Customer Reviews


3 Reviews
5 star:    (0)
4 star:
 (1)
3 star:
 (2)
2 star:    (0)
1 star:    (0)
 
 
 
 
 
Average Customer Review
Share your thoughts with other customers
Create your own review
 
 

The most helpful favorable review
The most helpful critical review


6 of 7 people found the following review helpful
4.0 out of 5 stars Excellent continuation of Jay Beale's Open Source Security Series
I've read and reviewed the three previous books in Jay Beale's Open Source Security Series -- Snort 2.1, Nessus Network Auditing, and Ethereal Packet Sniffing. I liked all three of those books, and I'm glad to say that this fourth book -- Nessus, Snort, and Ethereal Power Tools (NSAEPT), is a worthy continuation of Jay's series. NSAEPT is a unique resource for anyone...
Published on March 15, 2006 by Richard Bejtlich

versus
3.0 out of 5 stars Hoping for a bit more.
Although this is a good book with valuable information, I think it is a bit vague and short. A good idea is to get 3 different books on their respective topics. Nessus and snort have nothing to do with eachother and snort is more powerful than Ethereal. Its work buying if you have the money and has some decent tips and tricks.
Published on August 23, 2007 by Steve Erdman


Most Helpful First | Newest First

6 of 7 people found the following review helpful
4.0 out of 5 stars Excellent continuation of Jay Beale's Open Source Security Series, March 15, 2006
This review is from: Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale's Open Source Security Series) (Paperback)
I've read and reviewed the three previous books in Jay Beale's Open Source Security Series -- Snort 2.1, Nessus Network Auditing, and Ethereal Packet Sniffing. I liked all three of those books, and I'm glad to say that this fourth book -- Nessus, Snort, and Ethereal Power Tools (NSAEPT), is a worthy continuation of Jay's series. NSAEPT is a unique resource for anyone who wants to extend Nessus, Snort, and Ethereal. The book could save programmers hours of work, and it should be the first step for those looking to contribute to the development of all three projects.

It's unfortunate that an uninformed three star review has been the only commentary on NSAEPT until now. Of course the book is not for beginners! Why write another introductory book, when the three earlier titles serve that role (and more)? NSAEPT is strong precisely because it starts where the other three books end.

I learned quite a bit reading NSAEPT. For example, Part I shared advice on using Nessus to audit hosts directly, by examining Windows registry keys, package databases, or Windows PE files (.exe, .dll) directly. I appreciated the discussion of creating NASL checks that were more protocol-aware (for MySQL) or that could speak NTLM authentication to IIS Web servers. Ch 6 even gave tips on building NASL generators.

Part II, covering Snort, gave better advice on writing Snort rules than what was found in the earlier Snort 2.1 book. I thought this part was the weakest of the three, however. I would have liked to have seen many more examples of using advanced Snort rule options. Table 8.10 should have said that the + flag means "match on the specified flags, and allow any other flags." Also, I thought the author miscommunicated the purpose of the stream4 preprocessor when he mentioned dropping UDP and ICMP traffic. That's an issue when running inline, not passively as most people use Snort.

I really liked Part III, which examined Ethereal. Ch 11 offered great guidance on reverse engineering an unknown trace format, namely iptrace from AIX 3. Ch 12 mentioned an undocumented tethereal flag (-G) that was new to me. I enjoyed learning about tap modules in Ch 13, and I did not know that Ethereal uses the wiretap library to read traces -- not libpcap.

I subtracted one star from my review for a few reasons. First, NSAEPT features some really annoying formatting problems in many of the code listings. Every place the characters "FI" (any case) appear, they are changed into a single nonsensical character. I stopped counting the number of times this happened. For example, where one should read "Filename", we see instead "Xlename". The same seems to have happened with "FL"; e.g., "Flags" becomes "Xags". The reference to libpcap and "Chapter 1" on p 159 should instead point to Ch 11. I thought the inclusion of material from Brian Wotring's Host Integrity Monitoring book as Appendix A was unnecessary. Brian's book is great, but I don't think readers need 30 pages from another title. Is that just padding?

Format-wise, NSAEPT features smaller fonts than one sees in more recent Syngress books. I thought the font was a little small, but in some ways an improvement over the jumbo text seen elsewhere. I also thought the paper used to print NSAEPT was much better than other titles. Compare NSAEPT with another 440 page Syngress book, Securing IM and P2P Applications for the Enterprise, and you'll see the latter book is much thicker.

Overall I recommend NSAEPT to anyone who wishes to do more with Nessus, Snort, or Ethereal. NSAEPT is definitely a book for power users and developers. It's great to see a new book that starts with original material and avoids rehashing what's already been written.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


3.0 out of 5 stars Hoping for a bit more., August 23, 2007
By 
This review is from: Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale's Open Source Security Series) (Paperback)
Although this is a good book with valuable information, I think it is a bit vague and short. A good idea is to get 3 different books on their respective topics. Nessus and snort have nothing to do with eachother and snort is more powerful than Ethereal. Its work buying if you have the money and has some decent tips and tricks.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


8 of 13 people found the following review helpful
3.0 out of 5 stars Not for newbies, October 21, 2005
Verified Purchase(What's this?)
This review is from: Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale's Open Source Security Series) (Paperback)
Very in-depth, however, not for someone who is just starting out on Snort, Nessus, or Ethereal. New to Snort, Nessus, or Ethereal - Buy something else. Expert on Snort, Nessus, or Ethereal already? - good book.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


Most Helpful First | Newest First

Details

Search these reviews only
Rate and Discover Movies
Send us feedback How can we make Amazon Customer Reviews better for you? Let us know here.