This Paperback Book item from O´Reilly Media, Inc. was reviewed on 2-Aug-2008.
Search ISBN:0596007949 offer from Abebooks or used books from Alibris. Network Security Tools: Writing, Hacking, and Modifying Security Tools Reference Book. Classifications : Privacy Business & Culture Computers & Internet Subjects Books Hacking Business & Culture Computers & Internet Subjects Books Intranets & Extranets Networking Computers & Internet Subjects Books LAN N . Click the following link to view the cover of Network Security Tools: Writing, Hacking, and Modifying Security Tools. Related topics: Privacy. Business & Culture. Subjects. Books. Hacking. Business & Culture. Subjects. Books. Networking. Subjects. requestid: bd6c219d-234d-471c-af9a-4d57d3f18b18
requestprocessingtime: 0.1918910000000000
salesrank: 409077
numberofitems: 1
packagedimensions: 130900120700
1) Paperback Book Network Security Tools: Writing, Hacking, and Modifying Security Tools by O´Reilly Media, Inc.. In recent years the proliferation of open source network security tools has been a boon to all aspects of the IT industry. This era was given more significance with the release of the tool SATAN, which easily enabled administrators to scan their networks for vulnerabilities. Since then, many of the most favored tools in the infosec industry are open source. This means that users can extend them as they see fit, but often this is a difficult task. Dhanjani and Clarke´s book Network Security Tools is there to assist you in modifying existing tools and even writing your own.
The book is divided into two main sections, modifying several popular tools like Nessus and Metasploit, and writing new tools for the Linux kernel and the network using libpcap and libnet. Written for the intermediate-level user, NST gets right to it in Chapter 1, diving right into writing plug-ins for Nessus. Because vulnerabilities appear every day and may differ on the network you´re examining, you may have to write your own plug-in that someone else hasn´t. Or you may want the fame and notoriety of writing these plug-ins quickly and accurately. Whatever your motivation, you´ll learn how to use NASL to write your extension. While the license has recently changed for Nessus, the version that this book targets, 2.x, will always be GPL and available for you to use.
The existing tools covered in the book - Nessus, Ethereal, Ettercap, Metasploit, Nikto, Hydra. and PMD - are designed to be extended. They have a framework and often a rich API (or, in the case of Nessus, their own language) to allow you to write those extensions. Each of the chapters on these frameworks covers some of the same basic format, namely an overview of the tools, the framework, and then an example plug-in or extension. The quality of the chapters varies, presumably due to the natural differences in the authors´ experiences. However, you´ll learn something in each of them.
The second half of the book covers writing your own tools against four or five different landscapes. These are Linux kernel modules and kernel-level rootkits, web assessment tools (in Perl), an automated exploit tool, and sniffers and packet injection tools (using libpcap and libnet). The authors wisely show how to take a small tool, a recon scanner from Chapter 8, and extend it in Chapter 9 to make it an automated exploit tool. Pretty cool, and you wind up with a neat web-testing tool out of it. With some more work, you can make it a framework for any sort of web-based attack methodology. The authors use clear examples and a decent presentation style to deliver a quality set of chapters.
The same can be said for the two chapters on network tools, the sniffer and the packet injector. You´ll build a simple ARP sniffer with pcap and libnet, and then move on to a simple SYN scanner and then a tool called ´Airjack´, which i designed for a Linux environment. Again, clear code, and the authors do an effective tour of the process by which they build some simple, but representative, tools.
Overall I´m quite pleased with NST, I think the authors have delivered a concise, practical and valuable book on the subject. While there are several frameworks available for security tools, this the first single book on the subject of writing plug-ins and extensions for most of the main tools out there. While the authors are a bit skimpish at times on the material, due to space constraints or matters of expertise, they do a good job of showing clear examples that anyone can use. If you´ve been curious about extending existing security tools with your own code, this is probably the best single place to start.¤ 2) Paperback Book Network Security Tools: Writing, Hacking, and Modifying Security Tools by O´Reilly Media, Inc.. Under the covers of one book, the authors present a coherent view of the various network security packages freely available. The bias is in favour of open source tools, if only because these are free. The book goes deeper than just explaining how to run Nessus or Ettercap or... [etc] Most chapters involve the writing of plug-ins or extensions to those tools. Actually, another criterion for a tool to be covered in this book seems to be if it has precisely this ability to be extended by any competent person (like you).
Thus, the book is directed slightly more towards the network programmer than the network sysadmin. Though this is by no means a sharp demarcation, I hasten to add. In fact, you might be a sysadmin dissatisfied with running your current Intrusion Detection System package simply just out of the box. If so, try actively programming plug-ins using this book, to adapt the IDS to your actual network situation.¤ 3) Paperback Book Network Security Tools: Writing, Hacking, and Modifying Security Tools by O´Reilly Media, Inc.. If you´re an advanced security professional, then you know that the battle to protect online privacy continues to rage on. Security chat rooms, especially, are resounding with calls for vendors to take more responsibility to release products that are more secure. In fact, with all the information and code that is passed on a daily basis, it´s a fight that may never end. Fortunately, there are a number of open source security tools that give you a leg up in the battle. Often a security tool does exactly what you want, right out of the box. More frequently, you need to customize the tool to fit the needs of your network structure. Network Security Tools shows experienced administrators how to modify, customize, and extend popular open source security tools such as Nikto, Ettercap, and Nessus. This concise, high-end guide discusses the common customizations and extensions for these tools, then shows you how to write even more specialized attack and penetration reviews that are suited to your unique network environment. It also explains how tools like port scanners, packet injectors, network sniffers, and web assessment tools function. Some of the topics covered include: - Writing your own network sniffers and packet injection tools
- Writing plugins for Nessus, Ettercap, and Nikto
- Developing exploits for Metasploit
- Code analysis for web applications
- Writing kernel modules for security applications, and understanding rootkits
While many books on security are either tediously academic or overly sensational, Network Security Tools takes an even-handed and accessible approach that will let you quickly review the problem and implement new, practical solutions--without reinventing the wheel. In an age when security is critical, Network Security Tools is the resource you want at your side when locking down your network.¤Page Updated: Robert N. Goolsby, 30-Aug-2008, 05960079499780596007942, 430-580-160-490-060-411-8 
Network Security Tools: Writing, Hacking, and Modifying Security Tools, Book, Image © O´Reilly Media, Inc.
|
