Build Your Own Security Lab: A Field Guide for Network Testing [Paperback]

Michael Gregg (Author)

Book Description

Publication Date: April 28, 2008 | ISBN-10: 0470179864 | ISBN-13: 978-0470179864 | Edition: 1

If your job is to design or implement IT security solutions or if you’re studying for any security certification, this is the how-to guide you’ve been looking for. Here’s how to assess your needs, gather the tools, and create a controlled environment in which you can experiment, test, and develop the solutions that work. With liberal examples from real-world scenarios, it tells you exactly how to implement a strategy to secure your systems now and in the future.

Note: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.

Editorial Reviews

From the Back Cover

Many books tell you what to do. This one tells you how.

If your job is to design or implement IT security solutions, or if you're studying for any security certification, this is the how-to guide you've been looking for. Here's how to assess your needs, gather the tools, and create a controlled environment in which you can experiment, test, and develop the solutions that work. With liberal examples from real-world scenarios, it tells you exactly how to implement a strategy to secure your systems now and in the future.

• Collect the necessary hardware and software and assemble your own network lab

• Configure a bootable Linux CD

• Explore various methods for gathering information about existing security

• Identify automated attack and penetration tools

• Understand cryptographic systems and encryption and authentication attacks

• Learn to find, identify, and defeat malware

• Address the special protection needs of wireless systems

• Use Snort® to build an IDS that will help to detect and identify attacks in real time

DVD includes tools for actually building and implementing security solutions

• Open source tools

• Demo software

• A bootable version of Linux

About the Author

Michael Gregg, CISSP, CISA, MCSE, holds a total of 19 professional certifications and is a highly respected security consultant. President of Security Solutions, Inc., he is also an expert for three TechTarget.com web sites. Michael has authored or coauthored several books, including Security+ Street Smarts, also published by Wiley.

Product Details

• Paperback: 456 pages
• Publisher: Wiley; 1 edition (April 28, 2008)
• Language: English
• ISBN-10: 0470179864
• ISBN-13: 978-0470179864
• Product Dimensions: 7.4 x 1 x 9.2 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 4.6 out of 5 stars  See all reviews (9 customer reviews)
• Amazon Best Sellers Rank: #313,590 in Books (See Top 100 in Books)
  • #66 in Books > Computers & Technology > Certification > CompTIA

More About the Author

Michael Gregg is COO of Superior Solutions, Inc. (www.thesolutionfirm.com), a Houston based information security assessment, penetration testing, and IT security training firm. Mr. Gregg is responsible for helping corporations establish and validate enterprise wide information security programs and controls. He is an expert on cyber security, networking, and Internet technologies.

While consulting consumes a large amount of Michael's time, he has contributed to more than 10 books and has spoken at security, technology, and educational conferences such as ISC2's Security Leadership Conference, Hacker Halted, Government Technology Conference (GTC), National Credit Union Administration (NCUA) IT Conference, and The American College of Forensic Examiners.

Michael has appeared in numerous media outlets including The New York Times, Fox News, Canadian News (BNN), Kiplinger as well as NPR, ESPN, and other major networks. He holds two associate's degrees, a bachelor's degree, and a master's degree. He presently maintains many certifications including CISSP, CISA, CISM, etc.

Most Helpful Customer Reviews

24 of 28 people found the following review helpful

5.0 out of 5 stars Excellent for novices November 17, 2008

By A. Johnson

Format:Paperback

I'll be completely honest. I went through this in about two hours, and I plan on returning it. It simply didn't have anything new for me. I was expecting it to be more along the lines of setting up a virtual network, attempting to hack the VMs, and then checking the procedures to see if you did it right.

Instead, this book covers things like how to install OSes into VMs, gives basic overviews of tools, etc. However, this is a great book if you're at the appropriate level for it. I think this makes a good follow-up to CompTIA's Security+ certification. It'll help novices get their feet wet with actual hands-on activities. I've done nearly everything in this book on my own, and that's really the only problem with it. While I didn't pay a great deal of attention to every bit of text, it seemed to be technically accurate and free from errors.

I wish I could give a more detailed review, but I thought I'd at least post this since no one has reviewed it yet. Just take your skill level into account when considering this title. If you want more advanced books, check out the Hacking Exposed series, Grey Hat Hacking, and the Penetration Tester's Open Source Toolkit.

14 of 16 people found the following review helpful

4.0 out of 5 stars Excellent book for a beginner, not recommended for the experienced Info Sec individual July 11, 2009

By Jesse G. Lands

Format:Paperback

"Build your own Security Lab A field guide for network testing" is great at what it is intended to be: an introduction for a novice security person in what they should be working on to get experience in the field. I have Michael Gregg's Certified Ethical Hacker and in most terms I would say this book is more of a work book for the study guide. It gives you a feel for what equipment you will need and how the equipment should be connected, but doesn't go to in-depth into the nuts and bolts of it.
The book includes a copy of BackTrack and a few other tools on the DVD and these items help the novice have an idea of what tools they should be looking for on the Internet, but a better idea may be to have a central repository for the tools or include the link to the tools since most of the tools were outdated by the time the book was published.
Almost every chapter or in some cases a group of chapters could be written as a stand-alone book. The author did an excellent job of summarizing some of the areas and others I felt he could have covered in more detail.
It would have been nice to see more information on sniffers and packet analyzing. The book was labeled "field guide for network testing", but there was only a page dedicated to Wireshark. A big part of network security is analyzing the traffic that is crossing the network. The author covers some of it under Intrusion Detection, but again it is not sufficient in my opinion.
I was a little surprised by the lack of anything more than a mention of Netcat. With the value of this tool and the wide spread use of variants of the tool I would have expected a page at least of the use of the software and how it is distributed.... There was no reference to Tiny and a few other tools or there variants that are in common use throughout the Internet. There was no reference to VNC, RDP or Dameware some remote administration tools that are commonly exploited on most networks.
I would have thought at this level a chapter on forensics and cryptography would have been over the top of most of the readers heads. The author does make a good job just summarizing the information just enough to wet the appetite of a serious novice. I think it would have been a great benefit to the reader to have more references to in-depth material, but a determined reader will find what they need.
The cryptography chapter gets somewhat confusing. The author is discussing symmetric algorithms and then starts discussing PGP before going back to symmetric algorithms and then goes into asymmetric algorithms. The inexperienced reader would believe that PGP is a symmetric algorithm.
Overall the book was good and the exercises were great, but anyone who has mid-level experience or greater in information security will find this book a little to novice. I have already recommended the book to a few beginners. Read more ›

5 of 6 people found the following review helpful

5.0 out of 5 stars First try at Security Lab November 1, 2009

By Elba L. Stevenson

Format:Paperback|Amazon Verified Purchase

After taking several classes in the local Jr College to study for my CCNA, I came to realize that I was not interested in going down the CISCO certification path. So I started looking at other certifications and decided to work towards a CEH and LPT certification. After my experience with the CISCO classes, I understood that I would either have to rent time through a web lab or create my own. This book that I found that followed my mine set of build it on a shoe string and expand as your needs require. This book is great for me because the author introduces the subject in a way I can pick it up from the book and do the hands on stuff with having to already know the subject or have a reference source to go to for questions.

If you already know the subject matter, than pass this book on by for a more advanced book. If like me, you are in IT and expanding your knowledge, then this is a great book.

2 of 2 people found the following review helpful

5.0 out of 5 stars Helpful to a beginner. January 24, 2011

By TTAllen

Format:Paperback|Amazon Verified Purchase

I am only about half way through digesting this book but it is clear to me that the orientation for a beginner is helpful. We learn the terminology and the history. We also get concrete steps to take. I am hopeful that this book will help me to generate data within one more week.

5 of 7 people found the following review helpful

4.0 out of 5 stars A good foundation February 5, 2009

By Charles Tholen

Format:Paperback

The book is a solid foundation for information security practitioners or those wanting to move into the field. The author gives the reader enough to get a lab built and plenty of activities to preform in the lab. Seasoned security professionals probably already know most of what is in the book but may pick up a few new tools.

5.0 out of 5 stars great for beginners June 15, 2013

By John Gardener

Format:Paperback

This is a good book for people starting out in network security. Veterans might want it for the clear explanations.
It has a useful framework, in that it expands on previous lessons. You learn what equipment you need, and how to connect it. A veteran would want more about how things work together. The book has some tools, but they are a bit dated now. It definitely needed to talk more about packet analysis. One page on Wireshark, and a mention of Netcat, minimal on remote admin tools, is just not enough. There is enough on forensics to get the beginner excited. The exercises are useful, and you have enough to build the security lab, and play in it.