Recommended Reading are quick posts highlighting those books, courses and software that are true force-multipliers when it comes to getting started, getting better or getting ahead.
Network Security Assessment by Chris McNab is what we're looking at today - this is just a handy book period for anyone in the cybersecurity space. CREST recommend it as preparation for their CPSA and CRT exams for security analysts and penetration tester, and it makes fantastic background reading for anyone who wants hand--on knowledge of how to secure a network. Get it here.
What's In The Book?
Network Security Assessment is a brilliant book for pretty much anyone who's working, or planning to work in hands-on, in the trenches cybersecurity. It's a solid textbook - weighing in at 456 pages. Not a portable book, for sure - potentially one for the Kindle!
This book is the real deal - with short introductions to a variety of topics - split by chapter into different threats that can be used to attack an enterprise network.
They then get broken down into how they work, where the vulnerabilities lie in that protocol/vector and then illustrates with (code examples) techniques for exploitation.
Don't expect an easy read though, this book is very much a tactical, useful for day-to-day security work book and the writing style and presentation style is designed accordingly - this may not be the light reading you're after.
It is however, extremely thorough - running the gamut from how networks fit together, through routing protocols, DNS, password attacks, wireless - and throroughly educating you on each as you go.
How Easy Is It to Read?
This is not the easiest read. The writing style is not written to be super engaging, and it can come off as a little dry. However, everything in it is pretty much golddust for those starting their careers in this industry - and remains continually useful for those further down the road.
CREST recommend this book in their own documentation as solid preparation and recommended reading for their Practitioner Security Analyst (CPSA) and Registered Penetration Tester (CRT) examinations, but frankly it's worth reading in preparation for any cybersecurity qualification - it's that solidly written.
It doesn't take pains to ease you in though, so it might be something you do in multiple sittings.
You'll likely learn something a little different every time you open the book to a new page.
Does It Ever Get Past The Basics?
Absolutely. If you're brand new to this stuff, you'll learn so much you'll come on leaps and bounds. This is one of those books that you'll keep on the shelf and refer to over and over as you make it through your career - and routinely learn new things from - the practical examples being a big plus.
This book is more than enough for someone starting out, but like the Web Hacker's Handbook is less forgiving than something like Penetration Testing by Georgia Weidman for absolute beginners.
How much does it cost?
As can be seen here, the book is currently just over £27 on Amazon, and this is about right.
This book will serve you years into your career, and makes a great gift for someone starting out in this industry and wondering what to really learn.
Overall Impression: Great, if fairly dry and difficult tome on network security testing. Less forgiving for newcomers but ROI makes it more than worth it. Also handy for a variety of real-world certifications, it helped me pass the CREST CPSA/CRT in my journey into penetration testing.
Comments