Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Nmap Network Scanning", Gordon Lyon

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKNMAPNS.RVW 20090118 Nmap Network Scanning , Gordon Lyon, 2009, 978-0-9799587-1-7, U$49.95 %A Gordon Lyon fyodor@insecure.org http://nmap.org/book %C
    Message 1 of 1 , Apr 29, 2009
      BKNMAPNS.RVW 20090118

      "Nmap Network Scanning", Gordon Lyon, 2009, 978-0-9799587-1-7, U$49.95
      %A Gordon Lyon fyodor@... http://nmap.org/book
      %C 370 Altair Way #113, Sunnyvale, CA 94086
      %D 2009
      %G 978-0-9799587-1-7 0-9799587-1-7
      %I Nmap Security Scanner Project
      %O U$49.95
      %O http://www.amazon.com/exec/obidos/ASIN/0979958717/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0979958717/robsladesin03-20
      %O Audience i+ Tech 2 Writing 2 (see revfaq.htm for explanation)
      %P 468 p.
      %T "Nmap Network Scanning"

      Nobody who is involved in network administration or security needs any
      introduction to Nmap, the most widely used network mapping tool. The
      preface to this book states that it is full documentation (as could be
      expected from the creator of the utility), intended for Nmap users at
      all levels. In addition to the features and functions of the program,
      the work covers general tasks and applications in real world
      conditions and environments.

      Even if you are not familiar with Nmap, chapter one is a presentation
      of the uses of the program (in a couple of fictional, and one real,
      settings). For those with limited background there are useful outside
      references, guides, and tools listed, but even with these resources
      not all of the cases presented are clear. There is an interesting
      discussion of the legality or advisability of port scanning, and a
      brief version history of Nmap. Chapter two covers installation and
      options for various operating systems. Host discovery, in chapter
      three, uses Nmap as well as some other tools. The examples are
      outlined clearly, but not always fully explained (particularly for
      non-Nmap utilities). The text is not always transparent upon initial
      reading, but some work and diligence in looking up references (often
      within the book itself) will usually clarify matters. A brief
      introduction to ports starts off the material on port scanning, in
      chapter four, which then lists basic Nmap options. Chapter five
      describes a number of more advanced patterns, useful for determining
      additional information not immediately available or obvious in normal
      traffic (or sometimes obfuscated). Some ideas for optimising Nmap
      performance are listed in chapter six. Chapter seven explains options
      related to determining what applications are running on a system,
      along with two examples. Similarly, chapter eight deals with
      identification and resolution of operating systems.

      Chapter nine explains the Nmap Scripting Engine (NSE) structures,
      language, and options, in a usably detailed fashion. Activities
      specific to detecting and evading firewalls and IDSs (Intrusion
      Detection Systems) are covered in chapter ten. It is, therefore, only
      fair play that chapter eleven deals with issues of detecting and
      protecting against Nmap and other scanning tools being used to explore
      or penetrate a system.

      Chapter twelve describes the Zenmap user interface which can be added
      as a front end to Nmap. Output and reporting options are reviewed in
      chapter thirteen. Nmap data files, and the customization they can
      provide, are explained in chapter fourteen. Chapter fifteen is a
      reference guide summary of the command line options: a printed version
      of the Nmap man page.

      Lyon fundamentally fulfills his objective. This is comprehensive
      documentation for the utility: in addition, it demonstrates how the
      tool can be used effectively in the real world. In some places the
      author has been a little too cute in an attempt to inject humour: in
      other sections the text is demanding and could have been written more
      clearly. However, the guide is solidly written, overall, and useful
      for pretty much any network analyst or network security analyst.

      copyright Robert M. Slade, 2009 BKNMAPNS.RVW 20090118

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Be a scribe! Your body will be sleek, your hand will be soft. You
      are one who sits grandly in your house; your servants answer
      speedily; beer is poured copiously; all who see you rejoice in
      good cheer. Happy is the heart of him who writes; he is young
      each day. - Ptahhotep, Vizier to Isesi, 5th Dynasty, 2300 BC
      http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.