HackNotes Network Security Portable Reference 44
Hack Notes Network Security Portable Reference | |
author | Mike Horton and Clinton Mugge |
pages | 228 |
publisher | Osborne |
rating | 9 |
reviewer | Blaine Hilton |
ISBN | 0072227834 |
summary | A concise overview of network security |
It may sound like a problem that the book doesn't give all of the details, but if it did there is no way it could be a "Portable Reference". My favorite feature of the book is its small size. I can easily keep it in my laptop bag and reference it as needed. I can then use that as a springboard to look up more information such as man pages. It is important to understand though that one will not become a network security expert after reading this book alone.
The book starts off talking about the Asset and Risk Based INFOSEC Lifecycle Model (ARBIL). This is something that I've heard many times before, but the drawing of the process helped engrain that concept. It also visually demonstrates how security is not just a one-time activity, but a continual process that just keeps going. You analyze the system, find the weaknesses, fix them, and then start over again. In the same fashion the book covers the SMIRA risk assessment process in a highly graphic way.
The Network Security Portable Reference is for people who have access to and are very familiar with both *nix systems and Windows. Depending on what tool or commands they are using both systems are used throughout the references. The book gives a list of tools they think you need, and basically say go to the site to learn about it. If you want detailed information on how to use these tools then this is not the book for you.
The book goes over different security aspects for *nix and Windows machines, it also talks about how the network itself can be compromised, including wired networks, and wireless. The authors also go over web applications and older technology such as phone PBX systems.
The assessment checklist at the end of the book provides a great check to determine your network security baseline and see what areas need work. Along with the assessment checklist there is a list of best practices. However, they are in the front of the book and while I can vaguely understand the difference, it seems to me that they should be together. As I believe when auditing a network you would check if best practices were implemented along with the rest of the checklist.
Another odd layout issue in the book is what they call the Reference Center. This is an area in the middle of the book, with a separate numbering system and the first page in the table of contents. There is no mention as to what this Reference Center is until you flip through the book and find the blue pages in the middle that begin with page rc1.
As I've mentioned before this book is a great springboard that will help point you in the right direction for information. One of the ways the authors do this is by having a Reference Center in the middle of the book and quite a few appendixes in the back of the book, there is also an index which is helpful for quick look ups.
When doing consulting work I've found that using the checklist in this book is a great way to begin looking at a company's network security. I have used this on two networks so far and have found it helpful, it is much better then trying to remember to check everything that you can think of at any particular moment. I have also found the Open Source Security Testing Methodology Manual to be quite thorough.
You can purchase HackNotes Network Security Portable Reference from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.
Text of the article in case it get's /.'ed (Score:1, Funny)
Hack Notes Network Security Portable Reference
author
Mike Horton and Clinton Mugge
pages
228
publisher
Osborne
rating
9
reviewer
Blaine Hilton
ISBN
0072227834
summary
A concise overview of network security
It may sound like a problem that the book doesn't give all of the details, but if it did there is no way it could be a "Portable Reference". My favorite feature of the book is its small size. I can easily keep it in my laptop bag and re
My copy of this book was hacked (Score:2, Funny)
The reference guide is very good. (Score:5, Informative)
Re:The reference guide is very good. (Score:3, Insightful)
Common passwords? But password IS my password, what do you mean that's not secure?
It's laughable that anyone would need to run nmap on there OWN COMPUTERS, except maybe for mass scanning.. Never heard of NETSTAT or TCPVIEW?!
Good thing it's p
Re:The reference guide is very good. (Score:3, Insightful)
Re:The reference guide is very good. (Score:2)
ps- If you hook the TCP stack, how is nmap going to help you??!
- I CHECKSUM ALL MY
Re:The reference guide is very good. (Score:2)
Maybe you don't manage very many machines?
Bah (Score:5, Funny)
it is so wide open, all the hackers think it is a honeypot and just leave it alone. now that's security.
so... (Score:2, Funny)
Re:so... (Score:5, Funny)
But don't bother going there - I've pwned his box and I'm busy deleting his files as we speak. SuX0r!
=tkk
Re:so... (Score:1)
<ruffkin2> HAHAHAH dat dude you sent me 127.0.0.1 iz enfected wit sub7 im fuckin with him now
<andrw> oh good, format his computer
<Testicular_One> format his computer
<TheGreaterZero> format him
Re:Bah (Score:2, Informative)
Now, slackwares default install leaves you to log in as root with no password. Luckily virtually no networking gear works out of the box.
Re:Bah (Score:2)
Re:Bah (Score:2)
Re:Bah (Score:1)
You have an adminstrator password
Typos (Score:1)
Re:Typos (Score:2)
And you couldn't tell us?
Re:Choosing the right OS for strong network securi (Score:4, Informative)
Re:Choosing the right OS for strong network securi (Score:1)
Re:Choosing the right OS for strong network securi (Score:1)
Re:Choosing the right OS for strong network securi (Score:2)
OBTW: If you want a catchall OS, install DOS 5, with no xms memory drivers, no TCP (UDP only), and leave it ANSI only. That'll be more secure then anything I've seen recently (except Big Iron of course), and how many DOS virus are still "in the wild"?
Re:Choosing the right OS for strong network securi (Score:1)
Re:Choosing the right OS for strong network securi (Score:1)
Two issues (Score:4, Informative)
Legal: The law tends to steer much about security and defines, outside of the "market", what things are to be held of value and the penalties for not protecting these things. Different countries, different laws. "IT Security" means subtly different things according to your location. How -centric is this book? Would it be useful to me in the UK or EU?
Secondly, port lists. Above 1024, these change their primary meaning as new worms, bots and sploits emerge. I label ports as information becomes available, just to remind me what nasty is at the other end, and never mind what innocent app used it before. How useful / up to date is the trojan list in the book?
Just my 2 penn'orth.
Security (Score:1)