1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Review Security Power Tools

Discussion in 'Articles, Reviews and Interviews' started by tripwire45, Mar 3, 2008.

  1. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    Authors: Bryan Burns, et al
    Format: Paperback, 856 pages
    Publisher: O'Reilly Media, Inc. (August 27, 2007)
    ISBN-10: 0596009631
    ISBN-13: 978-0596009632

    Review by James Pyles
    March 3, 2008

    This book has almost as many authors as it does pages. This tells me that O'Reilly tapped into a rather large pool of talent in order to get this book written and out to the public. Something re-enforced by the blurb at the back of the book, "What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted?" This book is supposed to be the print equivalent of doing just that (not that the book talks back, as such). 23 cross-referenced chapters produced by an impressive group of authors, editors, and technical reviewers with very interesting bios is a lot to absorb and it should be. I expect this book to include everything security-related, kitchen sink and all.

    Ok, now down to brass tacks; who should read this book? Not the beginner, that's for sure. Well, it's better to say that this isn't just a beginner's book. The front matter in the book even states "...we should say that while a beginner could read this book, much of it requires a little more time in front of the computer monitor diagnosing network security matters". In other words, if you just earned your shiny new Security+ certification, you might be ready for at least portions of this book, but the majority of the content will have to wait until you've got more experience under your belt.

    The 23 chapters between the covers are contained in 7 major sections and believe me, just about everything imaginable is covered. Part I, Chapter 1 is called "Legal and Ethics" which may not seem like the sort of "power tool" you'd expect to find here...except that the basis for providing just about any sort of security (network or otherwise) rests in that particular realm. Why try to keep intruders out of your network if you don't have the right to do so and if it isn't "wrong" for them to try and break in?

    Not your cup of tea? Don't worry. It's a short chapter, but a necessary one. Network security isn't just about port scans. Ok, Chapter 2, "Network Scanning" is probably more along the lines of what you expected. This chapter is typical of the content in O'Reilly's "power tools" series; half cookbook and half concept. You get information about how scanners work (yes, there is something for the beginner), host discovery and of course, port scanning.

    In a book this large and this varied, it would be almost impossible to comment on each and every detail, but I can say I was impressed with the practical layout of the book. Rather than taking the "shotgun" approach and just laying all of the data out there, this text puts everything in a proper order, so if a reference text is what you seek, you can find it here (I suppose you could read it cover to cover, but be prepared to be overwhelmed). The book is also well indexed (something more than a few books skimp on) so you won't have to depend just on the table of contents to find your way around.

    There aren't an over-abundance of screen captures and diagrams, but just enough to provide a good illustration (pardon the pun) of the points the writers are trying to make. Visuals are there to enhance the reader experience and to show the audience what is being described when the confirmation is needed. The same goes for the code examples included within the pages. Too much of both can be more of a distraction than a help. Fortunately, there were just about the right amount for my tastes.

    Oh, just in case you think that Cisco is the center of the universe, the authors are members of the Juniper Networks J-Security Team (for the most part), so while you can depend on your background in TCP/IP to help you understand the content, you may have to make something of an adjustment if Cisco products are your whole world. That said, in terms of operating system platforms, Windows, Linux, UNIX, and Mac OS are all well represented, so whether you work primarily with open or closed source, you'll find something in this book for you.

    You'll find the mother lode of network security "power tools" in this book, so if you're serious about security or perhaps, soon plan to be, pick up a copy of "Security Power Tools" and have a go at it. Even if you don't understand all of the content right off the bat, you'll be inspired to learn.
    Certifications: A+ and Network+
  2. Wassup

    Wassup Byte Poster

    this has just gone on my birthday wishlist , thanks trip :)

Share This Page