Monday, May 03, 2004

Review of Network Security Assessment Posted just published my four star review of Network Security Assessment. From the review:

"Network Security Assessment (NSA) is the latest in a long line of vulnerability assessment / penetration testing books, stretching back to Maximum Security in 1997 and Hacking Exposed shortly thereafter. NSA is also the second major security title from O'Reilly this year, soon to be followed by Network Security Hacks. NSA is a good book with some new material to offer, but don't expect to find deep security insight in this or similar assessment books.

NSA begins with the almost obligatory reference to the king of assessment books, Hacking Exposed (HE), saying 'I leave listings of obscure techniques to behemoth 800-page "hacking" books.' I don't think some of the techniques covered in HE but not NSA are "obscure." Noticably lacking in NSA is coverage of dial-up techniques, wireless insecurities, Novell vulnerabilities, and attacking clients rather than servers. Should NSA receive a second edition, I expect to see the book expand closer to the 'behemoth' it seems to deride."

No comments: