 |
|
Required reading for network administrators:
The purpose of Nessus is to provide an Open Source Solution for network auditing on all Unix like systems. This book not only details using Nessus but also comes with a CD containing the program, as well as Ethereal, Snort, and Newt (a port of the program to the Windows environment). What is a network assessment? At its basic level it is an attempt to detect a live system and then identify the computing environment, services, applications, and vulnerabilities on that system. Basically there are two types of assessment - internal and external. An internal assessment is done over the local network and external is done from outside the LAN. Nessus will do both types and the book details how to do either, or both of them. The authors do an excellent job of detailing installation, setup, and how to interpret the results of a scan as well as various factors that can affect the report. One of the parts not to be missed is the discussion of not only the benefits but also the potential problems of scanning your system. Some of the vulnerability types scanned for include buffer overflows, default passwords, backdoors, information leaks, and denial of service. The Nessus scripting language is covered in detail in Appendix A instead of the main portion of the book; a choice I appreciated very much as it allowed the flow of the book to not be interrupted by such a highly technical section. With Open Source products there generally is no organized technical support phone number you can call of help. So, the authors include information on how to get help via the Nessus User Community, mailing lists, and archives. Nessus Network Auditing is a highly recommended book for anyone interested in auditing their network to find potential problems before they become reality.
Great book!:
don't even try to use Nessus without Renaud's book. it is great.
Worth a read.:
Considering Nessus is one of the best free network monitoring tools on the market, this is a perfect book to get to start working with Network Systems Auditing. For people that have a decent working knowledge with multi-platforms and Networking, this book is a good way to get your feet wet with to start preparing for your CISA Cert.
Getting Old and Lacking Real Meat:
First, it's old. Even if you're using the open source 2.x versions and not the commerical 3.x versions, you'll find the content to be a bit dated. Not a problem for the most part, as this book talks a lot about vuln scanning concepts and all that is still applicable. And the differences in GUI layout between the book and latest versions isn't hard to rectify just by clicking around a little. The age of the text is more of a problem in that it lacks discussions of current attacks. Second, a lot of the book just covers basics about vuln scans and using nessus. Sorry, but for the money I paid for this book, I'm not seeing the value that other reviewers are referring to. IMHO lots of this basic usage and intro stuff is covered in numerous online articles (some of which are linked from Tenable's website on the Nessus documentation page). Even topics like dealing with false-positives are covered pretty well in those resources. Granted, the reviews are generally from 2004 and 2005, and many of the articles I'm referring to were written after then. So maybe this book was really helpful at that time - but for anyone considering buying this book circa 2008 or later, save your money. Either wait for an updated edition or look at free resources online. As for the "lack of meat", this book just doesn't go deep enough. Again, I'm not getting much insight beyond what I already found online. I've gleaned some good tips, but again, not enough to justify the length (and cost) of this book.
Excellent primer for new Nessus users:
A good source for experienced users and a must read for novices. At times the syntax of this book leaves a bit to be desired (the editors could have done a better job at polishing the final product). You cannot, however get a better source for Nessus information than the creator himself, who is a contributor to the book. I would highly reccomend this book.
| Author: | Jay Beale | | Author: | Haroon Meer | | Author: | Charl van der Walt | | Author: | Renaud Deraison | | Binding: | Digital | | Number Of Pages: | 550 | | Publication Date: | 2004-07-20 |
|
