Books

Intranet Security
Configuring Windows 2000 Server Security
Cisco Security QoS and AVVID Kit
Hackproofing Your Wireless Network
Hack Proofing ColdFusion 5.0
Current Security Management and Ethical Issues of Information Technology
Managing Cisco Network Security
Snort Intrusion Detection
Mcse Implementing and Administering Security in a Windows 2000 Network Study Guide and DVD Training System
Information and Communications Security: 4th International Conference, Icics 2002, Singapore, December 9-12, 2002, Proceedings (Lecture Notes in Computer Science)
Advances in Cryptology - Asiacrypt 2002: 8th International Conference on the Theory and Application of Cryptology and Information Security, Queenstown, New Zealand, December 1-5, 2002, Proceedings (Lecture Notes in Computer Science)
Progress in Cryptology - INDOCRYPT 2002: Third International Conference on Cryptology in India Hyderabad, India, December 16-18, 2002 (Lecture Notes in Computer Science)
Public Key Cryptography - PKC 2003: Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography, PKC 2003, Miami, FL, USA, January 6-8, 2003 (Lecture Notes in Computer Science)
Cryptographic Hardware and Embedded Systems - Ches 2002: 4th International Workshop, Redwood Shores, CA, USA, August 13-15, 2002, Revised Papers (Lecture Notes in Computer Science)
Security in Communication Networks: Third International Conference, Scn 2002, Amalfi, Italy, September 11-13, 2002, Revised Papers (Lecture Notes in Computer Science)
Information Hiding: 5th International Workshop, Ih 2002, Noordwijkerhout, the Netherlands, October 7-9, 2002, Revised Papers (Lecture Notes in Computer Science)
Privacy Enhancing Technologies: Second International Workshop, Pet 2002, San Francisco, Ca, USA, April 14-15, 2002, Revised Papers (Lecture Notes in Computer Science)
Selected Areas in Cryptography: 9th Annual International Workshop, SAC 2002, St. John's, Newfoundland, Canada, August 15-16, 2002, Revised Papers: Vol 2595 (Lecture Notes in Computer Science S.)
Cryptographic Hardware and Embedded Systems - Ches 2000: Second International Workshop Worcester, MA, USA, August 17-18, 2000 Proceedings (Lecture Notes in Computer Science)
Designing Privacy Enhancing Technologies: International Workshop on Design Issues in Anonymity and Unobservability, Berkeley, CA, USA, July 25-26, 2000 - Proceedings (Lecture Notes in Computer Science)
Fast Software Encryption: 7th International Workshop, FSE 2000, New York, NY, USA, April 10-12, 2000 Proceedings (Lecture Notes in Computer Science)
Topics in Cryptology - Ct-RSA 2001: The Cryptographer's Track at RSA Conference 2001 San Francisco, Ca, USA, April 8-12, 2001 Proceedings (Lecture Notes in Computer Science)
Advances in Cryptology: Eurocrypt 2001 - International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, Austria, May 6-10, 2001, Proceedings (Lecture Notes in Computer Science)
Information Assurance in Computer Networks: Methods, Models and Architectures for Network Security - International Workshop MMM-ACNS 2001 St. Petersburg, Russia, May 21-23, 2001 Proceedings (Lecture Notes in Computer Science)
Information Security and Privacy: 6th Australasian Conference, Acisp 2001, Sydney, Australia, July 11-13, 2001. Proceedings: 6th Australasian Conference, ACISP 2001, Sydney, Australia, July 11-13, 2001.Proceedings (Lecture Notes in Computer Science)

Average customer rating:

Disappointing
1/4 good
Great book on SNMP starts from the beginning
Essential SNMP, Second Edition, Review
Good book, but where is there one for idiots?

Essential SNMP, Second Edition
Douglas Mauro , and Kevin Schmidt
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Programming | O'Reilly | By Publisher | Books

Network Administration | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

SNMP, SNMPv2, SNMPv3, and RMON 1 and 2 (3rd Edition)
Understanding SNMP MIBs
SSH, The Secure Shell: The Definitive Guide
Nagios: System and Network Monitoring
Pro Nagios 2.0 (Expert's Voice in Open Source)

ASIN: 0596008406

Amazon.com

Without Simple Network Management Protocol (SNMP), network administrators might have to actually get out of their chairs and go see what's up with all of the network-connected equipment under their authority. Perish the thought. Essential SNMP explains how the management protocol works and how it's implemented by several operating systems and pieces of equipment. More importantly, this book shows its reader--who should be a network administrator who's familiar with the problems of running a distributed network--how SNMP can earn its place as a network administration tool. In other words, this book examines SNMP as a strategic resource as well as a technical phenomenon.

Because it's oriented toward SNMP as a tool, much of the coverage in this book has to do with software that uses SNMP to provide network monitoring and control services. After a strengths-and-weaknesses overview of a number of SNMP packages, the authors use mainly HP OpenView, Castle Rock SNMPc, and Net-SNMP (the last in combination with Perl scripting) to demonstrate how SNMP works and how to take advantage of it. It's the scripting that really distinguishes this book from other SNMP books, by the way. It's integral to the authors' presentation, and the latter half of this book is packed with shell and Perl listings. --David Wall

Topics covered: Simple Network Management Protocol (SNMP) and its applicability as a network management tool. Details like object identifiers (OIDs), management information bases (MIBs), traps, and community strings are defined and explained. The configuration of SNMP agents is detailed for several software packages and operating systems, and the integration of SNMP and scripts (in shell languages and in Perl) is covered nicely.

Book Description

Simple Network Management Protocol (SNMP) provides a "simple" set of operations that allows you to more easily monitor and manage network devices like routers, switches, servers, printers, and more. The information you can monitor with SNMP is wide-ranging--from standard items, like the amount of traffic flowing into an interface, to far more esoteric items, like the air temperature inside a router. In spite of its name, though, SNMP is not especially simple to learn.

O'Reilly has answered the call for help with a practical introduction that shows how to install, configure, and manage SNMP. Written for network and system administrators, the book introduces the basics of SNMP and then offers a technical background on how to use it effectively. Essential SNMP explores both commercial and open source packages, and elements like OIDs, MIBs, community strings, and traps are covered in depth. The book contains five new chapters and various updates throughout. Other new topics include:

Expanded coverage of SNMPv1, SNMPv2, and SNMPv3
Expanded coverage of SNMPc
The concepts behind network management and change management
RRDTool and Cricket
The use of scripts for a variety of tasks
How Java can be used to create SNMP applications
Net-SNMP's Perl module

The bulk of the book is devoted to discussing, with real examples, how to use SNMP for system and network administration tasks. Administrators will come away with ideas for writing scripts to help them manage their networks, create managed objects, and extend the operation of SNMP agents.

Once demystified, SNMP is much more accessible. If you're looking for a way to more easily manage your network, look no further than Essential SNMP, 2nd Edition.

Customer Reviews:

Disappointing.......2007-05-25

Most of the books in this series are very technical and go into serious details. This one reads like a compendium of owner's manuals. A really good book on SNMP is needed and this one is not it.

1/4 good.......2007-05-03

This book is good up till you get 1/4 of the way through it. The first quarter of the book is good and it goes over general SNMP stuff then history different versions etc. The last 3/4 of this book cover configuring proprietary monitoring systems like open view and solar winds.

I dont care about open view.. or solar winds.. i wanted to learn about snmp... not some vendors software package. Im suprised that this got published with such a general title.. when really the book is an snmp intro, followed by how to setup a proprietary monitoring tool.

Great book on SNMP starts from the beginning.......2007-02-21

I hadn't seen a new book on SNMP come out in some time, and the older ones I had read were so abstract and unhelpful that I was reluctant to try another one. This book, though not perfect, is much better than the older books I have looked at on the subject. For one thing, it just didn't dive into the subject with a bunch of confusing graphs and object trees assuming I already knew the big picture.

Chapter one is just a general introduction to SNMP and network management. Chapter 2 goes into details on both SNMPv1 and SNMPv2. It talks about how SNMP sends and receives information, how to read MIB files, and about SNMP communities. It looks in detail at three MIB's - MIB-II, Host Resources, and RMON. MIB-II is a very important management group because every device that supports SNMP must also support MIB-II, thus objects from MIB-II are used in examples through the whole book. Chapter 3 introduces SNMPv3, which addresses the security problems present in v1 and v2.

Next the book introduces the idea of a network management architecture. It stresses that you need a plan that helps you use Network Management Stations (NMS's) effectively in order to effectively manage your network. This section includes how to properly choose your hardware and what questions you need to ask yourself. Next the book discusses actually installing and running your software. Specifically HP's OpenView Network Node Manager and Castle Rock's SNMPc Enterprise Edition are discussed. Included are detailed instructions along with screenshots of the application. Next there are instructions on how to configure SNMP agents. You are walked through some standard configuration parameters plus some advanced parameters that sometimes crop up. Once again there are plenty of screen shots to help you know you are on the right path.

Now that you've been walked through the configuration of your system and the installation of software, the book shows you how to use the three basic SNMP operations of snmpget, snmpset, and snmpwalk. A group of Perl scripts are shown that set, get, and walk objects. Next HP OpenView and Net-SNMP are used to perform the same operations from the command line. A third alternative is demonstrated that uses OpenView's graphical MIB Browser. Next is a discussion of how to set up SNMP to poll your devices at certain intervals and to set thresholds that require action if crossed. Again Perl scripts enter the discussion for configuring this set-up. SNMPc and OpenView screen shots show you how to configure this using graphical interfaces, and what to expect. Next the book discusses traps, which are how an agent sends a monitoring station asynchronous notification about certain key conditions that may require action. The book demonstrates how to handle traps using OpenView and Perl scripts. Next the book shows how to read, configure, and even define your own traps.

The book now turns to the problem of agents that need to be extended in their abilities. The book discusses the answer to this problem - extensible SNMP agents - and three of them in particular - the OpenView, Net-SNMP, and SystemEdge agents. Next are some interesting scripts for automating common system administration tasks. Issues covered by these little scripts include determining who is logging into your machine, a port monitor, service monitoring, and switching port control, among others. There is then a discussion on MRTG (Multi Router Traffic Grapher), a trend analysis tool that generates image files and whose output is viewable from a web browser. Complete instructions on installing and using the tool are given. The next tool discussed is RRDtool, which in network management will most likely be used to store and process data collected via SNMP. However RRDtool can be used for many diverse purposes that have nothing to do with computer networks. The last chapter in the book is an odd one on using Java with SNMP. Specifically, the book presents the Java SNMP API known as SNMP4J. It doesn't really seem to add any functionality other than being an alternative for people who don't like to use Perl.

I liked this book very much. It had many good examples and it answered all of the questions I had previously had on SNMP starting from the beginning with what is SNMP and what can it do for you? I would highly recommend it to any network administrator who is planning on workng with SNMP.

Essential SNMP, Second Edition, Review.......2007-01-17

An excellent book that can help not only network engineers but Unix system administrators.
A lot of doubts that I had about SNMP went away and I feel much more relaxed with this topic in technical circles.

Good book, but where is there one for idiots?.......2007-01-11

I pretty much hate SNMP. It's stems from not understanding it. This book has given me a grasp on some of the concepts, but has refered to a few things that I am supposed to already know. It's not for beginners.

The Complete Cisco VPN Configuration Guide (Networking Technology)

Average customer rating:

Bingo!
Great if you like GUI applications, not if you use the CLI.
Excellent resource for security professionals
The Best Cisco VPN Configuration Book
A useful read for security professionals

The Complete Cisco VPN Configuration Guide (Networking Technology)
Richard Deal
Manufacturer: Cisco Press
ProductGroup: Book
Binding: Paperback

General | Certification Central | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Qualifying Textbooks - Spring 2007 | Stores | Books
Similar Items:

Cisco ASA and PIX Firewall Handbook, First Edition
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance (Networking Technology)
IPSec VPN Design (Networking Technology)
Troubleshooting Virtual Private Networks (VPN) (Networking Technology)
Cisco Field Manual: Catalyst Switch Configuration

ASIN: 1587052040

Book Description

Use Cisco concentrators, routers, Cisco PIX and Cisco ASA security appliances, and remote access clients to build a complete VPN solution

A complete resource for understanding VPN components and VPN design issues
Learn how to employ state-of-the-art VPN connection types and implement complex VPN configurations on Cisco devices, including routers, Cisco PIX and Cisco ASA security appliances, concentrators, and remote access clients
Discover troubleshooting tips and techniques from real-world scenarios based on the author’s vast field experience
Filled with relevant configurations you can use immediately in your own network

With increased use of Internet connectivity and less reliance on private WAN networks, virtual private networks (VPNs) provide a much-needed secure method of transferring critical information. As Cisco SystemsÂ® integrates security and access features into routers, firewalls, clients, and concentrators, its solutions become ever more accessible to companies with networks of all sizes. The Complete Cisco VPN Configuration Guide contains detailed explanations of all CiscoÂ® VPN products, describing how to set up IPsec and Secure Sockets Layer (SSL) connections on any type of Cisco device, including concentrators, clients, routers, or Cisco PIXÂ® and Cisco ASA security appliances. With copious configuration examples and troubleshooting scenarios, it offers clear information on VPN implementation designs.

Part I, âVPNs,â introduces the topic of VPNs and discusses today’s main technologies, including IPsec. It also spends an entire chapter on SSL VPNs, the newest VPN technology and one that Cisco has placed particular emphasis on since 2003. Part II, âConcentrators,â provides detail on today’s concentrator products and covers site-to-site and remote-access connection types with attention on IPsec and WebVPN. Part III covers the Cisco VPN Client versions 3.x and 4.x along with the Cisco3002 Hardware Client. Cisco IOSÂ® routers are the topic of Part IV, covering scalable VPNs with Dynamic Multipoint VPN, router certificate authorities, and router remote access solutions. Part V explains Cisco PIX and Cisco ASA security appliances and their roles in VPN connectivity, including remote access and site-to-site connections. In Part VI, a case study shows how a VPN solution is best implemented in the real world using a variety of Cisco VPN products in a sample network.

This security book is part of the Cisco PressÂ® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Customer Reviews:

Bingo!.......2007-02-10

Well this book proved few things to me... Firstly VPN is not rocket science and secondly I havent seen any better book than this that Cisco press might have printed. IPSEC, GRE, SSL, L2TP, PPTP, WEBVPN were the term that used to give me nightmares. However this book was just perfect and 1 month of reading this book makes me very confident about the whole technology. I generally followed each chapter with real hands on and I wasnt bumped even once anywhere. I will seriously recommend this book to everyone, if VPN is what you want to learn, stop your search here! NOW!

Great if you like GUI applications, not if you use the CLI........2006-11-03

I was hoping that the book would spend more time on actual router configuration rather than use GUI-related products. It was difficult to divine the actual config while wading through page after page of screen-shots.

Excellent resource for security professionals.......2006-07-04

Richard Deal's book, The Complete Cisco VPN Configuration Guide, sets out to provide a comprehensive reference for networking professionals designing, deploying, and managing VPN solutions. This book covers the foundational information as well as step by step guides to configuring VPN solutions on Cisco VPN Concentrators, software and hardware clients, Cisco IOS routers, and Cisco PIX and ASA appliances.

The book is broken down into 6 parts: VPNs, Concentrators, Clients, IOS Routers, PIX Firewalls, and a Case Study. The VPN chapters provide the reader with an excellent foundation in VPNs. These chapters cover topics such as VPN types and topologies, technologies used to establish VPNs, as well as VPN implementations, such as IPsec, PPTP, L2TP, SSL. The next section focuses on the Cisco VPN Concentrators. Mr. Deal provides information on the Cisco 3000 series of VPN concentrators as well as the features of various software releases. The next few chapters focus on different deployment scenarios. These scenarios include remote access with IPsec, Remote access with PPTP, L2TP, and WebVPN (SSL), and site-to-site. The final chapters of the concentrator section cover management and troubleshooting. The next section covers software (Cisco and Microsoft) and hardware (Cisco) VPN clients. The fourth section focuses on Cisco IOS Routers. This section follows a similar layout to the concentrator section providing details about site-to-site and remote access VPN connections as well as a troubleshooting chapter at the end. It does highlight the differences in the configuration as well. As with the concentrators, Mr. Deal include specific product information. While helpful in dealing with existing equipment, it quickly will become obsolete as Cisco EOS/EOL equipment and software from these lists. It might have been more practical to provide URL references to Cisco's website. The fifth section covers VPN deployments with the Cisco PIX and ASA security appliances. Again, the layout is consistent with the IOS Router and Concentrator sections. The final section is a case study which brings together most of the concepts covered in the book.

This book is an excellent reference on VPNs. It should be in every networking professional's personal library who designs, deploys, and manages a VPN solution. The diagrams are clear and easy to follow. The troubleshooting chapters of each section provide excellent tools as well as common mistakes to help the networking professional deploy their solution successfully. The case study provides an invaluable example of a real world deployment. While the book is not advertised to be an exam preparation or certification guide, it could easily be used as a supplement towards those studies.

The Best Cisco VPN Configuration Book.......2006-02-25

Richard Deal's "The Complete Cisco VPN Configuration Guide" provides a complete step by step guide on how to configure VPN on Cisco Concentrators, software (including Windows VPN client) and hardware client, IOS routers, PIX and ASA security appliances.

The book also discusses what to look for to troubleshoot VPN connection, provides common real-life problems you will experience when setting up VPN and a case study at the end of the book to review all the concepts and configuration from previous chapters.

The book does an excellent job in informing when and why to select certain Cisco VPN products over others. It also provides up to date information on VPN configuration guide for PIX. Both PIX FOS 6.0 and 7.0 VPN configurations are discussed.

The book focuses about five chapters discussing concentrators. This is understandable as Cisco concentrators are more widely used for remote access than other Cisco VPN products. However, I would like to see the book to give equal weight to PIX and ASA appliances as more and more are adopting them as concentrators are gradually being phased out.

The book will be more complete if it mentions other VPN configuration features such as SDM for IOS routers, ASDM for PIX and ASA and VPN Router Management Center for Cisco Works. The author has omitted these due to space constraints since the book is already almost 1,000 pages.

In summary, this book will benefit any network administrators with intermediate to advance level of knowledge that need to use Cisco products for VPN implementation. This is the best "how-to" Cisco Press book for Cisco VPN and it fulfills its mission as a complete resource for understanding Cisco VPN implementation.

You might also want to check other Richard Deal's well written security book titled "Cisco Router Firewall Security".

A useful read for security professionals.......2006-01-30

A thorough and complete review of VPN technologies, as implemented in Cisco infrastructure, Deal's `The Complete Cisco VPN Configuration Guide', is arranged as a twenty three chapter step by step technology review and one chapter of bonus case studies.

The forty page Case study at the end of the book demonstrates the books material in a concise, simple and easy to follow way and its compactness will make it useful for an engineer who has general ideas about VPN , yet need to get a site running quickly. This chapter can be read without a full understanding of the remainder of the text, productively.

The rest of the text is arranged into five parts, viz., VPNs, Concentrators, Clients, IOS routers and PIX firewall. The first part being a good attempt at VPN technology review. The presentation of the technologies in the part, of five chapters is generic enough to appeal to a wide audience of security professionals. The arrangement of the subject into chapter one on VPN overview, Chapter two on fundamental VPN technologies, Chapter three on IPSec, four on PPTP and L2TP and five on SSL VPN , is one of the better classification and treatments of VPN technologies I have seen lately.

VPN concentrators are the core Cisco VPN infrastructure, and they get a fair treatment with ample configuration examples in the second part. Chapter 6, the first chapter in this section provides a broad treatment of the concentrator products available and the rest of section is devoted to concentrator configuration and troubleshooting.

I am almost tempted to question why the author decided to devote a whole section of three chapters of more than one fifty pages, to VPN client software, but my experience with users and administrators alike, who have demonstrated some clumsiness with various VPN client solutions, refrained me. This indeed is a clear and concise guide that administrators can use a basis for developing an in-house user manual. It covers the Cisco VPN client software, the Microsoft VPN dialer software, the Cisco 3200 hardware client, but misses out on some alternative solutions. There was no talk of SSH VPN clients, such as putty, in this section as there were none on non-traditional, but evolving VPN solutions including secure remote desktop solutions.

Cisco's integration of almost all its security technologies in IOS is demonstrated again in section four. This section discusses router capabilities and demonstrates them with some configuration examples. Another major Cisco Security technology, the PIX, which also serves as one the more popular Cisco VPN concentrator in deployment, is also given a fair treatment in this text.

In all, this is a good text for newbie's and intermediate network or infrastructure professionals. A useful read for security professionals, and maybe a valuable resource for Cisco security certification aspirants. But don't loose your Cisco documentation manual, or your Cisco Technology handbooks yet.

Penetration Tester's Open Source Toolkit

Average customer rating:

good introduction
Solid Penetration Testing Book
Excellent reference.
Good review of currently available software
Excellent kickstart

Penetration Tester's Open Source Toolkit
Charl Van Der Walt , HD Moore , Roelof Temmingh , Haroon Meer , Johnny Long , Chris Hurley , and James Foster
Manufacturer: Syngress
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Operating Systems | Computers & Internet | Subjects | Books

General | Education | Nonfiction | Subjects | Books

General | Education | Professional & Technical | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Look Inside Nonfiction Books | Trip | Specialty Stores | Books
Similar Items:

Nessus Network Auditing (Jay Beale's Open Source Security) (Jay Beale's Open Source Security)
Google Hacking for Penetration Testers, Volume 1
Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale's Open Source Security Series)
Gray Hat Hacking : The Ethical Hacker's Handbook
Penetration Testing and Network Defense (Networking Technology)

ASIN: 1597490210
Release Date: 2005-06-01

Book Description

Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This book provides both the art and the science.

The authors of the book are expert penetration testers who have developed many of the leading pen testing tools; such as the Metasploit framework. The authors allow the reader inside their heads to unravel the mysteries of thins like identifying targets, enumerating hosts, application fingerprinting, cracking passwords, and attacking exposed vulnerabilities. Along the way, the authors provide an invaluable reference to the hundreds of tools included on the bootable-Linux CD for penetration testing.

* Covers both the methodology of penetration testing and all of the tools used by malicious hackers and penetration testers

* The book is authored by many of the tool developers themselves

* This is the only book that comes packaged with the "Auditor Security Collection"; a bootable Linux CD with over 300 of the most popular open source penetration testing tools

Customer Reviews:

good introduction.......2007-02-22

If you live and breathe IT security, this books is for you. I would like to somewhat disagree with some of the earlier reviewers. I don't think this book was intended to be "the one and only" penetration toolkit manual. However, what it does do - it introduces one to the world of penetration testing providing enough information and examples on a wide variety of tools. A lot of great subjects are covered, such as reconnaissance, enumeration, scanning, web application testing, wireless penetration and more. It's a very insightful read, even for those who are just researching in the area of security. It will open your eyes on many aspects of information security. The CD itself is a good resource, but you may need to update some applications by now. Nessus signatures do get updated regularly.

Solid Penetration Testing Book.......2007-02-06

At around 700 pages in size, the 'Penetration Tester's Open Source Toolkit' by Johnny Long is a solid reference material which is a nice pickup for anyone that is concerned with this subject matter. As with all Syngress books, you aren't buying these for the highest quality paper or design, but rather the material within. This is a solid book that most users should find helpful in their jobs.

**** RECOMMENDED

Excellent reference........2007-01-22

If you are going to do any work in the Information Assurance world you will want to add this book to your shelf and keep it handy. The authors of this book know the topics and present information clearly.
Each chapter is a stand-alone lesson, and all chapters build on each other to create a big-picture of exploiting any network and reporting results. The CD that comes with the book gives you excellent tools to start or fill out your library. Some are getting dated as of this writing, but all are still solid tools that you can update once you've learned them.
I highly recommend this book!

Good review of currently available software.......2006-09-25

Title: Penetration Tester's Open Source Toolkit
Author: Johnny Long, Aaron Bayles, James Foster, Chris Hurley, Mike Petruzzi Noam Rathaus, Mark Wolfgang
Publisher: Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Copyright: 2006
ISBN: 1597490210
Pages: 678 plus appendix and index

This book not only covers what tools are available for penetration testing but also details how to use them to effectively test the system. Some of the tools, such as whois and ping, will be very familiar to the Linux user and most power users of other operating systems. Other tools are less familiar but very powerful and a real insight into what can be done to gather information on a system before attempting to penetrate it. Part of what makes this book really interesting is the way the authors approach this subject. They don't walk the reader through all the details of a handful of tools but instead they take a task-oriented approach. For example they go first through enumerating and scanning a system, then testing databases, web server testing, web application testing, wireless penetration and network devices. They then end this section with information about writing open source security tools. Chapter 8 starts a section on the Open Source vulnerability scanner Nessus. It automatically finds many problems in the system by trying to penetrate it using various scripts. The results are captured and the generated reports detail the information it was able to obtain. This is a very powerful testing product and one of the most common ones you will find in the marketplace.
The authors detail how to set up a Nessus client and server, scan the system and understand the results. Although almost three hundred pages are dedicated to Nessus it is a very powerful and highly configurable program that can consume a full book by itself to use its full potential. Penetration Tester's Open Source Toolkit is highly recommended, insightful, and very interesting to read and experiment with.

Excellent kickstart.......2006-03-22

Excellent kickstart for the budding pentester (such as myself) Covers as far as i can see most areas, and creating an apetite for more.

SSH, The Secure Shell: The Definitive Guide

Average customer rating:

It does help me a lot
About what you would expect
Stick to the man page
Makes sense of the obscure land of SSH
why you should use ssh

SSH, The Secure Shell: The Definitive Guide
Daniel J. Barrett , Richard E. Silverman , and Robert G. Byrnes
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

General | Computers & Internet | Subjects | Books

Network Administration | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

Network Security with OpenSSL
Classic Shell Scripting
LDAP System Administration
Learning the bash Shell (In a Nutshell (O'Reilly))
DNS and Bind:3rd Ed

ASIN: 0596008953

Amazon.com

The suite of utility applications that Unix users and administrators find indispensable--Telnet, rlogin, FTP, and the rest--can in fact prove to be the undoing of interconnected systems. The Secure Shell, a.k.a. SSH (which isn't a true shell at all) provides your otherwise attack-prone utilities with the protection they need. SSH: The Secure Shell: The Definitive Guide explains how to use SSH at all levels. In a blended sequence, the book explains what SSH is all about, how it fits into a larger security scheme, and how to employ it as an everyday user with an SSH client. More technically detailed chapters show how to configure a SSH server--several variants are covered--and how to integrate SSH with non-Unix client platforms.

As befits its detail- and variation-rich subject, this book comprises many specialized sections, each dealing with some specific aspect of use or configuration (setting up access control at the account level, for example, or generating keys for a particular SSH server). The writing is both informative and fun to read; the authors switch back and forth between text and entry-and-response listings from SSH machines. They often run through a half-dozen or more variants on the same command in a few pages, providing the reader with lots of practical information. The discussion of how SSH fits into a Kerberos Public Key Infrastructure (PKI) is great, as is the advice on defeating particular kinds of attacks. --David Wall

Topics covered:

The Secure Shell (SSH) for installers, administrators, and everyday users
SSH design and operation
Server setup
SSH agents
Client configuration
Public Key Infrastructure (PKI) integration
SSH1
SSH2
F-Secure
OpenSSH for Unix
SSH1 and SecureCRT for Microsoft Windows
NiftyTelnet SSH for Mac OS

Book Description

Are you serious about network security? Then check out SSH, the Secure Shell, which provides key-based authentication and transparent encryption for your network connections. It's reliable, robust, and reasonably easy to use, and both free and commercial implementations are widely available for most operating systems. While it doesn't solve every privacy and security problem, SSH eliminates several of them very effectively. Everything you want to know about SSH is in our second edition of SSH, The Secure Shell: The Definitive Guide. This updated book thoroughly covers the latest SSH-2 protocol for system administrators and end users interested in using this increasingly popular TCP/IP-based solution. How does it work? Whenever data is sent to the network, SSH automatically encrypts it. When data reaches its intended recipient, SSH decrypts it. The result is "transparent" encryption-users can work normally, unaware that their communications are already encrypted. SSH supports secure file transfer between computers, secure remote logins, and a unique "tunneling" capability that adds encryption to otherwise insecure network applications. With SSH, users can freely navigate the Internet, and system administrators can secure their networks or perform remote administration. Written for a wide, technical audience, SSH, The Secure Shell: The Definitive Guide covers several implementations of SSH for different operating systems and computing environments. Whether you're an individual running Linux machines at home, a corporate network administrator with thousands of users, or a PC/Mac owner who just wants a secure way to telnet or transfer files between machines, our indispensable guide has you covered. It starts with simple installation and use of SSH, and works its way to in-depth case studies on large, sensitive computer networks. No matter where or how you're shipping information, SSH, The Secure Shell: The Definitive Guide will show you how to do it securely.

Customer Reviews:

It does help me a lot.......2007-06-08

This book really take me thro' for what I need to know in order to support the deployed SFTP solution. Now, I have clear idea in selecting options while building the package.

About what you would expect.......2006-11-10

I am a consultant and used this book on an integration project. There is not much special about this book. It is relatively difficult to find information on a topic as the author tries to integrate the information on ssh1, ssh2 and open ssh and it is sometimes not clear what something applies to or not. Not much else available and at least one revision has already been issued.

Stick to the man page.......2006-10-20

This is one of those O'Reilly books that actually makes you stupider than you were before having read it.

Face it, nobody reads books like this cover-to-cover. We might go through the introduction and the first few chapters, but after that we jump around to the parts we want to know about right now. The authors of this book have done everything in their power to make sure that this is not possible. In my case, I was interested in learning more about the various options involved in port forwarding, so I skipped ahead to chapter 9, which is dedicated to the subject. Unfortunately for me, I was completely lost, not because I had no grasp of the concepts involved, but because of the horrible writing, illustration and page layout choices.

First off, the authors seem to be big fans of mathematics, as they frequently contract long, complex statements into single letters they have chosen arbitrarily. Now this might not be a big problem when you're talking about getting from "computer A" to "computer B", but when providing examples of commands one is to enter into a terminal that look like this:

ssh -L2001:S:143 S

or even better yet:

ssh -g -L P:S:W B

It gets pointlessly confusing. If you don't already know what you're doing, you'll probably think that those capital letters are arguments you should type into your terminal rather than the names of computers and ports you're supposed to insert yourself, especially when there are absolutely NO full, syntactically correct examples of these commands given anywhere in the book. It's like it would kill them to type out a single working example. I would suggest the possibility that they might suffer from severe carpal tunnel syndrome as an explanation for this terseness were it not for the amazing displays of verbosity these very same authors seem to be capable of whenever another opportunity to shamelessly plug Tectia presents itself. If I didn't know better I'd think there was a product placement deal at work here.

On top of all of this, the illustrations are just awful. Not only are they frequently as ambiguous as the command line examples they are meant to illustrate, but they are also labeled inconsistently, and worst of all, are often placed 2-3 pages away from the text they are meant to compliment. You can easily waste hours of time flipping back and forth between lines like "ssh -g -L P:S:W B" and the pictures of poorly drawn boxes which defy all laws of perspective and clouds with arrows pointing all over the place that are meant to clarify them somehow.

I'm sure the authors know a lot more about SSH than I ever will, but they cannot write, and I wish O'Reilly's editors would start enforcing some kind of quality control in their publications. There are free tutorials out there that are better than this tripe, and many of them are written by 11 year olds.

Makes sense of the obscure land of SSH.......2005-06-21

For something that should be simple SSH is anything but a walk in the park. This is compounded by the fact that the documentation for SSH just blows. This book, however, does everything but blow. In classic O'Reilly fashion the author decomposes the topic and covers it effectively from almost every angle with excellent writing and superb graphics. This is a great book for anyone who uses SSH, or who is having issues with it.

why you should use ssh.......2005-05-18

[A review of the 2nd EDITION 2005.]

In an earlier, more trusting Internet, rlogin, ftp and telnet were widely used for remote access. But the increase in malware sniffing of these plaintext channels has led to ssh largely supplanting them. The book explains why you as a user should prefer ssh. It greatly helps to guard your account and its password. No small matter if this account has sensitive data. Actually, if you are also a sysadmin, you may want to consider restricting secure remote access to ssh.

The book deals with the broad outline of the cryptographic underpinnings. But it does not require you to understand any of the formal maths. (Whew!) As a practical matter, the bulk of the text is taken up with the myriad ways that ssh implementations can be used. Shows the crucial role played by ssh. Possibly the hardest part concerns key management. Which is often the bane of any cryptosystem. So you should not regard this as a particular failing of ssh.

Comparing, Designing, and Deploying VPNs (Networking Technology)

Average customer rating:

Another great VPN technologies book from Mark Lewis
More Acronyms than you can Imagine

Comparing, Designing, and Deploying VPNs (Networking Technology)
Mark Lewis
Manufacturer: Cisco Press
ProductGroup: Book
Binding: Paperback

General | Certification Central | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Qualifying Textbooks - Spring 2007 | Stores | Books
Similar Items:

The Complete Cisco VPN Configuration Guide (Networking Technology)
Troubleshooting Virtual Private Networks (VPN) (Networking Technology)
Routing TCP/IP, Volume 1 (2nd Edition) (CCIE Professional Development)
IPSec VPN Design (Networking Technology)
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance (Networking Technology)

ASIN: 1587051796

Book Description

A practical guide for comparing, designing, and deploying IPsec, MPLS Layer 3, L2TPv3, L2TPv2, AToM, and SSL virtual private networks

Explore the major VPN technologies and their applications, design, and configurations on the Cisco IOS® Router, Cisco® ASA 5500 Series, and the Cisco VPN 3000 Series Concentrator platforms
Compare the various VPN protocols and technologies, learn their advantages and disadvantages, and understand their real-world applications and methods of integration
Find out how to design and implement Secure Socket Layer (SSL) VPNs, including consideration of clientless operation, the Cisco SSL VPN Client, the Cisco Secure Desktop, file and web server access, e-mail proxies, and port forwarding
Learn how to deploy scalable and secure IPsec and L2TP remote access VPN designs, including consideration of authentication, encryption, split-tunneling, high availability, load-balancing, and NAT transparency
Master scalable IPsec site-to-site VPN design and implementation including configuration of security protocols and policies, multiprotocol/ multicast traffic transport, NAT/PAT traversal, quality of service (QoS), Dynamic Multipoint VPNs (DMVPNs), and public key infrastructure (PKI)

Virtual private networks (VPNs) enable organizations to connect offices or other sites over the Internet or a service provider network and allow mobile or home-based users to enjoy the same level of productivity as those who are in the same physical location as the central network. However, with so many flavors of VPNs available, companies and providers are often hard pressed to identify, design, and deploy the VPN solutions that are most appropriate for their particular network architecture and service needs.

Comparing, Designing, and Deploying VPNs brings together the most popular VPN technologies for convenient reference. The book examines the real-world operation, application, design, and configuration of the following site-to-site VPNs: Layer 2 Tunneling Protocol version 3 (L2TPv3)-based Layer 2 VPNs (L2VPN); Any Transport over MPLS (AToM)-based L2VPN; MPLS Layer 3-based VPNs; and IP Security (IPsec)-based VPNs. The book covers the same details for the following remote access VPNs: Layer 2 Tunneling Protocol version 2 (L2TPv2) VPNs; L2TPv3 VPNs; IPsec-based VPNs; and Secure Socket Layer (SSL) VPNs. Through the operation, application, and configuration details offered in each chapter, you’ll learn how to compare and contrast the numerous types of VPN technologies, enabling you to consider all relevant VPN deployment options and select the VPN technologies that are most appropriate for your network.

Comparing, Designing, and Deploying VPNs begins with an introduction of the types of VPNs available. Subsequent chapters begin with an overview of the technology, followed by an examination of deployment pros and cons that you can use to determine if the particular VPN technology is appropriate for your network. Detailed discussion of design, deployment, and configuration make up the heart of each chapter. Appendix A offers insight into two multipoint emulated LAN services that can be deployed over a MAN or WAN: Virtual Private LAN Service (VPLS) and IP-only Private LAN Service (IPLS).

If you are a network architect, network engineer, network administrator, an IT manager, or CIO involved in selecting, designing, deploying, and supporting VPNs, you’ll find Comparing, Designing, and Deploying VPNs to be an indispensable reference.

This book is part of the Cisco Press® Networking Technology Series, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

Customer Reviews:

Another great VPN technologies book from Mark Lewis.......2006-06-03

"Comparing, Designing and Deploying VPNs" introduces various and the most popular VPN technologies, provides explanation on how to select the appropriate VPNs, as well as how to design and deploy them. The book shows each VPN technologies in details, their capabilities and configurations.

The book starts with defining what VPN is, explaining what various VPNs are available and their comparisons. The first chapter introduces a lot of acronyms such as VPWS, VPLS, L2TPv2/v3, AToM and others). It also provides a summary table of technical consideration for selecting each Site-to-Site VPN and Remote Access technologies and a flowchart of all VPN technologies. Both the tables and flowcharts are very useful for reference before progressing to the next chapters.

The book dedicates the next 6 chapters (about 500 pages!) explaining Site-to-Site VPNs starting from designing, deploying and configuring L2TPv3 based Layer 2 VPN, Any Transport over MPLS (AToM) based Layer 2 VPN, MPLS Layer 3 Site-to-Site VPN and Site-to-Site IPSecs VPN. It provides in-depth explanation on how each VPN operates, many elaborate configuration samples with explanation of each commands used, and some advanced designs and deployments.

The first 6 chapters also have the most typos. For instance, in a couple of page, the author refers to previous diagrams by providing the page number xx instead of the actual page number. However, all of these typos are minor and can be ignored.

The next 3 chapters focus on Remote Access VPNs. They cover the design and implementation of L2TPV2 and V3 remote access VPNS, IPSec remote access and finally SSL remote access (WebVPN). They provide several configuration examples on how to implement the remote access VPNs in several VPN gateways from IOS routers, VPN 3000 Series Concentrators, and the new Cisco ASA 5500 series appliance.

The book assumes that the readers already have an extensive knowledge of IGP routing protocols (RIP, EIGRP, ISIS, OSPF), Quality of Service (QoS) and especially BGP. Without knowing them, readers will find difficulties in understanding the examples given as the book uses them extensively. I recommend readers to read Jeff Doyle's "Routing TCP/IP Volume 1 Second Edition" and "Routing TCP/IP volume 2 as well to understand IGP and BGP routing protocols in-depth.

I liked this book a lot and certainly will recommend others to read this. I gave the book five out of five stars for its good explanations, configuration and examples. The book is very technical but well written and provides a lot of examples that can be well understood. Since this is a CiscoPress release book, all of the hardware design and configuration are based on Cisco equipments.

The book has helped me greatly in understanding the different flavors of VPNs available. The IPSec VPN and Remote Access VPN chapters alone are very useful for the VPN project I am currently involved with and they already justify the purchase of this book.

Mark Lewis, the author, is a CCIE who has real work experiences in Service Provider VPN technologies. I also recommend his other book "Troubleshooting Virtual Private Networks (VPN)".

More Acronyms than you can Imagine.......2006-05-02

You would think that a VPN should be a fairly simple thing. But of course it isn't. Over a surprisingly short time various companies, groups of companies, standards organizations and seemingly anyone who wants to can come up with a new set of initials to define something special. Just a few examples include: GRE. AToM, Q-in-Q, MPLS LSP, L2F, PPTP. And of course they all mean something that is just a little bit different. This book starts out defining all these and more.

The second part of the book covers site-to-site VPNs. This part has six chapters, and basically each chapter talks about designing and deploying different types of VPNs. The third part of the book is on Remote Access VPNs, covering situations like the telecommuting worker or the salesman out on the road.

This book is by Cisco press so, as you might expect, it concentrates on the use of Cisco equipment. This is not unreasonable as Cisco produces a lot of VPN equipment. Also as you would expect from a Cisco title, the information is complete and accurate. In this book it is also very well written in a language that can be understood. All in all, quite a good book

Scripting VMware: Power Tools for Automating Virtual Infrastructure Administration

Average customer rating:

Great reference for developers and admins alike
was the time to short?

Scripting VMware: Power Tools for Automating Virtual Infrastructure Administration
Al Muller
Manufacturer: Syngress
ProductGroup: Book
Binding: Paperback

Systems Analysis & Design | Computer Science | Computers & Internet | Subjects | Books

General | Operating Systems | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

General | Software Books | Custom Stores | Stores | Software
Similar Items:

VMware ESX Server: Advanced Technical Design Guide (Advanced Technical Design Guide series)
Virtualization with VMware ESX Server
Professional VMwareServer (Programmer to Programmer)
Advanced Server Virtualization: VMware and Microsoft Platforms in the Virtual Data Center
How to Cheat at Configuring VmWare ESX Server (How to Cheat) (How to Cheat)

ASIN: 1597490598

Book Description

This book contains simple and advanced scripting using both ESX and Linux commands to provide awesome virtual tools to automate administrative tasks of ESX Server.

This book will cover the native tools that VMware provides with ESX Server. It will then discuss in detail the different scripting APIs and how they can be leveraged to provide some very useful, practical and time saving tools to manage a virtual infrastructure. From virtual server provisioning to backups and everything in between, this book is a one stop shop for virtual tools.

* An essential guide to virtualisation using both Linux and ESX commands

* The companion Web site for book provides dozens for working scripts and tools presented in the book

* Maximise VMware's powerful scripting language to automate time consuming administrative tasks

Customer Reviews:

Great reference for developers and admins alike.......2007-05-13

While this book is not full of product information for administrators, it serves the purpose that it was intended for...showing you how to programmatically automate ESX and VirtualCenter tasks.

The book limits the use of shell scripts and command-line tools, opting more for object-oriented programming languages. A thorough walk-through of code for both ESX 2.5.x/VC 1.x as well as ESX 3.x/VC 2.x is included in the book, with samples in VB, C#, Perl, and Java. I particularly liked the explanation of the SDK web service architecture and the idiosyncrasies of consuming the web service with typical SOAP clients.

If you're thinking about creating custom software to interact with VMware products or you simply want to write custom scripts to ease administration, this is a great reference book for you!

was the time to short?.......2006-12-14

like nearly every VMware administrator or consultant I couldn't wait for the release of this book. After a delay to the first announcement of about 7 months I hoped to get a book including all news about VI3 too.

But the whole book seems to be a patchwork, mixing ESX2/VC1 and VI3 mostly without a comment at what version the reader is. It's quite obvious that some of authors have written their chapters at ESX 2 times without updating to ESX 3 like chapter 7 (backup).

Some of the chapters are really useless like the first kickstart chapter, which doesn't contain any news beside the manual, even rather the screenshots are from an old beta version I think and it's not mentioned that you must change a xml file to make the kickstart generator available.

Not one new esxcfg- commands of ESX3 is even mentioned!!! You are searching without success for the backup scripts like vcbmounter.

Most scripting example or tips can be found for several month or even years (like APC Powerchute installation) within the VMware forum.

Many people begin to use python or java for scripting VI3 - yes, you don't even find the letter j in the index!

The only fact I'm giving two stars instead of one are the scripting chapters for VB .net and the downloadable scripts from the syngress website if you own that book.

VPNs Illustrated: Tunnels, VPNs, and IPsec

Average customer rating:

Packet-oriented, detail-rich book on VPNs
why I don't like this book
Advanced, takes networking books to the next level
Needs to be better organized

VPNs Illustrated: Tunnels, VPNs, and IPsec
Jon C. Snader
Manufacturer: Addison-Wesley Professional
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Qualifying Textbooks - Spring 2007 | Stores | Books
Similar Items:

IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks
Troubleshooting Virtual Private Networks (VPN) (Networking Technology)
Comparing, Designing, and Deploying VPNs (Networking Technology)
Virtual Private Networks, 2nd Edition (O'Reilly Nutshell)
VPNs: A Beginner's Guide

ASIN: 032124544X

Customer Reviews:

Packet-oriented, detail-rich book on VPNs.......2006-08-17

VPNs Illustrated is a great book for those wishing to understand network traffic at the packet level. Author Jon C. Snader was inspired by the earlier TCP/IP Illustrated volumes, and tries to reproduce the Tcpdump-style material found in Stevens' classics. The level of detail found in VPNs Illustrated easily outweighs any problems this book might suffer, so I recommend you read it for in-depth knowledge of VPN traffic.

The book is divided into three parts. Of these, I found Part I ("Background") to be of questionable value. The introduction (ch 1) should not have been a chapter, and ch 2 ("TCP/IP Overview") should be replaced by a reference to existing volumes on TCP/IP. The crypto overview (ch 3) could also be replaced by a reference to other books, although as a non-crypto guy I found it a helpful refresher. The last chapter in part 1 finally gets to more subject-specific information, covering PPP, IP-in-IP, PPPoE, GRE, PPTP, L2TP, and MPLS tunnels. I really liked reading the author's criticisms of certain protocols like PPTP and L2TP. He should have included Tcpdump traces of MPLS, since the other protocols featured packet data.

Part II included chapters on VPNs (ch 5), SSL (ch 6), SSH (ch 7), and "lightweight" VPNs (ch 8) like VTun, CIPE, Tinc, and OpenVPN. Some of this material is very deep and probably unnecessary for most readers. The author explains messages exchanged by almost all of these protocols, which is information I've not seen elsewhere. Some may consider these descriptions obscure, while others (probably researchers and developers) will appreciate the analysis.

Part III covers IPSec. Ch 9 ("IPSec") should be part of ch 10 ("IPSec Architecture"). The remaining sections thoroughly address IPSec (11: AH; 12: ESP; 13: IKE; 14: the future of IPSec). I think chapters 10-13 are the best IPSec material I've read. They made more sense than others I've seen, although the complexity of IKE made ch 14 difficult to follow.

Throughout VPNs Illustrated, the author is not shy about sharing criticisms of various protocols. This is extremely valuable. He also repeats sound advice on practices to avoid (like static preshared keys) or measures to consider (defeating replay attacks). Because he illustrates so many protocols, he compares and contrasts them to emphasize key points. He also frequently cites authoritative sources like Schneier and Ferguson.

To achieve a fifth star in a second edition, I would like to see the author incorporate my previous suggestions. I would love to see configuration files for all of his examples in the appendices. He can move existing examples out of the main text to improve readability. Every protocol should have a corresponding network trace analysis, and the traces should be posted on a Web site. I would also like to see a summary of his thoughts on what makes a great VPN protocol, and then his ratings for various implementations.

You won't necessarily be able to implement the VPN software discussed in VPNs Illustrated by simply reading the text. You will gain a great understanding of how they work, or sometimes, don't work!

why I don't like this book.......2005-12-02

I bought this book aiming to gain indepth understanding of VPN technology, but I was disappointed. The key chapter 4, for example, try to explain tunnel concept left and right, but it mixed the general encapsulation and tunnel, and the verbose wording didn't make it any clear. Using tcpdump trace to explain some of the field is both a blessing and curse, depending on how you look at it - I think the book is sort of strong in specific details but weak in overall conceptual pictures - however most of those details have been better documented in the RFCs.

Another example - when talking about generic tunnel skeleton using FreeBSD as example (ch 4.8), where some code snippets are presented, I feel some background and detailed illustration of flow/drawing is necessary to clear up the concept and why it correlates prevoius sections, but none given.

It may sound a bit harsh: though the author try to emulate Rich Steven's style and dedicate the book to him, but it is hard for me to say the end product can really live up to Steven's standard.

Advanced, takes networking books to the next level.......2005-11-23

NOTE: This book is not for everyone, if you have not invested at least 40 hours looking at network traffic, I would recommend you pass.

This book is zero fluff, it makes you want to spin up your scratch boxes and follow along. In fact I did just that, I have to switch to a new ISP that requires PPoE and I was always curious how that worked, the book gave me just enough of a clue to interpret what was passing in and out of my house.

The world has a new grandmaster of tcpdump and I have seem some pretty good ones over the years. Once I designed a T-shirt for a SANS conference with the hexadecimal output from a tcpdump; only we flipped it so it was running down the shirt and rendered in green, to resemble the matrix.

The packet was a DNS reply. In the additional records we said good things about SANS; after all, gotta market to eat. There was an error intentionally placed into the shirt and we designated a prize for the first attendee to find the error. A student walked by wearing the shirt and the "4500" in the hex field caught one of the instructor's eye. She followed him around murmuring, it is sideways, UDP, DNS, a reply, there are additional records, wait a minute that pointer entry is wrong. We watched in amazement, when she was done and looked up, the entire SANS faculty bowed to her. Because a mal-formatted packet can kill a packet analyzer the world needs people like Judy and Jon.

This is not a beginner book and Jon expects you to catch the 4500 stuff pretty fast. However, if you have followed the discipline of tcpdump instead of some packet analysis tool that spells out everything this book can take you to the next level.

VPNs Illustrated is rich in diagrams, including packet headers and state diagrams, examples of network traffic, and cartoons that explain the architecture of the system, or network. It is amazingly well edited, my only nit is on page 93, line 1 spacing off by one character.

The book has a strong linux bias, if you are a Windows person, you will be able to follow along for about 60% of the book using Windump, but you will not be able to use the tools or source.

This is the perfect reference for the person that knows networking and wants to really invest in taking it to the next level.

Finally, the dedication to Rich Stevens was over the top and heartfelt appreciated. I will never forget the man who taught me how to read a packet.

Needs to be better organized.......2005-11-16

Given the complexity of VPN I was hoping to find a book that could explain key technologies in a concise and an organized manner. "VPNs Illustrated" does contain a wealth of technical information, but it failed on both counts.

The book offers unnecessary detail when trying to explain key concepts. It is so disjointed that the author is reduced to constantly referring the reader to other chapters to find information that is needed to understand a specific topic area. For example, the critical topic of IPSec is first introduced during a discussion of L2TP.

The book contains factual errors such as a typo describing "OC4" when the author meant to say OC48.

Overall, I was very disappointed with this text. It needs to be proofread and completely reorganized.

Implementing IPsec: Making Security Work on VPNs, Intranets, and Extranets

Average customer rating:

Don't Bother
Title
This book is no bible
A book on IPsec deployment, not implementation...
Glossly overview of IPsec

Implementing IPsec: Making Security Work on VPNs, Intranets, and Extranets
Elizabeth Kaufman , and Andrew Neuman
Manufacturer: John Wiley & Sons
ProductGroup: Book
Binding: Hardcover

General | Software | Computers & Internet | Subjects | Books

Networking | Computer Science & Information Systems | New & Used Textbooks | Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

General | Software Books | Custom Stores | Stores | Software
ASIN: 0471344672

Book Description

How do you secure your IP network without destroying it? The IPsec protocols are the only viable standard for secure, network-layer transmission on IP, yet they can wreak havoc on critical applications and other enhanced network services. Interoperability problems between vendors, as well as limitations in the basic technology, can cause problems that range from annoying to disastrous. This book tells you how IPsec works (or doesn't work) with other technologies, describes how to select products that will meet your needs, and discusses legal issues critical to IPsec deployment.

This hands-on guide will help you to:
* Analyze how and why IPsec may break existing networks
* Combine IPsec with other enhanced IP services and applications
* Determine the causes of IPsec performance problems and protocol conflicts
* Understand how existing laws and regulatory trends may impact your use of IPsec products
* Understand the basic technological components of IPsec
* Evaluate IPsec vendors and products

Networking council

Networking Council Books put technology into perspective for decision-makers who need an implementation strategy, a vendor and outsourcing strategy, and a product and design strategy.

Customer Reviews:

Don't Bother.......2001-12-08

I didn't find this book useful at all. This is not a technical book. In fact I'm not sure who the target audience is. I'm a system architect and implementor and didn't get anything from reading this book.

I did like the IPSEC - Securing VPNs by Davis. It steps through each aspect of IPSEC. It's a bit heavy on the math behind the encryption for my taste, but I found it easy to skip those parts.

Title.......2000-10-31

The nature of security management is changing rapidly. Just as physical security is becoming more noticeable in the workplace so too is information security becoming an indispensable component, as companies are putting their corporate jewels on publicly available networks.

Security was not part of the blueprint when the Internet was designed in the 1960s and 1970s. As the need for security became a pressing demand in the 1990s, the Internet Engineering Task Force, the overseer of the Internet, created Internet Protocol Security, or IPsec.

IPsec is a developing Internet standard for network-level security and is one of the most important security protocols to be developed in the last five years. IPsec is able to provide the level of transaction processing security that was lacking in the previous version of Internet Protocol.

While the authors do a good job of showing how IPsec works in theory, readers may find that there is not enough real-world information to justify its price. In large part that's because roughly one-third of the book is a copy of the IPsec RFC. Nor does the book detail how IPsec is specifically configured on devices such as routers and servers.

On the other hand, the book concludes with an excellent chapter about what to ask vendors. The questions provided in this book will help the prospective buyer differentiate between IPsec snake oil salesmen and those vendors whose products really do secure networks. Overall, however, the book is not required reading.

This review of mine originally appears at http://www.securitymanagement.com/library/000920.html

This book is no bible.......2000-09-04

This book does a fine job of filling you in on the hardware and software issues, leagal issues, and political issues surrounding IPSec. It touches on just about every topic even remotely related to IPSec. It does a poor job of telling you how to set up and implement any sort of IPSec networking. It was a well-written overview, but definitely not a book to base your entire network on. Though well-written, I found the network diagrams used in this book to be poorly designed and confusing. If you are looking for a basic intro to IPSec, then this one is great, otherwise, you'll probably want to read something else.

A book on IPsec deployment, not implementation..........1999-12-23

This book provides a grounding in various aspects of IPsec, but it more serves as a buyer's guide than an implementation manual. If you're looking for details on how to actually write an IPsec implementation, this is NOT the book for you.

Glossly overview of IPsec.......1999-12-20

The book is more of an introduction to IPsec and covers it in a glossy form. You can learn more about IPsec by reading the RFC for it than the first 3 chapters of this book. The writers did not explain VPN very well and did only a very high level talk about intranets. I would recommend a different book if you want to understand IPsec well. This book is more for managers to read or the marketing/sales department.

Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale's Open Source Security Series)

Average customer rating:

MOST EXCELLENT!!
Excellent continuation of Jay Beale's Open Source Security Series
Not for newbies

Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale's Open Source Security Series)
Neil Archibald , Gilbert Ramirez , and Noam Rathaus
Manufacturer: Syngress
ProductGroup: Book
Binding: Paperback

General | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

Nessus Network Auditing (Jay Beale's Open Source Security) (Jay Beale's Open Source Security)
Penetration Tester's Open Source Toolkit
Snort 2.1 Intrusion Detection, Second Edition
Ethereal Packet Sniffing (Syngress)
Managing Security with Snort and IDS Tools

ASIN: 1597490202
Release Date: 2005-06-01

Book Description

This book will cover customizing Snort to perform intrusion detection and prevention; Nessus to analyze the network layer for vulnerabilities; and Ethereal to sniff their network for malicious or unusual traffic. The book will also contain an appendix detailing the best of the rest open source security tools. Each of these tools is intentionally designed to be highly customizable so that users can torque the programs to suit their particular needs. Users can code their own custom rules, plug-ins, and filters that are tailor-made to fit their own networks and the threats which they most commonly face. The book describes the most important concepts of coding and customizing tools, and then provides readers with invaluable working scripts that can either be used as is or further refined by using knowledge gained from the book.

* Snort, Nessus, and Ethereal are the three most popular open source security tools in the world
* Only book that teaches readers how to customize these tools for their specific needs by coding rules,
plugins, and filters
* Companion Web site provides all working code and scripts from the book for download

Customer Reviews:

MOST EXCELLENT!!.......2006-05-24

Are you a network security administrator who has Nessus, Snort and Ethereal up and running? If you are, then this book is for you! Authors Brian Caswell, Gilbert Ramirez, Jay Beale and Noam Rathaus, have done an outstanding job of writing a book that shows you how to customize, code and torque Nessus, Snort and Ethereal to their fullest potential.

Caswell, Ramirez, Beale and Rathaus, begin by covering the inner workings of NASL. Then, the authors shows you how to debug NASLs. They continue by showing you how to use extensions and custom tests. Next, the authors cover Nessus' include files implementation of the SMB protocol, followed by Nessus' include files implementation of Windows-related hotfix and service pack verification. Then, they underline the steps that must be taken so that Nessus can incorporate support for NTLM. They also present several tools to automate and simplify plugin creation. Then, they help readers understand Snort code. The authors continue by showing you how to write your own custom Snort rules. They also show you how to navigate the Snort source tree. Next, the authors show you how to modify the Snort source code to solve an otherwise difficult task. Then, they show you how to enable Ethereal to read from new data sources. They continue by showing you how to program your own protocol dissector, either linked into Ethereal or as a plugin. Finally, the authors show you how to take advantage of Ethereal's that open source programmers have created for collection of dissectors.

The authors of this most excellent book provide the inside scoop on coding the most effective and efficient Snort rules. More importantly, after reading this book, you will be a master at coding your own tools to detect malicious traffic.

Excellent continuation of Jay Beale's Open Source Security Series.......2006-03-16

I've read and reviewed the three previous books in Jay Beale's Open Source Security Series -- Snort 2.1, Nessus Network Auditing, and Ethereal Packet Sniffing. I liked all three of those books, and I'm glad to say that this fourth book -- Nessus, Snort, and Ethereal Power Tools (NSAEPT), is a worthy continuation of Jay's series. NSAEPT is a unique resource for anyone who wants to extend Nessus, Snort, and Ethereal. The book could save programmers hours of work, and it should be the first step for those looking to contribute to the development of all three projects.

It's unfortunate that an uninformed three star review has been the only commentary on NSAEPT until now. Of course the book is not for beginners! Why write another introductory book, when the three earlier titles serve that role (and more)? NSAEPT is strong precisely because it starts where the other three books end.

I learned quite a bit reading NSAEPT. For example, Part I shared advice on using Nessus to audit hosts directly, by examining Windows registry keys, package databases, or Windows PE files (.exe, .dll) directly. I appreciated the discussion of creating NASL checks that were more protocol-aware (for MySQL) or that could speak NTLM authentication to IIS Web servers. Ch 6 even gave tips on building NASL generators.

Part II, covering Snort, gave better advice on writing Snort rules than what was found in the earlier Snort 2.1 book. I thought this part was the weakest of the three, however. I would have liked to have seen many more examples of using advanced Snort rule options. Table 8.10 should have said that the + flag means "match on the specified flags, and allow any other flags." Also, I thought the author miscommunicated the purpose of the stream4 preprocessor when he mentioned dropping UDP and ICMP traffic. That's an issue when running inline, not passively as most people use Snort.

I really liked Part III, which examined Ethereal. Ch 11 offered great guidance on reverse engineering an unknown trace format, namely iptrace from AIX 3. Ch 12 mentioned an undocumented tethereal flag (-G) that was new to me. I enjoyed learning about tap modules in Ch 13, and I did not know that Ethereal uses the wiretap library to read traces -- not libpcap.

I subtracted one star from my review for a few reasons. First, NSAEPT features some really annoying formatting problems in many of the code listings. Every place the characters "FI" (any case) appear, they are changed into a single nonsensical character. I stopped counting the number of times this happened. For example, where one should read "Filename", we see instead "Xlename". The same seems to have happened with "FL"; e.g., "Flags" becomes "Xags". The reference to libpcap and "Chapter 1" on p 159 should instead point to Ch 11. I thought the inclusion of material from Brian Wotring's Host Integrity Monitoring book as Appendix A was unnecessary. Brian's book is great, but I don't think readers need 30 pages from another title. Is that just padding?

Format-wise, NSAEPT features smaller fonts than one sees in more recent Syngress books. I thought the font was a little small, but in some ways an improvement over the jumbo text seen elsewhere. I also thought the paper used to print NSAEPT was much better than other titles. Compare NSAEPT with another 440 page Syngress book, Securing IM and P2P Applications for the Enterprise, and you'll see the latter book is much thicker.

Overall I recommend NSAEPT to anyone who wishes to do more with Nessus, Snort, or Ethereal. NSAEPT is definitely a book for power users and developers. It's great to see a new book that starts with original material and avoids rehashing what's already been written.

Not for newbies.......2005-10-21

Very in-depth, however, not for someone who is just starting out on Snort, Nessus, or Ethereal. New to Snort, Nessus, or Ethereal - Buy something else. Expert on Snort, Nessus, or Ethereal already? - good book.

MPLS VPN Security (Networking Technology)

Average customer rating:

A no none-sense guide to MPLS VPNs Security!!!
A definitive Guide on MPLS VPN Security from the Masters
The definitive guide to MPLS Network security
Basic Background Information

MPLS VPN Security (Networking Technology)
Michael H. Behringer , and Monique J. Morrow
Manufacturer: Cisco Press
ProductGroup: Book
Binding: Paperback

General | Certification Central | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Qualifying Textbooks - Spring 2007 | Stores | Books
Similar Items:

Definitive MPLS Network Designs (Networking Technology)
MPLS and VPN Architectures, Vol. 2
MPLS and VPN Architectures, Vol. 1
MPLS Configuration on Cisco IOS Software (Networking Technology)
Layer 2 VPN Architectures (Networking Technology)

ASIN: 1587051834

Book Description

A practical guide to hardening MPLS networks