ability to do more in-depth host checks. Motivated readers can use this book to learn how to write their own NASL scripts and effectively deploy a distributed scanning architecture.
NNA features twelve contributors, but it doesn't suffer the fate of other books with similar high author counts. NNA manages to present fairly original material in each chapter, without a lot of overlap. I credit the lead authors and editors for keeping the contributors on track. They could have reduced the number of crashing printer stories, however.
Several chapters stood out from the others. Ch 1 explains the need for conducting vulnerability assessment. Ch 3 makes a good case for always installing from source code and not trusting precompiled binaries. Chs 8 and 9 deliver real value with insights into Nessus internals, such as scanning architecture and the Nessus Knowledge Base. Ch 10 presents crude albeit workable ways to measure bandwidth to alleviate loads caused by scans. Ch 11 is an excellent rationale for the Nessus Attack Scripting Language (NASL) written by Nessus' creator. I would have liked to have seen an appendix based on an actual (perhaps sanitized) scan, showing how a security admin selected tests, ran the scan, and validated results.
NNA suffers a few problems. A few typos are present, but nothing that distracts from the book's content. I did find the ch 4 author's mention of the TCP "triple handshake" to be odd. While not wrong, this process is usually called the "three-way handshake." The screenshots in appendix B are of poor quality and should be replaced in future editions.
Note that the Nessus version used in NNA varies from 2.0.9 to 2.0.10a, and the current edition is 2.2.0. Version creep is part of every technical book, and did not make a big difference at this point. When Nessus 2.4 is released, watch for the adoption of the new BOSS GUI to clearly alter the face of the Nessus interface.
Overall, NNA is an excellent technical resource for anyone charged with auditing network security. I have a greater appreciation for the Nessus architecture and its ability to do more in-depth host checks. Motivated readers can use this book to learn how to write their own NASL scripts and effectively deploy a distributed scanning architecture.
7 von 7 Kunden fanden die folgende Rezension hilfreich
Invaluable content best suited for infrastructure use
19. Dezember 2004
Format:Taschenbuch
If you are, or are considering, using Nessus in a wide-scale/enterprise scanning infrastructure you will likely find everything you need to know in this book. If you are, or are considering, using Nessus for ad-hoc assessments (or penetration tests), this book will indeed provide a lot of valuable information but at a price: you'll have to read the whole thing to glean all the useful tips and you'll end up spending a lot of time getting intimately familiar with what's probably going to be just one of very many tools in your toolbox, getting only a fraction of your attention in each assessment. If you're new to vulnerability assessment or penetration testing (not just to Nessus) you should really read a few other books first, even though this one does contain some useful info on testing in general, for example, how to identify false positives and negatives.
There's a lot of good content but it tends to be all over the place--numerous sidebars and tables throughout are usually in context but could also have been placed elsewhere. The style, however, seems fairly consistent considering the book had 10 contributing authors and three editors, one of which is the creator of the subject of the book. Unfortunately Jay Beale, whose name appears prominantly on the cover, is merely an editor--a shame since I typically find his articles in Information Security magazine well-written and informative.
There are a just a couple downsides to this book. Like several other current Syngress titles it suffers from poor quality printing and paper with some very tiny and/or fuzzy screen shots, large print, and lack of whitespace--making it a little hard on the eyes. It also really would have been nice if it had included a CD with the current version of Nessus on it, since that's what the book's about after all.
There's a lot of good content but it tends to be all over the place--numerous sidebars and tables throughout are usually in context but could also have been placed elsewhere. The style, however, seems fairly consistent considering the book had 10 contributing authors and three editors, one of which is the creator of the subject of the book. Unfortunately Jay Beale, whose name appears prominantly on the cover, is merely an editor--a shame since I typically find his articles in Information Security magazine well-written and informative.
There are a just a couple downsides to this book. Like several other current Syngress titles it suffers from poor quality printing and paper with some very tiny and/or fuzzy screen shots, large print, and lack of whitespace--making it a little hard on the eyes. It also really would have been nice if it had included a CD with the current version of Nessus on it, since that's what the book's about after all.
7 von 7 Kunden fanden die folgende Rezension hilfreich
a MUST read for all IT Security Engineers!
21. Oktober 2004
Format:Taschenbuch
I must admit, as a Nessus user for many many years now, I was excited to hear that a publication was finally becoming available on Nessus (isn't one astonished of how many actual Cisco/Microsoft/Java books exist). However, I was "pensive at best" when it came to actually purchasing a book that "appeared" to simply convey how to install/configure/run this award-winning IT Security tool.
To my pleasant surprise, the very evening I purchased the book, I found myself unable to put this book down, and in fact, stayed up nearly all night reading the entire thing. My overall rating? The best investment I'd spent for an IT Security book in several years. Hands down!
Thankfully, only about 1/3 of the book is spent on install/configure/running the product, the other 2/3rds of the publication convey keen insights surrounding the ins and outs of vulnerability assessments.
I submit that all IT Security Engineers should spent the money and time gaining "keen insights and perspectives" of Renaud Deraison, unquestionably a pioneer in the history of IT Security. True, a vulnerability assessment is only one (yet key) piece of the entire "Security Puzzle", nevertheless, if your job carries the title CISSP/CISM, and you're involved with IT Security (regardless of whether or not your vulnerability assessment tool du jour is Nessus or not) your understanding surrounding vulnerability assessments isn't complete til you've peered into the "Mind's eye" of Mr. Deraison.
Clearly, in the annals of IT Security, history will render him a Pioneer in the journey of protecting an organizations IT assets.
To my pleasant surprise, the very evening I purchased the book, I found myself unable to put this book down, and in fact, stayed up nearly all night reading the entire thing. My overall rating? The best investment I'd spent for an IT Security book in several years. Hands down!
Thankfully, only about 1/3 of the book is spent on install/configure/running the product, the other 2/3rds of the publication convey keen insights surrounding the ins and outs of vulnerability assessments.
I submit that all IT Security Engineers should spent the money and time gaining "keen insights and perspectives" of Renaud Deraison, unquestionably a pioneer in the history of IT Security. True, a vulnerability assessment is only one (yet key) piece of the entire "Security Puzzle", nevertheless, if your job carries the title CISSP/CISM, and you're involved with IT Security (regardless of whether or not your vulnerability assessment tool du jour is Nessus or not) your understanding surrounding vulnerability assessments isn't complete til you've peered into the "Mind's eye" of Mr. Deraison.
Clearly, in the annals of IT Security, history will render him a Pioneer in the journey of protecting an organizations IT assets.
Waren diese Rezensionen hilfreich?
Wir wollen von Ihnen hören.
Kunden diskutieren
|
Das Forum zu diesem Produkt
Fragen stellen, Meinungen austauschen, Einblicke gewinnen Aktive Diskussionen in ähnlichen Foren
Kundendiskussionen durchsuchen
|
Ähnliche Foren
|
||||||||||||||||||||||||||||||||||
Lieblingslisten
Ähnliche Artikel finden
- Fremdsprachige Bücher > Computer & Internet > Betriebssysteme > Linux
- Fremdsprachige Bücher > Computer & Internet > Betriebssysteme > Unix
- Fremdsprachige Bücher > Computer & Internet > Netzwerke > Heimnetzwerke
- Fremdsprachige Bücher > Computer & Internet > Netzwerke > Intranet & Extranet
- Fremdsprachige Bücher > Computer & Internet > Netzwerke > Netzwerke, Protokolle & APIs
- Fremdsprachige Bücher > Computer & Internet > Sicherheit & Verschlüsselung
Anhand des Sachgebietes nach ähnlichen Produkten suchen:
Ihr Kommentar
Möchten Sie die Produktinformationen aktualisieren oder Feedback zu den Produktabbildungen geben?
