Automotive Holiday Deals Books Gift Guide Books Gift Guide Shop Men's Athletic Shoes Learn more nav_sap_plcc_6M_fly_beacon Adele egg_2015 All-New Amazon Fire TV Martha Stewart American Made Movember Amazon Gift Card Offer minions minions minions  Amazon Echo Starting at $84.99 Kindle Black Friday Deals Shop Now HTL
Network Security Assessment: Know Your Network and over one million other books are available for Amazon Kindle. Learn more

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

Network Security Assessment: Know Your Network 1st Edition

17 customer reviews
ISBN-13: 063-6920006114
ISBN-10: 059600611X
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used
Condition: Used - Good
Condition: Used: Good
Comment: Fast shipping from Amazon, and unbeatable customer service. Amazon Prime customers get free 2-day shipping. Millions of satisfied customers!
Access codes and supplements are not guaranteed with used items.
35 Used from $0.01
More Buying Choices
8 New from $5.42 35 Used from $0.01 1 Collectible from $9.96

There is a newer edition of this item:

Network Security Assessment: Know Your Network
This title has not yet been released.
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

Get Up to 80% Back Rent Textbooks

Editorial Reviews

About the Author

Chris McNab is the technical director of Matta, a vendor-independent security consulting outfit based in the United Kingdom. Since 2000, Chris has presented and run applied hacking courses across Europe, training a large number of financial, retail, and government clients in practical attack and penetration techniques, so that they can assess and protect their own networks effectively.

Chris speaks at a number of security conferences and seminars, and is routinely called to comment on security events and other breaking news. He has appeared on television and radio stations in the UK (including BBC 1 and Radio 4), and in a number of publications and computing magazines.

Responsible for the provision of security assessment services at Matta, Chris and his team undertake Internet-based, internal, application, and wireless security assessment work, providing clients with practical and sound technical advice relating to secure network design and hardening strategies. Chris boasts a 100% success rate when compromising the networks of multinational corporations and financial services companies over the last five years.


Hero Quick Promo
Holiday Deals in Kindle Books
Save up to 85% on more than 1,000 Kindle Books. These deals are valid until November 30, 2015. Learn more

Product Details

  • Paperback: 400 pages
  • Publisher: O'Reilly Media; 1st edition (March 1, 2004)
  • Language: English
  • ISBN-10: 059600611X
  • ISBN-13: 978-0596006112
  • Product Dimensions: 7 x 0.9 x 9.2 inches
  • Shipping Weight: 1.4 pounds
  • Average Customer Review: 4.4 out of 5 stars  See all reviews (17 customer reviews)
  • Amazon Best Sellers Rank: #2,482,744 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

20 of 22 people found the following review helpful By Richard Bejtlich on May 3, 2004
Format: Paperback
"Network Security Assessment" (NSA) is the latest in a long line of vulnerability assessment / penetration testing books, stretching back to "Maximum Security" in 1997 and "Hacking Exposed" shortly thereafter. NSA is also the second major security title from O'Reilly this year, soon to be followed by "Network Security Hacks." NSA is a good book with some new material to offer, but don't expect to find deep security insight in this or similar assessment books.
NSA begins with the almost obligatory reference to the king of assessment books, "Hacking Exposed" (HE), saying "I leave listings of obscure techniques to behemoth 800-page 'hacking' books." I don't think some of the techniques covered in HE but not NSA are "obscure." Noticably lacking in NSA is coverage of dial-up techniques, wireless insecurities, Novell vulnerabilities, and attacking clients rather than servers. Should NSA receive a second edition, I expect to see the book expand closer to the "behemoth" it seems to deride.
The best chapter by far was ch. 11, where the author with assistance from Michael Thumann takes the reader on a tour of exploiting vulnerable code. The stack diagrams and code snippets were especially helpful and the explanations were clear enough. This sort of material is a solid introduction to some of the techniques found in "Security Warrior." I also liked ch. 14, where the author explains a sample assessment using the tools already introduced. Kudos as well for maintaining an errata page and tool archive on the publisher's Web site.
The advantage NSA has over HE is the variety of tools on hand. I learned of at least a dozen tools not mentioned elsewhere.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
11 of 12 people found the following review helpful By W Boudville HALL OF FAMEVINE VOICE on April 3, 2004
Format: Paperback
[A review of the 2nd EDITION. This review was written on 3 December 2007.]

Over 3 years has elapsed since McNab wrote his first edition. Much of that edition is still valid. Sadly, in a way, because it means that despite the best efforts of that book and others of its ilk, we remain plagued with network attackers and insecure systems.

One of the constants between the editions is the focus on IPv4. Still! IPv6 only gets a glancing mention in the second edition. While everyone recognises that IPv4 will get exhausted of addresses, the transition to v6 still gets postponed. McNab ruminates that this very transition will of its own accord generate compromises. I wish he'd expand on this remark. But maybe there is yet little market reason to do so.

Another thing that does not get mentioned is phishing. In early 2004, it was still a minor threat. It has since blossomed into a chronic problem. But McNab is correct to ignore it, up to a point. He believes, as apparently does most of the IT security field, that phishing is largely a social engineering problem. That it is not a technical problem of patching bugs, per se. Yet viewed properly, phishing is a network attack that uses social engineering, and it is amenable to technical countermeasures that involve, in part, network actions.

I especially favour this edition, for the reasons in the preceding paragraph. In 2004, I and a co-inventor, Marvin Shannon, devised a US Patent Pending against phishing. The second edition of McNab's book came out in November 2007, and by not discussing phishing, it buttresses our claims of non-obviousness, 3 years after our filing.

[A review of the 1st Edition.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
14 of 17 people found the following review helpful By James Drake on April 9, 2004
Format: Paperback
This book is a great resource for any administrator with IP networks to protect. As Wes Boudville says, it certainly is systematic with some great guidelines and useful checklists. The high level concepts laid out by the author make it much easier to understand the underlying issues with security nowadays. Instead of listing bugs and patches, McNab explains the different bug types, and I learnt a lot about stack and heap overflows in the application security chapter.
I'd recommend this book over Hacking Exposed and other books with the word 'hacking' in the title. The assessment material is comprehensive from both Unix and Windows standpoints, and I certainly picked up a bunch of new tricks that I wasn't aware of before. The book has great coverage of all the latest tools and techniques, but written in a timeless way. At just under 400 pages you'll find that it's not too long either!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
8 of 9 people found the following review helpful By Thomas Schneider on May 2, 2004
Format: Paperback
The author has managed to pack a serious amount of low-level technical information into this book. In the other penetration testing and hacking books I've read, I haven't yet found one to be as comprehensive as Network Security Assessment--to give you an example this book covers IPsec, Citrix and Oracle issues that I have not seen covered elsewhere in print, let alone in the same book. A downside is that the book is hard to read from cover-to-cover, and should be used more as a reference, and the author does assume a level of reader knowledge. I've just finished reading Shellcoder's Handbook too, and found chapter 13 of this book to be a great technical primer for application level issues (such as heap, stack, integer overflows and format string bugs)--the diagrams are excellent and easy for anyone to understand.
All in all this is a very useful book for both the professional security analyst and systems admin with large networks to protect. The Oreilly site has some good info that you should check out, such as the TOC, index and sample chapter on network scanning ([...]
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Recent Customer Reviews

Want to discover more products? Check out this page to see more: computer security