BKNMAPNS.RVW 20090118 "Nmap Network Scanning", Gordon Lyon, 2009, 978-0-9799587-1-7, U$49.95 %A Gordon Lyon fyodor@insecure.org http://nmap.org/book %C 370 Altair Way #113, Sunnyvale, CA 94086 %D 2009 %G 978-0-9799587-1-7 0-9799587-1-7 %I Nmap Security Scanner Project %O U$49.95 %O http://www.amazon.com/exec/obidos/ASIN/0979958717/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0979958717/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0979958717/robsladesin03-20 %O Audience i+ Tech 2 Writing 2 (see revfaq.htm for explanation) %P 468 p. %T "Nmap Network Scanning" Nobody who is involved in network administration or security needs any introduction to Nmap, the most widely used network mapping tool. The preface to this book states that it is full documentation (as could be expected from the creator of the utility), intended for Nmap users at all levels. In addition to the features and functions of the program, the work covers general tasks and applications in real world conditions and environments. Even if you are not familiar with Nmap, chapter one is a presentation of the uses of the program (in a couple of fictional, and one real, settings). For those with limited background there are useful outside references, guides, and tools listed, but even with these resources not all of the cases presented are clear. There is an interesting discussion of the legality or advisability of port scanning, and a brief version history of Nmap. Chapter two covers installation and options for various operating systems. Host discovery, in chapter three, uses Nmap as well as some other tools. The examples are outlined clearly, but not always fully explained (particularly for non-Nmap utilities). The text is not always transparent upon initial reading, but some work and diligence in looking up references (often within the book itself) will usually clarify matters. A brief introduction to ports starts off the material on port scanning, in chapter four, which then lists basic Nmap options. Chapter five describes a number of more advanced patterns, useful for determining additional information not immediately available or obvious in normal traffic (or sometimes obfuscated). Some ideas for optimising Nmap performance are listed in chapter six. Chapter seven explains options related to determining what applications are running on a system, along with two examples. Similarly, chapter eight deals with identification and resolution of operating systems. Chapter nine explains the Nmap Scripting Engine (NSE) structures, language, and options, in a usably detailed fashion. Activities specific to detecting and evading firewalls and IDSs (Intrusion Detection Systems) are covered in chapter ten. It is, therefore, only fair play that chapter eleven deals with issues of detecting and protecting against Nmap and other scanning tools being used to explore or penetrate a system. Chapter twelve describes the Zenmap user interface which can be added as a front end to Nmap. Output and reporting options are reviewed in chapter thirteen. Nmap data files, and the customization they can provide, are explained in chapter fourteen. Chapter fifteen is a reference guide summary of the command line options: a printed version of the Nmap man page. Lyon fundamentally fulfills his objective. This is comprehensive documentation for the utility: in addition, it demonstrates how the tool can be used effectively in the real world. In some places the author has been a little too cute in an attempt to inject humour: in other sections the text is demanding and could have been written more clearly. However, the guide is solidly written, overall, and useful for pretty much any network analyst or network security analyst. copyright Robert M. Slade, 2009 BKNMAPNS.RVW 20090118