REVIEW: "Network Security Assessment", Chris McNab

BKNTSCAS.RVW 20040511

"Network Security Assessment", Chris McNab, 2004, 0-596-00611-X,
U$39.95/C$57.95
%A Chris McNab
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%D 2004
%G 0-596-00611-X
%I O'Reilly & Associates, Inc.
%O U$39.95/C$57.95 707-829-0515 fax: 707-829-0104
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%P 507 p.
%T "Network Security Assessment"

In general, "learn to hack in order to secure" books provide very
little useful material for helping security administrators to protect
their systems. McNab's work is somewhat different: his descriptions
(though not perfect) have a conceptual component, and the details
often use accessible system tools, rather than relying on blackhat
tools (of unknown reliability) or an extensive range of commercial
utilities.

Chapter one defines network security assessment somewhere between
vulnerability scanning and penetration testing, and outlines the
general campaign. A list of scanning tools, with very terse
descriptions, is in chapter two. The querying of public information,
using search engines and network information centres, is in chapter
three. Chapter four provides details on IP network scanning, although
the explanations are not always clear, seemingly missing particulars
or skipping steps. This lack of description is even more evident in
the material on remote information services (DNS - Domain Name
Services, SNMP - Simple Network Management Protocol, LDAP -
Lightweight Directory Access Protocol, and the like) in chapter five.

Chapter six provides content on obtaining information about a number
of Web utilities, products, and services, and lists a number of
specific exploits. Chapter seven gives advice on identifying and
exploiting specific terminal and terminal-like remote services. ftp
and database exploits are listed in chapter eight. Chapter nine
describes some tools for assessing and exploiting network (and
particularly SMB (Server Message Block) services in Windows NT and
2000. Gathering information from SMTP (Simple Mail Transfer Protocol)
is described in chapter ten, as well as a way to code MIME
(Multipurpose Internet Mail Extensions) fields in order to defeat
virus scanning on email. The exploits for VPN (Virtual Private
Network) products, in chapter eleven are product specific and
unstructured. Chapter twelve lists certain UNIX RPC (Remote Procedure
Call) bugs. The explanation of general overflow and overwriting
attacks in chapter thirteen provides thorough descriptions, but relies
unnecessarily on coded C language references rather than broader
explanations, reducing the conceptual clarity. Chapter fourteen
reviews a combination of some of the techniques listed earlier in the
book as an integrated attack example.

The material could be helpful to security instructors, and fascinating
for those interested in the topic, but may not be presented in a
manner useful to network security administrators as direction for
protection of their resources. The book is demanding of the reader,
but it does do a better job than most of demonstrating the value of
knowing how to find weaknesses in order to build defence.

copyright Robert M. Slade, 2004 BKNTSCAS.RVW 20040511

--
======================

============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to techbooks-
or techbooks-

Rob Slade, doting grandpa of Ryan and Trevor