CDN$ 32.75
  • List Price: CDN$ 51.99
  • You Save: CDN$ 19.24 (37%)
Usually ships within 1 to 2 months.
Ships from and sold by Amazon.ca.
Gift-wrap available.
Quantity:1
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Inside Network Security Assessment: Guarding Your IT Infrastructure Paperback – Nov 18 2005


See all formats and editions Hide other formats and editions
Amazon Price New from Used from
Paperback
"Please retry"
CDN$ 32.75
CDN$ 32.75 CDN$ 2.81

2014 Books Gift Guide
Yes Please is featured in our 2014 Books Gift Guide. More gift ideas

Special Offers and Product Promotions

  • Join Amazon Student in Canada



Product Details


Product Description

From the Inside Flap

IntroductionIntroduction

Welcome, and thank you for purchasing Inside Network Security Assessment. Our goal was to create a practical guide for planning, performing, and reporting on the risk and vulnerability assessment process. This is a critical topic for IT professionals given that a security assessment provides the necessary information and data for organizations to form the foundation for a reliable and secure IT infrastructure.

This book takes a look inside the network vulnerability assessment process. Its purpose is to teach individuals a methodology for network security assessments. For those of you who must manage or outsource these duties, this book will provide you with tips, pointers, and insight into what a vulnerability assessment is all about. This book is broken up into 10 chapters that follow the vulnerability assessment process from creation to finish. It also discusses, in brief, basic risk assessment methodologies. So even if you are not ready for a full-blown vulnerability assessment, you should be able to start adding basic risk assessment methodologies to new projects and the change control process.

The security assessment process incorporates both risk assessment and vulnerability assessment, which includes the science, tools, methodology, and practices involved in finding, analyzing, and assessing risk for known or unknown vulnerabilities and exposures in a given Information Technology (IT) infrastructure. This book examines the entire IT infrastructure, which encompasses all the IT assets commonly found in an IT environment, such as the data, applications, servers, workstations, and network infrastructure (LANs, WANs, and LAN-to-WAN). The term IT infrastructure is generally used to describe the entire landscape of IT assets and elements. The term IT assets is generally used to describe the individual IT assets or elements commonly found in an IT environment.

All organizations need to assess, identify, define, and confirm the minimum level of acceptable security for their organization and IT assets. Until now, organizations needed to spend thousands of dollars on high-priced consultants to perform a variety of assessments. With Inside Network Security Assessment, readers will receive a collection of tools, utilities, templates, and a step-by-step approach for conducting a security assessment process that incorporates both risk assessment and vulnerability assessment.

Who Should Read This Book

This is an intermediate-level book for IT security professionals and system and network administrators who need to learn more about the security assessment process. Inside Network Security Assessment provides a step-by-step approach for assessing security, from paperwork to penetration testing to ethical hacking. This book is a valuable reference for individuals who are interested in creating their own methodology for conducting a comprehensive security assessment and in expanding their knowledge of network security tools and techniques to perform such evaluations. Almost every organization needs to evaluate the security of its IT infrastructure and IT assets.

Depending on the scope of the IT infrastructure and the scope of the security assessment, organizations can spend tens or hundreds of thousands of dollars to conduct a security assessment. With proper controls and objectivity, conducting a security assessment with internal IT security staff is a viable solution. To do this, the IT security staff must create their own methodology and implement it in-house.

Why We Created This Book

The world of information security continually evolves. More tools are available to attackers and defenders than ever before. There has also been an onslaught of books, classes, and seminars focused on security testing, tools, and techniques. But we as authors felt that something was missing. Among the wealth of information on tools and the how-to of security testing, very little was being discussed about the mechanics of security testing; therefore, we created this book to inform readers that the creation of a methodology and approach for conducting a security assessment is the critical missing piece. Unlike other books that focus on hacking tools or small segments of the assessment process, this book was designed to offer the reader a comprehensive step-by-step approach for guiding them through the security assessment process.

Overview of the Book's Contents

We would like to introduce this book from a 50,000-foot view. The first two chapters, "Introduction to Assessing Network Vulnerabilities" and "Foundations and Principles of Security," serve as a foundation for later chapters. These chapters introduce basic concepts of everything we will talk about throughout the book. Chapter 3, "Why Risk Assessment," and Chapter 4, "Risk Assessment Methodologies," deal specifically with risk. We examine risk terminology, quantitative risk assessment, qualitative risk assessment, and how risk is analyzed in real life.

Chapters 5 through 10 are designed to guide you through the security assessment process. Chapter 5, "Scoping the Project," presents a discussion of the scoping phase. Topics such as the forces driving the assessment are introduced. Chapter 6, "Understanding the Attacker," discusses who the real threat is. Both inside and outside attacks typically follow a given pattern. These stages of attack are discussed, as are ways to reduce the threat. If the assessment you are performing is being driven because of an attack, you'll find this a particularly valuable chapter.

Chapter 7, "Performing the Assessment," introduces the activities performed during the actual assessment. This might be only a policy review or may involve extensive hands-on testing. If hands-on testing is required, you will need a variety of tools, which are discussed in Chapter 8, "Tools Used for Assessments and Evaluations." Chapter 9, "Preparing the Final Report," introduces you to the report-writing phase. Everything you have done must be documented, and this chapter discusses ways to write a successful report. Finally, Chapter 10, "Post-Assessment Activities," describes what happens next. Post-assessment activities typically involve change. So this chapter delves into the topics of policy change, hardware implementation, and user training.

We have also outfitted the book with five appendixes. Here we provide security assessment resources, sample forms, and information on how to deal with outside consultants should you feel the need to outsource part of this process. Performing a security assessment is a challenging journey, and we hope that our approach to guarding your IT infrastructure makes your path more comfortable.

Conventions Used in This Book

This book follows a few typographical and stylistic conventions:

  • New terms are set in italic the first time they are introduced.
  • Each chapter concludes with key terms that have been introduced within the chapter.

Note - Notes provide additional information about a topic.

Tip - Tips provide information that can make a task easier or ease an administrative burden.

Caution - Cautions are items you need to be aware of that may pose a problem or need to be carefully considered.

A Sidebar Looks Like This -

We often use sidebars to present illustrative examples or add greater depth to the material.


© Copyright Pearson Education. All rights reserved.

From the Back Cover

As an IT professional, you need to know how to perform network security assessments. Inside Network Security Assessment: Guarding Your IT Infrastructure is a collection of utilities and templates that will take you through the assessment process. Written by two highly qualified authors with close ties to the International Information Systems Security Certification Consortium, this book was developed with the goal of being a text for the CISSP continuing education class on Network Security Assessment. You will be provided with step-by-step training on assessing security, from paperwork to penetration testing to ethical hacking. You'll save everyone time and money by learning to perform security assessments yourself with the help of Inside Network Security Assessment.


Inside This Book (Learn More)
Explore More
Concordance
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 3 reviews
3 of 4 people found the following review helpful
Excellent overview of current state of the art for network security assessment April 23 2006
By uniq - Published on Amazon.com
Format: Paperback
If you need an overview of the current state of the art for network security assessment - this book is for you. It describes a security assessment process end-to-end, covering all aspects of it: reasons for the assessment, risk assessment methodologies, scoping of an assessment project and its goals, how to conduct the assessment, what to put into the final report, and what is involved in the post-assessment activities. The book also gives an overview of contemporary government standards and security evaluation tools, and even offers security assessment forms and a sample report. This book is *NOT* a detailed description of the intrinsic and technology behind the attacks or ways of warding them off, even though the authors do a superb job of explaining most major concepts and terms.

While anything that ends with the word "process" promises the excitement of watching paint dry, I've found this book quite informative and written very well. For me, it is more important to understand than remember; every statement in a book is logically solid and supported by a reason or explanation. With respect to this, the authors have not disappointed me.

I disagree with negative comments mentioned in the F. Yan's review below. For example, indeed, on page 111 the authors stated that the greatest threat to an organization and its IT infrastructure are employees, contractors, and third-party users; on the same page they named insecure computing habits of the *employees* as the 2nd threat, and on page 112 they listed *disgruntled* employees as the 3rd greatest threat. I don't see any contradiction, since disgruntled employees are a subset of the total population of employees. Similarly, I could not find validation to other negative comments.

Nevertheless, the book has a couple of rather small shortcomings. One is a bit dry style of some chapters consisting primarily of bullet point lists, although the points themselves are sharp, concrete, and important. I also wish that the book's cover were made from a more practical and durable material.

Overall, this is an excellent and useful book, that delivers on its promises.
2 of 3 people found the following review helpful
Broad Range of Information March 4 2006
By John Bailey - Published on Amazon.com
Format: Paperback
In my experience what's important is to have an overall structure when performing any task. That's one of the things I liked about this book as it didn't get bogged down with an endless review of a million tools. The book offers a look at the bigger picture providing information on the overall structure and flow of the assessment. While it is evident that it was written by two writers, those individuals planning on performing an assessment or involved with one should find this book useful. I believe this book would also be helpful to people new to the security assessment area. When reading a book my objective is to learn something I did not know before or to add to my skill set. This book met that mark for me.
2 of 4 people found the following review helpful
This book needs better editing and review Feb. 2 2006
By Amazon Customer - Published on Amazon.com
Format: Paperback
After reading a few chapters of the book, I find this book was not thoroughly edited or reviewed before being published. It is not well structured while it is inconsistent and even self-contradictory.

Take chapter 6 as an example. In terms of bad structure, the overview presented four characteristics about attackers, but in the chapter only two have big headings.

Also, when the four kinds of attacks are discussed, it starts off with a paragraph of short description for each. Then it goes to further not-so-detailed (or even repeated) explanation for each attack. Why can the short description and the not-so-detailed explanation for each attack NOT be combined?

On inconsistency: while there is a tip for a few security countermeasures after discussing coordinated attacks, there are none for the other three kinds of attack.

On self-contradiction: the authors say the greatest threat is internal/disgruntled employees. Then on the following page it mentions disgruntled employees again in a different heading but as the "third" greatest threat.

I am sure the authors are very technically knowledgeable in security as the book provides a lot of security-related materials. However, they need to polish their writing skills so that the next book they write will not be as chaotic as this one.


Feedback