- Amazon Student members save an additional 10% on Textbooks with promo code TEXTBOOK10. Enter code TEXTBOOK10 at checkout. Here's how (restrictions apply)
Inside Network Security Assessment: Guarding Your IT Infrastructure Paperback – Nov 18 2005
Special Offers and Product Promotions
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
To get the free app, enter your e-mail address or mobile phone number.
From the Inside Flap
Welcome, and thank you for purchasing Inside Network Security Assessment. Our goal was to create a practical guide for planning, performing, and reporting on the risk and vulnerability assessment process. This is a critical topic for IT professionals given that a security assessment provides the necessary information and data for organizations to form the foundation for a reliable and secure IT infrastructure.
This book takes a look inside the network vulnerability assessment process. Its purpose is to teach individuals a methodology for network security assessments. For those of you who must manage or outsource these duties, this book will provide you with tips, pointers, and insight into what a vulnerability assessment is all about. This book is broken up into 10 chapters that follow the vulnerability assessment process from creation to finish. It also discusses, in brief, basic risk assessment methodologies. So even if you are not ready for a full-blown vulnerability assessment, you should be able to start adding basic risk assessment methodologies to new projects and the change control process.
The security assessment process incorporates both risk assessment and vulnerability assessment, which includes the science, tools, methodology, and practices involved in finding, analyzing, and assessing risk for known or unknown vulnerabilities and exposures in a given Information Technology (IT) infrastructure. This book examines the entire IT infrastructure, which encompasses all the IT assets commonly found in an IT environment, such as the data, applications, servers, workstations, and network infrastructure (LANs, WANs, and LAN-to-WAN). The term IT infrastructure is generally used to describe the entire landscape of IT assets and elements. The term IT assets is generally used to describe the individual IT assets or elements commonly found in an IT environment.
All organizations need to assess, identify, define, and confirm the minimum level of acceptable security for their organization and IT assets. Until now, organizations needed to spend thousands of dollars on high-priced consultants to perform a variety of assessments. With Inside Network Security Assessment, readers will receive a collection of tools, utilities, templates, and a step-by-step approach for conducting a security assessment process that incorporates both risk assessment and vulnerability assessment.Who Should Read This Book
This is an intermediate-level book for IT security professionals and system and network administrators who need to learn more about the security assessment process. Inside Network Security Assessment provides a step-by-step approach for assessing security, from paperwork to penetration testing to ethical hacking. This book is a valuable reference for individuals who are interested in creating their own methodology for conducting a comprehensive security assessment and in expanding their knowledge of network security tools and techniques to perform such evaluations. Almost every organization needs to evaluate the security of its IT infrastructure and IT assets.
Depending on the scope of the IT infrastructure and the scope of the security assessment, organizations can spend tens or hundreds of thousands of dollars to conduct a security assessment. With proper controls and objectivity, conducting a security assessment with internal IT security staff is a viable solution. To do this, the IT security staff must create their own methodology and implement it in-house.Why We Created This Book
The world of information security continually evolves. More tools are available to attackers and defenders than ever before. There has also been an onslaught of books, classes, and seminars focused on security testing, tools, and techniques. But we as authors felt that something was missing. Among the wealth of information on tools and the how-to of security testing, very little was being discussed about the mechanics of security testing; therefore, we created this book to inform readers that the creation of a methodology and approach for conducting a security assessment is the critical missing piece. Unlike other books that focus on hacking tools or small segments of the assessment process, this book was designed to offer the reader a comprehensive step-by-step approach for guiding them through the security assessment process.Overview of the Book's Contents
We would like to introduce this book from a 50,000-foot view. The first two chapters, "Introduction to Assessing Network Vulnerabilities" and "Foundations and Principles of Security," serve as a foundation for later chapters. These chapters introduce basic concepts of everything we will talk about throughout the book. Chapter 3, "Why Risk Assessment," and Chapter 4, "Risk Assessment Methodologies," deal specifically with risk. We examine risk terminology, quantitative risk assessment, qualitative risk assessment, and how risk is analyzed in real life.
Chapters 5 through 10 are designed to guide you through the security assessment process. Chapter 5, "Scoping the Project," presents a discussion of the scoping phase. Topics such as the forces driving the assessment are introduced. Chapter 6, "Understanding the Attacker," discusses who the real threat is. Both inside and outside attacks typically follow a given pattern. These stages of attack are discussed, as are ways to reduce the threat. If the assessment you are performing is being driven because of an attack, you'll find this a particularly valuable chapter.
Chapter 7, "Performing the Assessment," introduces the activities performed during the actual assessment. This might be only a policy review or may involve extensive hands-on testing. If hands-on testing is required, you will need a variety of tools, which are discussed in Chapter 8, "Tools Used for Assessments and Evaluations." Chapter 9, "Preparing the Final Report," introduces you to the report-writing phase. Everything you have done must be documented, and this chapter discusses ways to write a successful report. Finally, Chapter 10, "Post-Assessment Activities," describes what happens next. Post-assessment activities typically involve change. So this chapter delves into the topics of policy change, hardware implementation, and user training.
We have also outfitted the book with five appendixes. Here we provide security assessment resources, sample forms, and information on how to deal with outside consultants should you feel the need to outsource part of this process. Performing a security assessment is a challenging journey, and we hope that our approach to guarding your IT infrastructure makes your path more comfortable.Conventions Used in This Book
This book follows a few typographical and stylistic conventions:
- New terms are set in italic the first time they are introduced.
- Each chapter concludes with key terms that have been introduced within the chapter.
Note - Notes provide additional information about a topic.
Tip - Tips provide information that can make a task easier or ease an administrative burden.
Caution - Cautions are items you need to be aware of that may pose a problem or need to be carefully considered.
A Sidebar Looks Like This -
We often use sidebars to present illustrative examples or add greater depth to the material.
© Copyright Pearson Education. All rights reserved.
From the Back Cover
As an IT professional, you need to know how to perform network security assessments. Inside Network Security Assessment: Guarding Your IT Infrastructure is a collection of utilities and templates that will take you through the assessment process. Written by two highly qualified authors with close ties to the International Information Systems Security Certification Consortium, this book was developed with the goal of being a text for the CISSP continuing education class on Network Security Assessment. You will be provided with step-by-step training on assessing security, from paperwork to penetration testing to ethical hacking. You'll save everyone time and money by learning to perform security assessments yourself with the help of Inside Network Security Assessment.See all Product Description
Inside This Book(Learn More)
Most Helpful Customer Reviews on Amazon.com (beta)
While anything that ends with the word "process" promises the excitement of watching paint dry, I've found this book quite informative and written very well. For me, it is more important to understand than remember; every statement in a book is logically solid and supported by a reason or explanation. With respect to this, the authors have not disappointed me.
I disagree with negative comments mentioned in the F. Yan's review below. For example, indeed, on page 111 the authors stated that the greatest threat to an organization and its IT infrastructure are employees, contractors, and third-party users; on the same page they named insecure computing habits of the *employees* as the 2nd threat, and on page 112 they listed *disgruntled* employees as the 3rd greatest threat. I don't see any contradiction, since disgruntled employees are a subset of the total population of employees. Similarly, I could not find validation to other negative comments.
Nevertheless, the book has a couple of rather small shortcomings. One is a bit dry style of some chapters consisting primarily of bullet point lists, although the points themselves are sharp, concrete, and important. I also wish that the book's cover were made from a more practical and durable material.
Overall, this is an excellent and useful book, that delivers on its promises.
Take chapter 6 as an example. In terms of bad structure, the overview presented four characteristics about attackers, but in the chapter only two have big headings.
Also, when the four kinds of attacks are discussed, it starts off with a paragraph of short description for each. Then it goes to further not-so-detailed (or even repeated) explanation for each attack. Why can the short description and the not-so-detailed explanation for each attack NOT be combined?
On inconsistency: while there is a tip for a few security countermeasures after discussing coordinated attacks, there are none for the other three kinds of attack.
On self-contradiction: the authors say the greatest threat is internal/disgruntled employees. Then on the following page it mentions disgruntled employees again in a different heading but as the "third" greatest threat.
I am sure the authors are very technically knowledgeable in security as the book provides a lot of security-related materials. However, they need to polish their writing skills so that the next book they write will not be as chaotic as this one.
Look for similar items by category
- Books > Computers & Technology > Certification Central > Exams > Security+
- Books > Computers & Technology > Certification Central > Publisher > Sams
- Books > Computers & Technology > History & Culture > Privacy
- Books > Computers & Technology > Internet & Social Media
- Books > Computers & Technology > Networking & Cloud Computing > Internet, Groupware, & Telecommunications
- Books > Computers & Technology > Networking & Cloud Computing > Networks, Protocols & APIs
- Books > Computers & Technology > Programming
- Books > Computers & Technology > Security & Encryption
- Books > Qualifying Textbooks - Fall 2007 > Computers & Internet
- Books > Textbooks > Computer Science & Information Systems > Networking