Average Reviews:
(More customer reviews)Are you looking to buy Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale's Open Source Security Series)? Here is the right place to find the great deals. we can offer discounts of up to 90% on Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale's Open Source Security Series). Check out the link below:
>> Click Here to See Compare Prices and Get the Best Offers
Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale's Open Source Security Series) ReviewI've read and reviewed the three previous books in Jay Beale's Open Source Security Series -- Snort 2.1, Nessus Network Auditing, and Ethereal Packet Sniffing. I liked all three of those books, and I'm glad to say that this fourth book -- Nessus, Snort, and Ethereal Power Tools (NSAEPT), is a worthy continuation of Jay's series. NSAEPT is a unique resource for anyone who wants to extend Nessus, Snort, and Ethereal. The book could save programmers hours of work, and it should be the first step for those looking to contribute to the development of all three projects.It's unfortunate that an uninformed three star review has been the only commentary on NSAEPT until now. Of course the book is not for beginners! Why write another introductory book, when the three earlier titles serve that role (and more)? NSAEPT is strong precisely because it starts where the other three books end.
I learned quite a bit reading NSAEPT. For example, Part I shared advice on using Nessus to audit hosts directly, by examining Windows registry keys, package databases, or Windows PE files (.exe, .dll) directly. I appreciated the discussion of creating NASL checks that were more protocol-aware (for MySQL) or that could speak NTLM authentication to IIS Web servers. Ch 6 even gave tips on building NASL generators.
Part II, covering Snort, gave better advice on writing Snort rules than what was found in the earlier Snort 2.1 book. I thought this part was the weakest of the three, however. I would have liked to have seen many more examples of using advanced Snort rule options. Table 8.10 should have said that the + flag means "match on the specified flags, and allow any other flags." Also, I thought the author miscommunicated the purpose of the stream4 preprocessor when he mentioned dropping UDP and ICMP traffic. That's an issue when running inline, not passively as most people use Snort.
I really liked Part III, which examined Ethereal. Ch 11 offered great guidance on reverse engineering an unknown trace format, namely iptrace from AIX 3. Ch 12 mentioned an undocumented tethereal flag (-G) that was new to me. I enjoyed learning about tap modules in Ch 13, and I did not know that Ethereal uses the wiretap library to read traces -- not libpcap.
I subtracted one star from my review for a few reasons. First, NSAEPT features some really annoying formatting problems in many of the code listings. Every place the characters "FI" (any case) appear, they are changed into a single nonsensical character. I stopped counting the number of times this happened. For example, where one should read "Filename", we see instead "Xlename". The same seems to have happened with "FL"; e.g., "Flags" becomes "Xags". The reference to libpcap and "Chapter 1" on p 159 should instead point to Ch 11. I thought the inclusion of material from Brian Wotring's Host Integrity Monitoring book as Appendix A was unnecessary. Brian's book is great, but I don't think readers need 30 pages from another title. Is that just padding?
Format-wise, NSAEPT features smaller fonts than one sees in more recent Syngress books. I thought the font was a little small, but in some ways an improvement over the jumbo text seen elsewhere. I also thought the paper used to print NSAEPT was much better than other titles. Compare NSAEPT with another 440 page Syngress book, Securing IM and P2P Applications for the Enterprise, and you'll see the latter book is much thicker.
Overall I recommend NSAEPT to anyone who wishes to do more with Nessus, Snort, or Ethereal. NSAEPT is definitely a book for power users and developers. It's great to see a new book that starts with original material and avoids rehashing what's already been written.Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale's Open Source Security Series) OverviewThis book will cover customizing Snort to perform intrusion detection and prevention; Nessus to analyze the network layer for vulnerabilities; and Ethereal to "sniff" their network for malicious or unusual traffic. The book will also contain an appendix detailing "the best of the rest" open source security tools. Each of these tools is intentionally designed to be highly customizable so that users can torque the programs to suit their particular needs. Users can code their own custom rules, plug-ins, and filters that are tailor-made to fit their own networks and the threats which they most commonly face. The book describes the most important concepts of coding and customizing tools, and then provides readers with invaluable working scripts that can either be used as is or further refined by using knowledge gained from the book.* Snort, Nessus, and Ethereal are the three most popular open source security tools in the world* Only book that teaches readers how to customize these tools for their specific needs by coding rules, plugins, and filters* Companion Web site provides all working code and scripts from the book for download
Want to learn more information about Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale's Open Source Security Series)?
>> Click Here to See All Customer Reviews & Ratings Now
0 comments:
Post a Comment