UKUUG home


(the UK's Unix & Open Systems User Group)






Book Discounts

Other Discounts

Mailing lists






Network Security Assessment Chris McNab
Published by O'Reilly Media
396 pages
£ 28.50
Published: 6th April 2004
reviewed by Andrew Cormack
   in the June 2004 issue (pdf), (html)

It has often, and probably accurately, been suggested that intruders looking at networks from the outside know more about them than the managers whose job it is to run them. This new book may go some way to redressing the balance. Chris McNab explains how network managers can use the same techniques and tools as the intruders to examine their own networks and identify security weaknesses. With any tool having both good and bad uses it is important to be clear about the differences. Here it is best stated in the preface: intruders use tools to make security worse, network managers use tools to identify problems, fix them and improve the process that failed to prevent them being there in the first place.

The book begins with the process of host and network enumeration: simply finding out what networks and computers there are out there. Much of this information can be obtained from public sources such as whois and DNS databases without even visiting the target network. Even Google can be used for information gathering, though much of what is discovered is likely to be useful for social engineering attacks, which are not the main focus of the book. Traditional port scanning can then be used to confirm which hosts and services are active: the author gives a good review of the various techniques, their speed, accuracy and visibility.

Most security vulnerabilities arise in network services, so the bulk of the text concentrates on these. Grouping services into chapters by function is an excellent idea, which allows the principles as well as specific problems to be covered. Details of particular attacks will go out of date, but it is surprising (and depressing) how many old bugs are still out there on the Internet. Chapters describe remote information services, web, remote maintenance, FTP and databases, windows networking, e-mail, VPN and RPC services. In each case information can be gathered using standard system tools, auditing software or exploit programs: most of these can be downloaded from the Internet. For those who want to know how exploits work, there is a detailed technical description of buffer overflows, integer overflows and format string bugs, which is sometimes hard going but worth persevering with. Each chapter ends with a useful checklist of countermeasures that system and network managers should be using to protect themselves against the attacks described.

The final chapter brings all this together by walking through the security assessment of a small network, identifying weaknesses and recommending short and long term security improvements. The approach demonstrated, first identifying active machines, then identifying the type and version of each of the services they run, provides a sound framework for anyone performing their own assessment. Every assessment should have a clear objective, defined in advance, and this will control what techniques are used. If the objective is to ensure that a firewall is correctly configured, for example, it will not be necessary or appropriate to research or exploit individual vulnerabilities in services accidentally left exposed. The truly expert security analyst knows when to stop.

The book mentions some very powerful tools, and occasionally blurs the line between proper and improper use. To place it firmly on the side of the good guys there should be a mention of which tools can be safely used on a production network, as aggressive scanning or probing of vulnerabilities can cause systems or routers to crash. A reminder that many of the techniques described are illegal if not done with proper authorisation would also be welcome. Many readers of the book will be horrified to learn just how leaky their computers are: if nothing else the book is an excellent argument for a robust firewall. Others will want use the tools and techniques to learn how to make their own networks secure. Before you do this, please make sure you are entitled to do so and be very careful not to mistype your IP address and probe the network next door!

Back to reviews list

Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
More information

Page last modified 02 Apr 2007
Copyright © 1995-2011 UKUUG Ltd.