• Alle Preisangaben inkl. MwSt.
Nur noch 1 auf Lager (mehr ist unterwegs).
Verkauf und Versand durch Amazon.
Geschenkverpackung verfügbar.
Network Security Evaluati... ist in Ihrem Einkaufwagen hinzugefügt worden
+ EUR 3,00 Versandkosten
Gebraucht: Gut | Details
Verkauft von Deal DE
Zustand: Gebraucht: Gut
Kommentar: Dieses Buch ist in gutem, sauberen Zustand. Seiten und Einband sind intakt.
Möchten Sie verkaufen?
Zur Rückseite klappen Zur Vorderseite klappen
Anhören Wird wiedergegeben... Angehalten   Sie hören eine Probe der Audible-Audioausgabe.
Weitere Informationen
Dieses Bild anzeigen

Network Security Evaluation Using the NSA IEM. (Syngress Media) (Englisch) Taschenbuch – 26. August 2005

Alle 2 Formate und Ausgaben anzeigen Andere Formate und Ausgaben ausblenden
Amazon-Preis Neu ab Gebraucht ab
Kindle Edition
"Bitte wiederholen"
"Bitte wiederholen"
EUR 51,31
EUR 47,24 EUR 17,29
6 neu ab EUR 47,24 8 gebraucht ab EUR 17,29
EUR 51,31 Kostenlose Lieferung. Nur noch 1 auf Lager (mehr ist unterwegs). Verkauf und Versand durch Amazon. Geschenkverpackung verfügbar.
Jeder kann Kindle Bücher lesen — selbst ohne ein Kindle-Gerät — mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.




"Network Security Evaluation" provides a methodology for conducting technical security evaluations of all the critical components of a target network. The book describes how the methodology evolved and how to define the proper scope of an evaluation, including the consideration of legal issues that may arise during the evaluation. More detailed information is given in later chapters about the core technical processes that need to occur to ensure a comprehensive understanding of the networks security posture. Ten baseline areas for evaluation are covered in detail.The tools and examples detailed within this book include both Freeware and Commercial tools that provide a detailed analysis of security vulnerabilities on the target network. The book ends with guidance on the creation of customer roadmaps to better security and recommendations on the format and delivery of the final report. There is no other book currently on the market that covers the National Security Agency's recommended methodology for conducting technical security evaluations. The authors are well known in the industry for their work in developing and deploying network security evaluations using the NSA IEM.

The authors also developed the NSA's training class on this methodology.

Über den Autor und weitere Mitwirkende

Russ Rogers (CISSP, CISM, IAM, IEM, Hon. Sc.D.), author of the popular "Hacking a Terror Network: The Silent Threat of Covert Channels" (Syngress, ISBN: 978-1-928994-98-5), co-author of multiple books, including the best-selling "Stealing the Network: How to Own a Continent" (Syngress, ISBN: 978-1-931836-05-0) and "Network Security Evaluation Using the NSA IEM" (Syngress, ISBN: 978-1-59749-035-1), and former editor-in-chief of The Security Journal, is currently a penetration tester for a federal agency and the co-founder and chief executive officer of Peak Security, Inc., a veteran-owned small business based in Colorado Springs, CO. Russ has been involved in information technology since 1980 and has spent the past 20 years working as both an IT and InfoSec consultant. Russ has worked with the U.S. Air Force (USAF), National Security Agency (NSA), Defense Information Systems Agency (DISA), and other federal agencies. He is a globally renowned security expert, speaker, and author who has presented at conferences around the world in Amsterdam, Tokyo, Singapore, S o Paulo, Abu Dhabi, and cities all over the United States. Russ has an honorary doctorate of science in information technology from the University of Advancing Technology, a master's degree in computer systems management from the University of Maryland, a bachelor of science degree in computer information systems from the University of Maryland, and an associate's degree in applied communications technology from the Community College of the Air Force. He is a member of ISSA and (ISC)2 (CISSP). Russ also teaches at and fills the role of professor of network security for the University of Advancing Technology (www.uat.edu). Greg Miles,(Ph.D., CISSP#24431, CISM#0300338, IAM, IEM)is the President, and Chief Financial Officer of Security Horizon, Inc. Security Horizon is a Global, Veteran-Owned Small Business headquartered in Colorado Springs, Colorado.

In diesem Buch (Mehr dazu)
Mehr entdecken
Ausgewählte Seiten ansehen
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis
Hier reinlesen und suchen:


Es gibt noch keine Kundenrezensionen auf Amazon.de
5 Sterne
4 Sterne
3 Sterne
2 Sterne
1 Sterne

Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)

Amazon.com: 1 Rezension
9 von 9 Kunden fanden die folgende Rezension hilfreich
Very helpful, but perhaps not for reasons you expect 9. August 2005
Von Richard Bejtlich - Veröffentlicht auf Amazon.com
Format: Taschenbuch
I am a security consultant in the DC area, so I have heard the NSA IAM and IEM terms bandied about the Beltway. I read Network Security Evaluation Using the NSA IEM (NSE) to get a better understanding of the IEM side of the equation. I found the business process coverage of this book helpful, along with the general understanding of the goals of the IAM and IEM. For these two reasons you may find NSE helpful too.

The Prologue, ch 1, ch 2, and Part I (which oddly begins with ch 3 and ends with ch 6) occupies about 40% of the book. None of the material is technical, but it helps the reader understand why the NSA IAM and IEM exist, how the methodologies help clients, and what you as a security consultant owe clients when providing an IEM-centric service. These business issues, which largely sit outside the NSA's purview, are very helpful for those of us trying to provide good services to clients. I found contracting advice in ch 2 to be especially useful. Warnings about scope creep, salespeople over-promising, and setting expectations all rang true. I also liked the legal section (ch 5), but I wished it had avoided trotting out the tiresome links to "cyber terror"; cut pages 100-103 in the second edition! I did learn a critical legal lesson, however: consultants should avoid even the pretense of interpreting laws like SOX or HIPPA when advising clients. This could be misconstrued as "practicing law," which is illegal without a license!

Part II discusses "on-site" evaluation issues, which for ch 8-10 means discussing tools to accomplish the ten IEM baseline activities. These tool sections were fairly generic, and anyone with decent security experience will not learn anything new. One exception for me was Ophcrack, a recent password cracker. Ch 9 boasted of getting Unix-centric Nessus to run on Windows using Cygwin, but disappointed by providing no further details. Ch 10 mentions network protocol analysis as the tenth IEM baseline activity, but has nothing helpful to say besides mentioning running Ethereal or EtherPeek. If the purpose of protocol analysis is discovering insecure protocols or cleartext passwords, avoid Ethereal -- run a password grabber like dsniff or similar.

Part III addresses tasks done in the post-evaluation phase, like report-writing and delivery. Some of the material is superfluous and preachy, e.g. p 316 "Knowledge is individualistic. It is inherent to individuals and is acquired through the natural process of experience and learning." Ch 14 finally displays the 17 IAM (not IEM) categories, which had been alluded to in previous chapters but never explained (which would have been helpful for those unaware of the IAM). The sample Technical Evaluation Plan in Appendix B is a good way to provide concrete examples for IEM beginners.

I would like to see a second edition of NSE after an editor reads the entire book, as I just did. That editor should strive to remove as much extra and redundant information as possible. For example, there are sections repeated nearly word-for-word in ch 2 (p 40-43) and ch 4 (p 74-78). The risk triangle appears on p 246 and 383. CVE is introduced in ch 7 and again in ch 13. Calculating ROI is presented in ch 3 and again in the same words in ch 14. These duplications are the result of ten people contributing to a 400 page book.

Overall, I still recommend reading NSE. I return to the first 170 pages of the book for its best advice, such as entire chapter on scoping an engagement (ch 4). There are far too few security books that explain how to deliver a valuable service to a client. NSE addresses that issue in great detail, and for that reason I commend the authors.
Ist diese Rezension hilfreich? Wir wollen von Ihnen hören.