REVIEW: "Network Security Assessment", Steve Manzuik/Andre Gold/Chris Gatford

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Dec 23, 2009.

  1. BKNESEAS.RVW 20091004

    "Network Security Assessment", Steve Manzuik/Andre Gold/Chris Gatford,
    2007, 978-1-59749-101-3, U$59.95/C$77.95
    %A Steve Manzuik
    %A Andre Gold
    %A Chris Gatford
    %C 800 Hingham Street, Rockland, MA 02370
    %D 2007
    %G 978-1-59749-101-3 1-59749-101-2
    %I Syngress Media, Inc.
    %O U$59.95/C$77.95 781-681-5151
    %O http://www.amazon.com/exec/obidos/ASIN/1597491012/robsladesinterne
    http://www.amazon.co.uk/exec/obidos/ASIN/1597491012/robsladesinte-21
    %O http://www.amazon.ca/exec/obidos/ASIN/1597491012/robsladesin03-20
    %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
    %P 372 p.
    %T "Network Security Assessment: From Vulnerability to Patch"

    Chapter one is a general discussion of vulnerabilities and risk. The
    material makes the process (and threat environment) seem more
    formalized and simpler than it really. Initially the review of
    vulnerabilities seems limited to coding issues, but later parts of the
    book concentrate almost exclusively on network issues. A broad
    overview of the usual "discovery/enumeration/analysis" style of
    penetration testing is given in chapter two. Assessment tools are
    noted in chapter three, although the content is mostly a duplication
    from two. While most of the suggestions are reasonable (yes, you do
    want a low rate of false positive alarms), some are unrealistic (a
    zero rate of false negative results is almost inherently impossible to
    achieve).

    Chapter four addresses the discovery stage, though not in much depth.
    Similarly, chapter five's examples of enumeration are limited to
    various scans. Chapter six repeats the penetration testing review
    from chapter two, but with different examples.

    Vulnerability management, as delineated in chapter seven, is simply a
    project cycle with some audit functions included. Chapter eight is a
    terse listing of vulnerability management tools. The content of
    chapter seven is repeated in chapter nine, in a more confused form,
    and now under the title "Vulnerability and Configuration Management."
    "Regulatory Compliance," in chapter ten, is restricted to a brief
    discussion of the Payment Card Industry Data Security Standard, and
    the US Sarbanes-Oxley law. Chapter eleven re-reviews the chapters in
    the book.

    An appendix covers legal factors for a variety of information security
    concerns.

    The material in this work provides a decent introduction to
    vulnerability assessment and penetration testing, but with a great
    deal of padding and duplication. Condensed into a magazine article,
    instead of running to almost four hundred pages, it could have been
    very useful. There is also a chance that the reader will be misled by
    the doctrinaire stance in many cases, such as the presentation of
    penetration testing as distinct from vulnerability assessment, when
    the reality is a continuum, with most people taking a hybrid approach.
    Overall the book is a good start, but those wishing to actually begin
    working with assessments will need additional help.

    copyright Robert M. Slade, 2009 BKNESEAS.RVW 20091004

    --
    ======================

    "Dictionary of Information Security," Syngress 1597491152
    http://blogs.securiteam.com/index.php/archives/author/p1/
    http://blog.isc2.org/isc2_blog/slade/index.html
    http://twitter.com/rslade http://twitter.com/NoticeBored
    ============= for back issues:
    [Base URL] site http://victoria.tc.ca/techrev/
    CISSP refs: [Base URL]mnbksccd.htm
    Book reviews: [Base URL]mnbk.htm
    Review mailing list: send mail to
    or
    Rob Slade, doting grandpa of Ryan and Trevor, Dec 23, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. marie

    van andre

    marie, Jan 8, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    493
    Aunt Agatha
    Jan 16, 2004
  2. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Network Security Assessment", Chris McNab

    Rob Slade, doting grandpa of Ryan and Trevor, Oct 15, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    661
    Rob Slade, doting grandpa of Ryan and Trevor
    Oct 15, 2004
  3. Mikey
    Replies:
    3
    Views:
    3,566
    Tonester
    Sep 14, 2006
  4. Wayne Wastier

    Attn: Andre Da Costa

    Wayne Wastier, May 30, 2005, in forum: Windows 64bit
    Replies:
    7
    Views:
    485
    Christian Hougardy
    May 31, 2005
  5. =?Utf-8?B?Q2FybG9z?=

    Where are you Andre

    =?Utf-8?B?Q2FybG9z?=, Jul 8, 2006, in forum: Windows 64bit
    Replies:
    0
    Views:
    376
    =?Utf-8?B?Q2FybG9z?=
    Jul 8, 2006
Loading...

Share This Page