Start reading Nessus Network Auditing: Jay Beale Open Source Security S... on your Kindle in under a minute. Don't have a Kindle? Get your Kindle here or start reading now with a free Kindle Reading App.

Deliver to your Kindle or other device


Try it free

Sample the beginning of this book for free

Deliver to your Kindle or other device

Anybody can read Kindle books—even without a Kindle device—with the FREE Kindle app for smartphones, tablets and computers.
Nessus Network Auditing: Jay Beale Open Source Security Series (Jay Beale's Open Source Security)

Nessus Network Auditing: Jay Beale Open Source Security Series (Jay Beale's Open Source Security) [Kindle Edition]

Jay Beale , Haroon Meer , Charl van der Walt , Renaud Deraison

Kindle Price: £26.36 includes VAT* & free wireless delivery via Amazon Whispernet
* Unlike print books, digital books are subject to VAT.


Amazon Price New from Used from
Kindle Edition £26.36  
Paperback --  
Kindle Summer Sale: Over 500 Books from £0.99
Have you seen the Kindle Summer Sale yet? Browse selected books from popular authors and debut novelists, including new releases and bestsellers. Learn more

Special Offers and Product Promotions

  • Purchase any Kindle Book sold by and receive £1 credit to try out our Digital Music Store. Here's how (terms and conditions apply)

Product Description

Product Description

This book focuses on installing, configuring and optimizing Nessus, which is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems. As with many open source programs, Nessus is incredibly popular, incredibly powerful, and incredibly under-documented. There are many Web sites (including where thousands of users congregate to share tips, tricks, and hints, yet no single, comprehensive resource exists. This book, written by Nessus lead developers, will document all facets of deploying Nessus on a production network.

* Nessus is the premier Open Source vulnerability assessment tool, and was recently voted the "most popular" open source security tool of any kind.

* This is the first book available on Nessus and it is written by the world's premier Nessus developers led by the creator of Nessus, Renaud Deraison.

* The dramatic success of Syngress' SNORT 2.0 INTRUSION DETECTION clearly illustrates the strong demand for books that offer comprehensive documentation of Open Source security tools that are otherwise Undocumented.

Product details

  • Format: Kindle Edition
  • File Size: 5979 KB
  • Print Length: 550 pages
  • Publisher: Syngress; 1 edition (14 Oct 2004)
  • Sold by: Amazon Media EU S.à r.l.
  • Language: English
  • ASIN: B001V7U7B8
  • Text-to-Speech: Enabled
  • X-Ray:
  • Amazon Bestsellers Rank: #1,323,215 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
  •  Would you like to give feedback on images?

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on (beta) 4.1 out of 5 stars  12 reviews
9 of 9 people found the following review helpful
4.0 out of 5 stars Long overdue but worth the wait 6 Dec 2004
By Richard Bejtlich - Published on
'Nessus Network Auditing' (NNA) is the definitive (and only) guide to the Nessus open source vulnerability assessment tool. I recommend all security professionals read this book. You may start as a Nessus user, but the book will help you become part of the Nessus community.

NNA features twelve contributors, but it doesn't suffer the fate of other books with similar high author counts. NNA manages to present fairly original material in each chapter, without a lot of overlap. I credit the lead authors and editors for keeping the contributors on track. They could have reduced the number of crashing printer stories, however.

Several chapters stood out from the others. Ch 1 explains the need for conducting vulnerability assessment. Ch 3 makes a good case for always installing from source code and not trusting precompiled binaries. Chs 8 and 9 deliver real value with insights into Nessus internals, such as scanning architecture and the Nessus Knowledge Base. Ch 10 presents crude albeit workable ways to measure bandwidth to alleviate loads caused by scans. Ch 11 is an excellent rationale for the Nessus Attack Scripting Language (NASL) written by Nessus' creator. I would have liked to have seen an appendix based on an actual (perhaps sanitized) scan, showing how a security admin selected tests, ran the scan, and validated results.

NNA suffers a few problems. A few typos are present, but nothing that distracts from the book's content. I did find the ch 4 author's mention of the TCP "triple handshake" to be odd. While not wrong, this process is usually called the "three-way handshake." The screenshots in appendix B are of poor quality and should be replaced in future editions.

Note that the Nessus version used in NNA varies from 2.0.9 to 2.0.10a, and the current edition is 2.2.0. Version creep is part of every technical book, and did not make a big difference at this point. When Nessus 2.4 is released, watch for the adoption of the new BOSS GUI to clearly alter the face of the Nessus interface.

Overall, NNA is an excellent technical resource for anyone charged with auditing network security. I have a greater appreciation for the Nessus architecture and its ability to do more in-depth host checks. Motivated readers can use this book to learn how to write their own NASL scripts and effectively deploy a distributed scanning architecture.
7 of 7 people found the following review helpful
4.0 out of 5 stars a MUST read for all IT Security Engineers! 21 Oct 2004
By Troy Schumaker - Published on
I must admit, as a Nessus user for many many years now, I was excited to hear that a publication was finally becoming available on Nessus (isn't one astonished of how many actual Cisco/Microsoft/Java books exist). However, I was "pensive at best" when it came to actually purchasing a book that "appeared" to simply convey how to install/configure/run this award-winning IT Security tool.

To my pleasant surprise, the very evening I purchased the book, I found myself unable to put this book down, and in fact, stayed up nearly all night reading the entire thing. My overall rating? The best investment I'd spent for an IT Security book in several years. Hands down!

Thankfully, only about 1/3 of the book is spent on install/configure/running the product, the other 2/3rds of the publication convey keen insights surrounding the ins and outs of vulnerability assessments.

I submit that all IT Security Engineers should spent the money and time gaining "keen insights and perspectives" of Renaud Deraison, unquestionably a pioneer in the history of IT Security. True, a vulnerability assessment is only one (yet key) piece of the entire "Security Puzzle", nevertheless, if your job carries the title CISSP/CISM, and you're involved with IT Security (regardless of whether or not your vulnerability assessment tool du jour is Nessus or not) your understanding surrounding vulnerability assessments isn't complete til you've peered into the "Mind's eye" of Mr. Deraison.

Clearly, in the annals of IT Security, history will render him a Pioneer in the journey of protecting an organizations IT assets.
5 of 5 people found the following review helpful
4.0 out of 5 stars the manual 6 Jan 2005
By Jeff Pike - Published on
This book is the only game in town when it comes to nessus. The information it contains should be regarded as mandatory knowledge for those running nessus in a professional environment. This book is about more than just nessus. It is about an approach to network auditing and vulnerability assessment.

The first few chapters are largely introductory and cover vulnerability assessment and nessus basics. The next few chapters cover more basics including running a scan, interpreting results, and vulnerability types.

The latter chapters cover areas of interest to an experienced nessus user. The chapter on false positives begs to be read. The authors offer a logical approach to dealing with false positives that most organizations lack. The remaining chapters detail the inner workings of nessus (knowledge base, nasl, plugin writing), enterprise scanning, and the nessus user community.

This book provides a through explanation of the tool. Enough information is given to start writing your own custom security checks. However, I did find myself wanting for a little more technical substance (especially in the plug-in writing/nasl area), but maybe that's just me. This book has a decent index that helps with reference. This book will benefit the beginner and experienced user alike.
4 of 4 people found the following review helpful
4.0 out of 5 stars Thorough descriptions 14 Oct 2004
By W Boudville - Published on
For network security, there has been a proliferation of tools to aid the harassed sysadmin. Prominent amongst these is Nessus, which, given its origin in 1998, is somewhat of a veteran in this field.

The book's first chapter is a very articulate and concise overview of vulnerability assessment, and independent of specific tools like Nessus. But moving onto Nessus, you get a detailed user's manual. From running it to interpreting the results. The latter can be tricky. The book tries to give you some appreciation of the limitations of Nessus and of the assumptions that it might implicitly make about your network and machines. It turns out that to use it well, you need good familiarity with your network. Like its topology and any perculiarities of the machines. For example, do you have a program running on one machine that regularly probes the others, for whatever reason? And are you aware of the patch status of the machines? Nessus can help you with detecting such things. But it won't hurt to know as much, a priori.

Don't ignore the chapter on the world wide user community. It can be a vital resource if you end up using Nessus.
3 of 3 people found the following review helpful
5.0 out of 5 stars Required reading for network administrators 4 Feb 2005
By Harold McFarland - Published on
The purpose of Nessus is to provide an Open Source Solution for network auditing on all Unix like systems. This book not only details using Nessus but also comes with a CD containing the program, as well as Ethereal, Snort, and Newt (a port of the program to the Windows environment).

What is a network assessment? At its basic level it is an attempt to detect a live system and then identify the computing environment, services, applications, and vulnerabilities on that system. Basically there are two types of assessment - internal and external. An internal assessment is done over the local network and external is done from outside the LAN. Nessus will do both types and the book details how to do either, or both of them.

The authors do an excellent job of detailing installation, setup, and how to interpret the results of a scan as well as various factors that can affect the report. One of the parts not to be missed is the discussion of not only the benefits but also the potential problems of scanning your system. Some of the vulnerability types scanned for include buffer overflows, default passwords, backdoors, information leaks, and denial of service.

The Nessus scripting language is covered in detail in Appendix A instead of the main portion of the book; a choice I appreciated very much as it allowed the flow of the book to not be interrupted by such a highly technical section. With Open Source products there generally is no organized technical support phone number you can call of help. So, the authors include information on how to get help via the Nessus User Community, mailing lists, and archives.

Nessus Network Auditing is a highly recommended book for anyone interested in auditing their network to find potential problems before they become reality.
Were these reviews helpful?   Let us know

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category