Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Open Source Security Tools", Tony Howlett

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Open Source Security Tools", Tony Howlett
Date: Fri, 28 Jan 2005 08:18:36 -0800 


BKOPSOST.RVW   20041203

"Open Source Security Tools", Tony Howlett, 2005, 0-321-19443-8,
U$49.99/C$71.99
%A   Tony Howlett tony@howlett.org
%C   One Lake St., Upper Saddle River, NJ   07458
%D   2005
%G   0-321-19443-8
%I   Prentice Hall
%O   U$49.99/C$71.99 +1-201-236-7139 fax: +1-201-236-7131
%O  http://www.amazon.com/exec/obidos/ASIN/0321194438/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0321194438/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0321194438/robsladesin03-20
%O   tl a rl 2 tc 3 ta 3 tv 2 wq 2
%P   578 p. + CD-ROM
%T   "Open Source Security Tools"

The tools listed in this book are for network security, almost without
exception.  The preface states that the book is intended primarily for
systems administrators, although security professionals may find
useful information as well.  Howlett makes an effort to include items
that have Windows versions, although only about a third do.  He has
also included tutorial materials on detailed aspects of the TCP/IP
protocols that have a bearing on the operation of security software.

Chapter one outlines the open source concept, starting with a fairly
idealized scenario, but continuing with some history, advantages (and
disadvantages), and a brief look at two of the major open source
licences.  The nominal topic of chapter two is operating systems, and
so it is rather odd that most of the tools described are network
utilities.  However, the descriptions are better than are given in
most reviews of software tools, and the details are clear for all who
may read them.  While chapter three does provide a quick overview of
TCP/IP and filtering, it does not cover the full range of firewall
types.  The programs listed are comprehensively described in terms of
installation and administration commands.  Port scanning is covered in
chapter four, and, again, while the programs are explained well, other
details, such as the services that would need to be turned off to
reduce the danger of open ports, are not.  Much the same can be said
about the discussion of vulnerability scanners, in chapter five.

Chapter six looks at the most widely used network sniffers.  The
concepts behind, and examples of, both network- and host-based
intrusion detection systems are given in chapter seven.  Logging and
audit data can accumulate quickly and overwhelm the administrator, so
chapter eight reviews some common tools to present, analyse, and
manage the information.  Chapter nine lists a variety of encryption
tools.  Wireless tools, primarily for finding networks, are given in
chapter ten.  Forensic tools are examined in chapter eleven, but there
may not be a sufficient distinction made between the network and data
recovery tools.  Chapter twelve finishes off with some more general
discussion about open source software, and where to find it.

There are some helpful appendices: well-known TCP/IP port numbers, and
a large list of plug-ins for Nessus.

The tutorial material could have had more depth and care, but there is
no denying the value of the compilation (particularly with all the
software included on the CD).

copyright Robert M. Slade, 2004   BKOPSOST.RVW   20041203


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
                      E Pluribus Modem
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade






 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Open Source Security Tools", Tony Howlett, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "Degunking Your Email, Spam, and Viruses", Jeff Duntemann, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] Re:Re: Can't access http://www.isc2.org?, Balaji Palanisamy
Previous by Thread:  [CISSP-D] REVIEW: "Degunking Your Email, Spam, and Viruses", Jeff Duntemann, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] Re:Re: Can't access http://www.isc2.org?, Balaji Palanisamy
Indexes:  [Date] [Thread] [Top] [All Lists]