BKNTSCAS.RVW 20040511 "Network Security Assessment", Chris McNab, 2004, 0-596-00611-X, U$39.95/C$57.95 %A Chris McNab chris.mcnab@trustmatta.com %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2004 %G 0-596-00611-X %I O'Reilly & Associates, Inc. %O U$39.95/C$57.95 707-829-0515 fax: 707-829-0104 nuts@ora.com %O http://www.amazon.com/exec/obidos/ASIN/059600611X/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/059600611X/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/059600611X/robsladesin03-20 %P 507 p. %T "Network Security Assessment" In general, "learn to hack in order to secure" books provide very little useful material for helping security administrators to protect their systems. McNab's work is somewhat different: his descriptions (though not perfect) have a conceptual component, and the details often use accessible system tools, rather than relying on blackhat tools (of unknown reliability) or an extensive range of commercial utilities. Chapter one defines network security assessment somewhere between vulnerability scanning and penetration testing, and outlines the general campaign. A list of scanning tools, with very terse descriptions, is in chapter two. The querying of public information, using search engines and network information centres, is in chapter three. Chapter four provides details on IP network scanning, although the explanations are not always clear, seemingly missing particulars or skipping steps. This lack of description is even more evident in the material on remote information services (DNS - Domain Name Services, SNMP - Simple Network Management Protocol, LDAP - Lightweight Directory Access Protocol, and the like) in chapter five. Chapter six provides content on obtaining information about a number of Web utilities, products, and services, and lists a number of specific exploits. Chapter seven gives advice on identifying and exploiting specific terminal and terminal-like remote services. ftp and database exploits are listed in chapter eight. Chapter nine describes some tools for assessing and exploiting network (and particularly SMB (Server Message Block) services in Windows NT and 2000. Gathering information from SMTP (Simple Mail Transfer Protocol) is described in chapter ten, as well as a way to code MIME (Multipurpose Internet Mail Extensions) fields in order to defeat virus scanning on email. The exploits for VPN (Virtual Private Network) products, in chapter eleven are product specific and unstructured. Chapter twelve lists certain UNIX RPC (Remote Procedure Call) bugs. The explanation of general overflow and overwriting attacks in chapter thirteen provides thorough descriptions, but relies unnecessarily on coded C language references rather than broader explanations, reducing the conceptual clarity. Chapter fourteen reviews a combination of some of the techniques listed earlier in the book as an integrated attack example. The material could be helpful to security instructors, and fascinating for those interested in the topic, but may not be presented in a manner useful to network security administrators as direction for protection of their resources. The book is demanding of the reader, but it does do a better job than most of demonstrating the value of knowing how to find weaknesses in order to build defence. copyright Robert M. Slade, 2004 BKNTSCAS.RVW 20040511