Top positive review
9 people found this helpful
Long overdue but worth the wait
on December 5, 2004
'Nessus Network Auditing' (NNA) is the definitive (and only) guide to the Nessus open source vulnerability assessment tool. I recommend all security professionals read this book. You may start as a Nessus user, but the book will help you become part of the Nessus community.
NNA features twelve contributors, but it doesn't suffer the fate of other books with similar high author counts. NNA manages to present fairly original material in each chapter, without a lot of overlap. I credit the lead authors and editors for keeping the contributors on track. They could have reduced the number of crashing printer stories, however.
Several chapters stood out from the others. Ch 1 explains the need for conducting vulnerability assessment. Ch 3 makes a good case for always installing from source code and not trusting precompiled binaries. Chs 8 and 9 deliver real value with insights into Nessus internals, such as scanning architecture and the Nessus Knowledge Base. Ch 10 presents crude albeit workable ways to measure bandwidth to alleviate loads caused by scans. Ch 11 is an excellent rationale for the Nessus Attack Scripting Language (NASL) written by Nessus' creator. I would have liked to have seen an appendix based on an actual (perhaps sanitized) scan, showing how a security admin selected tests, ran the scan, and validated results.
NNA suffers a few problems. A few typos are present, but nothing that distracts from the book's content. I did find the ch 4 author's mention of the TCP "triple handshake" to be odd. While not wrong, this process is usually called the "three-way handshake." The screenshots in appendix B are of poor quality and should be replaced in future editions.
Note that the Nessus version used in NNA varies from 2.0.9 to 2.0.10a, and the current edition is 2.2.0. Version creep is part of every technical book, and did not make a big difference at this point. When Nessus 2.4 is released, watch for the adoption of the new BOSS GUI to clearly alter the face of the Nessus interface.
Overall, NNA is an excellent technical resource for anyone charged with auditing network security. I have a greater appreciation for the Nessus architecture and its ability to do more in-depth host checks. Motivated readers can use this book to learn how to write their own NASL scripts and effectively deploy a distributed scanning architecture.