Penetration Testing and Network Defense (Cisco Press Networking Technology)

Penetration Testing and Network Defense (Cisco Press Networking Technology) (Paperback)
ISBN: 1587052083, Paperback: 624 pages, Publisher: Cisco Press (October 31, 2005)
Cisco is the leading of networking technology of the 20 and 21 century, and understand that security is no one time mission but require network design, testing etc. to build a secure environment. As part of Cisco Press release on security topics, I found a nice book:
Penetration Testing and Network Defense (Cisco Press Networking Technology) (Paperback)
That's introduce an interesting method to guide how to build a secure environment and protect
Networks by using Cisco and third party tools (Most of them from the open source filed).
Authors background:
Andrew Whitaker, CCSP(tm), is the Director of Enterprise InfoSec and Networking for TechTrain, where he performs penetration tests and teaches ethical hacking and Cisco® courses. He has been working in the IT industry for more than ten years, specializing in Cisco and security technologies, and has performed penetration tests for numerous financial institutions and Fortune 500 companies.
Daniel P. Newman, CISSP, CCSP, has been in the computer industry for over 12 years specializing in application programming, database design and network security for projects all over the world. He is the managing director and chief security officer for Tribal Knowledge Security and specializes in penetration testing and advanced technical training in Cisco, Microsoft, and Ethical Hacking topics.
Readers Pre-Requirements:
Although I couldn't found pre-requirements for the book readers, I can recommended using this book to readers that answer to the following pre-requirements:
1. Have basic knowledgebase in Linux/Unix administrations.
2. Have good knowledgebase in TCP/IP Networking design and implementations
(Recommended to have at least CCNA and CCDA Certifications)
3. Have at least two years of experience in SMB-Enterprise infrastructure administrations.
Book Structure:
The book build as 16 self study chapters that's cover most of the information that's ethical hacker (or beginner penetration tester) needs.
The book begin with a nice introduction on the reasons that companies should use penetration testing and divided this reasons to major stages that's parallel to known security models (Like: C.I.A. :Confidentiality, Integrity, Availability).
The next chapters review the requirements to penetration testing and legal issues with penetration testing.
Chapter 2 - Legal and Ethics Considerations - Should cover more information from my point of view and add a warning message to people that work as penetration testers that need legal support from the law team from the test company and the target test company should be used.
Most of the companies and the management (Usually in states outside the United States) don't understand the consequence of this tests and don't know what to do with the test results.
Also, due the privacy invasion and the current laws against privacy invasion - this topic is very important to understand and to know how to handle.
Add this information to this book can help to complete the missing information in Chapter 2.
The next chapters cover most of the public known attack technique and give a real life scansions and solutions for attacks.
My conclusion is: The book is recommended to each IT staff and beginner penetration tester.

Best Regards,

Yuval Sinay

Other Reviews

• A Cisco book not limited to cisco devices.
• Four stars if published in fall 2003 instead of fall 2005
• Penetration Testing and Network Defense (Cisco Press Networking Technology)