Network Security Assessment

July 15, 2004
Network security assessment (see also Computer Media, LJ 8/03) involves identifying vulnerabilities so that they can be minimized, and these guides address the topic from varying perspectives. Case Studies delves into implementing the framework of network security standards (IAM, or Information Assurance Methodology) defined by the U.S. National Security Agency (NSA), while Network Security Assessment focuses partially on NSA IAM and partially on the UK's Government Communication Headquarters (GCHQ) security framework, CESG (Communications and Electronics Security Group) CHECK. Case Studies ' checklists, case studies, and sample templates create a practical and useful guide for firms that provide security assessments, individuals who have taken an IAM class, and organizations conducting security audits. A nice overview of an often-confusing topic, moving from the security contract stage through final reporting and follow-up. Network Security Assessment 's broader coverage--as well as its step-by-step discussion of security risks and how to combat or minimize them--makes it a good choice for those addressing security issues in general. Its take on multiple services and operating systems, and its real-world examples create a comprehensive, useful guide. Both are appropriate for larger libraries; buy McNab's if you can afford only one. For advanced administrators and security experts, Warrior addresses security assessment in general. It focuses most heavily, however, on the topic of reverse engineering, or of disassembling applications to see what is going on at their lowest levels. This allows administrators to dissect malware and spyware in order to disinfect and secure their systems more effectively. Its coverage of multiple environments and tools and the overview of attacks from a cracker's perspective make this an appropriate purchase for larger libraries.

Copyright 2004 Library Journal, LLC Used with permission.