 | | |
| Nessus Network Auditing (Jay Beale's Open Source Security) | 
| Authors: Renaud Deraison, Noam Rathaus, Hd Moore, Raven Alder, George Theall, Andy Johnston, Jimmy Alderson
Publisher: Syngress
Category: Book
List Price: $49.95
Buy New: $37.62
You Save: $12.33 (25%)
Buy New/Used from $24.25
Avg. Customer Rating:  (12 reviews)
Sales Rank: 484259
Format: Illustrated
Media: Paperback
Edition: 1
Number Of Items: 1
Pages: 544
Shipping Weight (lbs): 2
Dimensions (in): 9 x 7 x 1.3
ISBN: 1931836086
Dewey Decimal Number: 005.8
UPC: 792502360866
EAN: 9781931836081
ASIN: 1931836086
Publication Date: August 3, 2004
Availability: Usually ships in 1-2 business days
|
| Editorial Reviews:
Product Description
The ONLY Book to Read if You Run Nessus Across the Enterprise Ever since its beginnings in early 1998, the Nessus Project has attracted security researchers from all walks of life. It continues this growth today. It has been adopted as a de facto standard by the security industry, vendor, and practitioner alike, many of whom rely on Nessus as the foundation to their security practices. Now, Nessus project founder Renaud Deraison and a team of leading developers have created the definitive book for the Nessus community. * Perform a Vulnerability Assessment Use Nessus to find programming errors that allow intruders to gain unauthorized access. * Obtain and Install Nessus Install from source or binary, set up up clients and user accounts, and update your plug-ins. * Modify the Preferences Tab Specify the options for Nmap and other complex, configurable components of Nessus. * Understand Scanner Logic and Determine Actual Risk Plan your scanning strategy and learn what variables can be changed. * Prioritize Vulnerabilities Prioritize and manage critical vulnerabilities, information leaks, and denial of service errors. * Deal with False Positives Learn the different types of false positives and the differences between intrusive and nonintrusive tests. * Get Under the Hood of Nessus Understand the architecture and design of Nessus and master the Nessus Attack Scripting Language (NASL). * Scan the Entire Enterprise Network Plan for enterprise deployment by gauging network bandwith and topology issues. Your Solutions Membership Gives You Access to: Comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page
|
| Customer Reviews: Read 7 more reviews...
 Getting Old and Lacking Real Meat August 4, 2008
First, it's old. Even if you're using the open source 2.x versions and not the commerical 3.x versions, you'll find the content to be a bit dated. Not a problem for the most part, as this book talks a lot about vuln scanning concepts and all that is still applicable. And the differences in GUI layout between the book and latest versions isn't hard to rectify just by clicking around a little. The age of the text is more of a problem in that it lacks discussions of current attacks.
Second, a lot of the book just covers basics about vuln scans and using nessus. Sorry, but for the money I paid for this book, I'm not seeing the value that other reviewers are referring to. IMHO lots of this basic usage and intro stuff is covered in numerous online articles (some of which are linked from Tenable's website on the Nessus documentation page). Even topics like dealing with false-positives are covered pretty well in those resources.
Granted, the reviews are generally from 2004 and 2005, and many of the articles I'm referring to were written after then. So maybe this book was really helpful at that time - but for anyone considering buying this book circa 2008 or later, save your money. Either wait for an updated edition or look at free resources online.
As for the "lack of meat", this book just doesn't go deep enough. Again, I'm not getting much insight beyond what I already found online. I've gleaned some good tips, but again, not enough to justify the length (and cost) of this book.
Worth a read. August 23, 2007
Considering Nessus is one of the best free network monitoring tools on the market, this is a perfect book to get to start working with Network Systems Auditing. For people that have a decent working knowledge with multi-platforms and Networking, this book is a good way to get your feet wet with to start preparing for your CISA Cert.
Excellent primer for new Nessus users July 25, 2005
A good source for experienced users and a must read for novices.
At times the syntax of this book leaves a bit to be desired (the editors could have done a better job at polishing the final product). You cannot, however get a better source for Nessus information than the creator himself, who is a contributor to the book.
I would highly reccomend this book.
Great book! February 28, 2005
2 out of 5 found this review helpful
don't even try to use Nessus without Renaud's book. it is great.
 Required reading for network administrators February 4, 2005
3 out of 3 found this review helpful
The purpose of Nessus is to provide an Open Source Solution for network auditing on all Unix like systems. This book not only details using Nessus but also comes with a CD containing the program, as well as Ethereal, Snort, and Newt (a port of the program to the Windows environment).
What is a network assessment? At its basic level it is an attempt to detect a live system and then identify the computing environment, services, applications, and vulnerabilities on that system. Basically there are two types of assessment - internal and external. An internal assessment is done over the local network and external is done from outside the LAN. Nessus will do both types and the book details how to do either, or both of them.
The authors do an excellent job of detailing installation, setup, and how to interpret the results of a scan as well as various factors that can affect the report. One of the parts not to be missed is the discussion of not only the benefits but also the potential problems of scanning your system. Some of the vulnerability types scanned for include buffer overflows, default passwords, backdoors, information leaks, and denial of service.
The Nessus scripting language is covered in detail in Appendix A instead of the main portion of the book; a choice I appreciated very much as it allowed the flow of the book to not be interrupted by such a highly technical section. With Open Source products there generally is no organized technical support phone number you can call of help. So, the authors include information on how to get help via the Nessus User Community, mailing lists, and archives.
Nessus Network Auditing is a highly recommended book for anyone interested in auditing their network to find potential problems before they become reality.
|
|
|
Powered by: Dknc, inc. and Amazon.com | | 
For your safety and security, orders are processed through amazon.com
|
|
|
|