Network Security Assessment: Know Your Network and over 2 million other books are available for Amazon Kindle . Learn more

Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Image not available

Start reading Network Security Assessment: Know Your Network on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Network Security Assessment: Know Your Network [Paperback]

Chris McNab
4.7 out of 5 stars  See all reviews (6 customer reviews)

Available from these sellers.


Amazon Price New from Used from
Kindle Edition 13.25  
Paperback 38.50  
Paperback, 29 Mar 2004 -- Trade-In Store
Did you know you can use your mobile to trade in your unwanted books for an Gift Card to spend on the things you want? Visit the Books Trade-In Store for more details or check out the Trade-In Amazon Mobile App Guidelines on how to trade in using a smartphone. Learn more.
There is a newer edition of this item:
Network Security Assessment: Know Your Network Network Security Assessment: Know Your Network 4.7 out of 5 stars (6)
In stock.

Book Description

29 Mar 2004 059600611X 978-0596006112 1

There are hundreds--if not thousands--of techniques used to compromise both Windows and Unix-based systems. Malicious code and new exploit scripts are released on a daily basis, and each evolution becomes more and more sophisticated. Keeping up with the myriad of systems used by hackers in the wild is a formidable task, and scrambling to patch each potential vulnerability or address each new attack one-by-one is a bit like emptying the Atlantic with paper cup.

If you're a network administrator, the pressure is on you to defend your systems from attack. But short of devoting your life to becoming a security expert, what can you do to ensure the safety of your mission critical systems? Where do you start?

Using the steps laid out by professional security analysts and consultants to identify and assess risks, Network Security Assessment offers an efficient testing model that an administrator can adopt, refine, and reuse to create proactive defensive strategies to protect their systems from the threats that are out there, as well as those still being developed.

This thorough and insightful guide covers offensive technologies by grouping and analyzing them at a higher level--from both an offensive and defensive standpoint--helping administrators design and deploy networks that are immune to offensive exploits, tools, and scripts. Network administrators who need to develop and implement a security assessment program will find everything they're looking for--a proven, expert-tested methodology on which to base their own comprehensive program--in this time-saving new book.

Product details

  • Paperback: 400 pages
  • Publisher: O'Reilly Media; 1 edition (29 Mar 2004)
  • Language: English
  • ISBN-10: 059600611X
  • ISBN-13: 978-0596006112
  • Product Dimensions: 23.1 x 17.7 x 2.4 cm
  • Average Customer Review: 4.7 out of 5 stars  See all reviews (6 customer reviews)
  • Amazon Bestsellers Rank: 1,168,889 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

Product Description

About the Author

Chris McNab is the Technical Director of Matta, a vendor-independent security consulting outfit based in the United Kingdom. Since 2000, Chris has presented and run applied hacking courses across Europe, training a large number of financial, retail, and government clients in practical attack and penetration techniques, so that they can assess and protect their own networks effectively. Chris speaks at a number of security conferences and seminars, and is routinely called to comment on security events and other breaking news. He has appeared on television and radio stations in the UK (including BBC 1 and Radio 4), and in a number of publications and computing magazines. Responsible for the provision of security assessment services at Matta, Chris and his team undertake Internet-based, internal, application, and wireless security assessment work, providing clients with practical and sound technical advice relating to secure network design and hardening strategies. Chris boasts a 100% success rate when compromising the networks of multinational corporations and financial services companies over the last five years.

Excerpt. © Reprinted by permission. All rights reserved.

Chapter 4 -IP Network Scanning

This chapter focuses on the technical execution of IP network scanning. After undertaking initial reconnaissance to identify IP address spaces of interest, network scanning builds a clearer picture of accessible hosts and their network services. Network scanning and reconnaissance is the real data gathering exercise of an Internet-based security assessment. The rationale behind IP network scanning is to gain insight into the following elements of a given network:

• ICMP message types that generate responses from target hosts
• Accessible TCP and UDP network services running on the target hosts
• Operating platforms of target hosts and their configuration
• Areas of vulnerability within target host IP stack implementations (including sequence number predictability for TCP spoofing and session hijacking)
• Configuration of filtering and security systems (including firewalls, border routers, switches, and IDS sensors)

Performing both network scanning and reconnaissance tasks paints a clear picture of the network topology and its security mechanisms. Before penetrating the target network, further assessment steps involve gathering specific information about the TCP and UDP network services that are running, including their versions and enabled options.

ICMP Probing
The Internet Control Message Protocol (ICMP) identifies potentially weak and poorly protected networks. ICMP is a short messaging protocol that’s used by systems administrators and end users for continuity testing of networks (e.g., using the ping or traceroute commands). From a network scanning and probing perspective, the following types of ICMP messages are useful:

Type 8 (echo request)
Echo request messages are also known as ping packets. You can use a scanning tool such as nmap to perform ping sweeping and easily identify hosts that are accessible.

Type 13 (timestamp request)
A timestamp request message requests system time information from the target host. The response is in a decimal format and is the number of milliseconds elapsed since midnight GMT.

Type 15 (information request)
The ICMP information request message was intended to support self-configuring systems such as diskless workstations at boot time, to allow them to discover their network address. Protocols such as RARP, BOOTP, or DHCP do so more robustly, so type 15 messages are rarely used.

Type 17 (subnet address mask request)
An address mask request message reveals the subnet mask used by the target host. This information is useful when mapping networks and identifying the size of subnets and network spaces used by organizations.

Firewalls of security-conscious organizations often blanket-filter inbound ICMP messages and so ICMP probing isn’t effective; however, ICMP isn’t filtered in most networks because ICMP messages are often useful for network troubleshooting purposes.

There are a handful of other ICMP message types that have relevant security applications
(such as ICMP type 5 redirect messages sent by routers), but they aren’t related
to network scanning.

Table 4-1 outlines popular operating systems and their responses to certain types of
direct ICMP query messages.

Indirect ICMP query messages can be sent to the broadcast address of a given subnet (such as in a network). Operating systems respond in different ways to indirect queries issued to a broadcast address, as shown in Table 4-2.

Ofir Arkin of the Sys-Security Group has undertaken a lot of research into ICMP over recent years, publishing white papers dedicated entirely to the use of ICMP probes for OS fingerprinting. For quality in-depth details of ICMP probing techniques, please consult his research available from his web site.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Customer Reviews

4 star
2 star
1 star
4.7 out of 5 stars
4.7 out of 5 stars
Most Helpful Customer Reviews
1 of 1 people found the following review helpful
3.0 out of 5 stars An in-depth technical resource 10 Jun 2009
This book introduces the tools and techniques used for evaluating the security of networks and services. It aims to provide the readers with tactical and technical knowledge to determine how secure a network is by attempting to probe and exploit it. It serves as an excellent in-depth technical resource for those who continuously strive to protect their networks.

The first chapter sets the scene and gives an overview of the network security assessment methodology. The following chapter familiarises the reader with tools and software that are used at various stages of the book.

The author then takes the reader on an extensive technical journey, tackling every aspect of a network to highlight potential weaknesses and vulnerabilities that may exist and ways to determine them.

From chapter to chapter, the author covers it all, including network enumeration, web services and applications, database and email services, VPNs, various Windows and Unix specific services and more. At the end of every chapter, a section on appropriate countermeasures is added to discuss means to protect systems from the vulnerabilities uncovered in the chapter.

A few chapters worthy of mention include chapter 4, which is one of the best surveys on network scanning and probing techniques I have come across. It covers the various characteristics of IP, ICMP, TCP and UDP protocols used to gather information about networked hosts and services. Scans and probes are discussed in relevant and clear detail along with the various tools available to launch them.

Chapter 14 provides a very thorough examination of memory manipulation attacks that are launched at the application level.
Read more ›
Comment | 
Was this review helpful to you?
By HeadUp
Format:Paperback|Verified Purchase
This covers a wide variety of topics and in more depth than I could have imagined!

It provides clear and easy for follow instructions on the what Network Security Assessment is all about but don't be fooled! It also covers all topics in detail. Be warned though! This author's knowledge us very extensive and you could end up better informed than you expected :)

Downside: Some of the aspects covered are slightly dated due to the date of publication so that really not a criticism of the book itself but I would argue that 90-95% of what's covered is still relevant today.
Comment | 
Was this review helpful to you?
Format:Kindle Edition
This book gives a good cross-technology baseline from which to learn about penetration testing. I would make this mandatory reading for all Security Analysts. Previous to this book I had not seen a more business-oriented vulnerability assessment guide. There's an awful lot of writing out there about theoretical attack vectors and techniques, but very few of these are oriented to needs of businesses in the real world of the actual risks faced by businesses.
In terms of it's applicability to penetration testing as a whole...we're talking about a huge field of knowledge, but this book should at least be seen as a very good place from which to start. Some of the more exotic attacks and exploits are not covered, but then again, the more exotic sides of penetration testing rarely are deployed in anger in a commercial penetration test.
As I have commented in my own book (Security De-Engineering: Solving the Problems in Information Risk Management) Penetration testing in today's commercial world is in most cases just a compliance show (companies need to show auditors their perimeter (whatever that is these days) has been tested by an independent third party), but there are some niches where quality is sought and appreciated. This book gives those entering such areas of the industry a very good start.
Comment | 
Was this review helpful to you?
Would you like to see more reviews about this item?
Were these reviews helpful?   Let us know

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category