Penetration Testing and Network Defense 1st Edition

This is my first ethical hacker book, it is very exciting!!. Covers almost every aspect of penetration testing in good length. Explains many types of scans a penetration tester can and can't perform, gives specific reason why you should choose to perform those different types of scan, which ones you should use to keep from being detected.It gives an easy to understand explanation of types of attacks, how to performed, tools needed, and how to protect/detect from such attacks. It also discusses the difficulty of detecting certain of attacks.It also has an entire chapter regarding the legal considerations and implication of penetration testing. And the great thing about this book is that even though it is cisco book, it covers many divices and operatings system.

Penetration Testing and Network Defense (Cisco Press Networking Technology) (Paperback)ISBN: 1587052083, Paperback: 624 pages, Publisher: Cisco Press (October 31, 2005)Cisco is the leading of networking technology of the 20 and 21 century, and understand that security is no one time mission but require network design, testing etc. to build a secure environment. As part of Cisco Press release on security topics, I found a nice book:Penetration Testing and Network Defense (Cisco Press Networking Technology) (Paperback)That's introduce an interesting method to guide how to build a secure environment and protectNetworks by using Cisco and third party tools (Most of them from the open source filed).Authors background:Andrew Whitaker, CCSP(tm), is the Director of Enterprise InfoSec and Networking for TechTrain, where he performs penetration tests and teaches ethical hacking and Cisco® courses. He has been working in the IT industry for more than ten years, specializing in Cisco and security technologies, and has performed penetration tests for numerous financial institutions and Fortune 500 companies.Daniel P. Newman, CISSP, CCSP, has been in the computer industry for over 12 years specializing in application programming, database design and network security for projects all over the world. He is the managing director and chief security officer for Tribal Knowledge Security and specializes in penetration testing and advanced technical training in Cisco, Microsoft, and Ethical Hacking topics.Readers Pre-Requirements:Although I couldn't found pre-requirements for the book readers, I can recommended using this book to readers that answer to the following pre-requirements:1. Have basic knowledgebase in Linux/Unix administrations.2. Have good knowledgebase in TCP/IP Networking design and implementations (Recommended to have at least CCNA and CCDA Certifications)3. Have at least two years of experience in SMB-Enterprise infrastructure administrations.Book Structure:The book build as 16 self study chapters that's cover most of the information that's ethical hacker (or beginner penetration tester) needs.The book begin with a nice introduction on the reasons that companies should use penetration testing and divided this reasons to major stages that's parallel to known security models (Like: C.I.A. :Confidentiality, Integrity, Availability).The next chapters review the requirements to penetration testing and legal issues with penetration testing.Chapter 2 - Legal and Ethics Considerations - Should cover more information from my point of view and add a warning message to people that work as penetration testers that need legal support from the law team from the test company and the target test company should be used.Most of the companies and the management (Usually in states outside the United States) don't understand the consequence of this tests and don't know what to do with the test results.Also, due the privacy invasion and the current laws against privacy invasion - this topic is very important to understand and to know how to handle.Add this information to this book can help to complete the missing information in Chapter 2.The next chapters cover most of the public known attack technique and give a real life scansions and solutions for attacks.My conclusion is: The book is recommended to each IT staff and beginner penetration tester.Best Regards, Yuval Sinay

First of all, I want to say that the authors did a superb job writing Penetration Testing and Network Defense. Overall, I was very pleased with the book. It is definitely an asset to all areas of Information Technology and Information Security. The book appears to have been written for any experience level or even job level for that matter. There is a good balance between theory, best practices, demonstrations, and case studies.Personally, I found that the book was easy to read. The thing that is seen with most security books is that the material is often dry and boring. I didn't find this to be true with this book. Although technical terms are used in introducing particular tools, explanations are easy to understand as metaphors/analogies are used to simplify the concepts for inexperienced users. The authors were able to clearly demonstrate tools by using real world examples which the reader can relate to.Another thing I found helpful was the fact that all of the examples were short and to the point. The authors did not go on and on about useless information. They tell you about the tool/vulnerability, show you how it works, how the vulnerability can be exploited, and how to defend against it.Furthermore, although there are thousands of tools available, the authors did an exceptional job in making selections for discussion in this book. Although they couldn't possibly cover each and every tool, the authors did make references to external sources throughout the book. In addition, an appendix section was organized with hundreds of tools. Each tool contains a brief description and the link to the website where the reader can experiment on their own time.To conclude, I highly recommend this book. It is an essential resource for penetration testers, network administrators, and security professionals. I look forward to reading other books in the Security line of Cisco books.

I found the book a bit dated. The book seemed more about Network Defense than Pen testing. For someone interested in Pen testing, there are much better books available