Know Your Network
Network Security Assessment, 3rd Edition
Know Your Network
By Chris McNab
Publisher: O'Reilly Media
Final Release Date: December 2016
Pages: 494

How secure is your network? The best way to find out is to attack it, using the same tactics attackers employ to identify and exploit weaknesses. With the third edition of this practical book, you’ll learn how to perform network-based penetration testing in a structured manner. Security expert Chris McNab demonstrates common vulnerabilities, and the steps you can take to identify them in your environment.

System complexity and attack surfaces continue to grow. This book provides a process to help you mitigate risks posed to your network. Each chapter includes a checklist summarizing attacker techniques, along with effective countermeasures you can use immediately.

Learn how to effectively test system components, including:

  • Common services such as SSH, FTP, Kerberos, SNMP, and LDAP
  • Microsoft services, including NetBIOS, SMB, RPC, and RDP
  • SMTP, POP3, and IMAP email services
  • IPsec and PPTP services that provide secure network access
  • TLS protocols and features providing transport security
  • Web server software, including Microsoft IIS, Apache, and Nginx
  • Frameworks including Rails, Django, Microsoft ASP.NET, and PHP
  • Database servers, storage protocols, and distributed key-value stores
Customer Reviews

Network Security Assessment, 3rd Edition
 
12/15/2016

4.0

A worthy update.

By Jay

from Israel

Pros

  • Accurate
  • Helpful examples

Cons

  • Not comprehensive enough

Best Uses

  • Expert
  • Intermediate

The book is a great update and offers a lot of expanded information (after all almost 10 years have passed).
This book is great and I believe should be in every security and networm expert arsenal, it is not perfect as sometimes the attack details could be expanded upon (for example in the smb attacks) but the books does offer a protocol breakdown for the mentioned protocols which is invaluable information.

10/7/2016
 
5.0

Updated content now with diagrams

By M

from Singapore

About Me Infosec Professional

Pros

  • Accurate
  • Easy to understand
  • Helpful examples
  • Well-written

Cons

    Best Uses

    • Expert
    • Intermediate
    • Novice

    The previous edition was released in 2007 so this book is a much anticipated edition with content on new popular technologies. Many thanks to Chris McNab and O'Reilly for releasing a version today (7th Oct) with diagrams.

    9/21/2016
     
    4.0

    Good

    By Mpoed

    from Andromeda

    About Me Sys Admin

    Pros

    • Accurate
    • Concise
    • Easy to understand
    • Well-written

    Cons

      Best Uses

      • Expert
      • Intermediate

      Content looks quite good. However "early release" concept needs some revision. It's far better to have an early release book with some chapters fully complete than to have all the chapters 'complete' and all the diagrams missing! This is not very useful.

      5/3/2016

      (5 of 5 customers found this review helpful)

       
      5.0

      Must have book for advanced penetration testing

      By Raj

      from Chennai, India

      About Me Penetration Tester

      Pros

      • Accurate
      • Concise
      • Easy to understand

      Cons

        Best Uses

        • Intermediate

        I have been into penetration testing for almost 4 years. While most of the books I came across talks about pen test processes, scanning networks and usage of frameworks like Metasploit, this is the book that teaches vulnerability identification and exploitation using freely available tools and exploit codes.

