From Book News, Inc.
Deraison, a computer security consultant, explains the latest features of Nessus in this book/CD-ROM package. Step-by-step instructions show how to perform a vulnerability assessment, install Nessus, modify preferences, deal with false positives, and scan the entire enterprise network. The CD-ROM contains the open-source tools Nessus, Snort, and Ethereal. The book is distributed in the US by O'Reilly.Copyright © 2004 Book News, Inc., Portland, OR

Book Description
This book focuses on installing, configuring and optimizing Nessus, which is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems. As with many open source programs, Nessus is incredibly popular, incredibly powerful, and incredibly under-documented. There are many Web sites (including nessus.org) where thousands of users congregate to share tips, tricks, and hints, yet no single, comprehensive resource exists. This book, written by Nessus lead developers, will document all facets of deploying Nessus on a production network.

About the Author
Jay Beale is a security specialist focused on host lockdown and security audits. He is the lead developer of the Bastille project, which creates a hardening script for Linux, HP-UX, and Mac OS X; a member of the Honeynet Project; and the Linux technical lead in the Center for Internet Security. A frequent conference speaker and trainer, Jay speaks and trains at the Black Hat and LinuxWorld conferences, among others. He co-authored the Syngress international best-seller Snort 2.0 Intrusion Detection (ISBN: 1-931836-74-4) and serves as the series and technical editor of the Syngress Open Source Security series. HD Moore is one of the founding members of Digital Defense, a security firm that was created in 1999 to provide network risk assessment services. In the last four years, Digital Defense has become one of the leading security service providers for the financial industry, with over 200 clients across 43 states. Noam Rathaus is the co-founder and CTO of Beyond Security, a company specializing in the development of enterprise-wide security assessment technologies, vulnerability assessment-based SOCs (security operation centers) and related products. He has contributed to several security-related open-source projects including an active role in the Nessus security scanner project. Renaud Deraison is the Founder and the primary author of the open-source Nessus vulnerability scanner project. He has worked for SolSoft, and founded his own computing security consulting company, Nessus Consulting. Raven Alder is a Senior Security Engineer for True North Solutions, a consulting firm specializing in network security design and implementation. She specializes in scalable enterprise-level security, with an emphasis on defense in depth. George A. Theall is a frequent contributor to the Nessus mailing lists, is the author of several popular Nessus-related tools and has also contributed rewrites of several of the supplemental scripts and associated documentation in Nessus, to be distributed starting with version 2.2.

FROM THE PUBLISHER

Ever since its beginnings in early 1998, the Nessus Project has attracted security researchers from all walks of life. It continues this growth today. It has been adopted as a de facto standard by the security industry, many of whom rely on Nessus as the foundation to their security practices. Now, Nessus Project Founder Renaud Deraison and a team of leading developers have created the definitive book for the Nessus community.

SYNOPSIS

The ONLY Book to Read if You Run Nessus Across the Enterprise

Ever since its beginnings in early 1998, the Nessus Project has attracted security researchers from all walks of life. It continues this growth today. It has been adopted as a de facto standard by the security industry, vendor, and practitioner alike, many of whom rely on Nessus as the foundation to their security practices.  Now, Nessus project founder Renaud Deraison  and a team of leading developers have created the definitive book for the Nessus community.

* Perform a Vulnerability AssessmentUse Nessus to find programming errors that allow intruders to gain unauthorized access.

* Obtain and Install Nessus Install from source or binary, set up up clients and user accounts, and update your plug-ins.

* Modify the Preferences TabSpecify the options for Nmap and other complex, configurable components of Nessus.

* Understand Scanner Logic and Determine Actual RiskPlan your scanning strategy and learn what variables can be changed.

* Prioritize VulnerabilitiesPrioritize and manage critical vulnerabilities, information leaks, and denial of service errors.

* Deal with False PositivesLearn the different types of false positives and the differences between intrusive and nonintrusive tests.

* Get Under the Hood of NessusUnderstand the architecture and design of Nessus and master the Nessus Attack Scripting Language (NASL).

* Scan the Entire Enterprise NetworkPlan for enterprise deployment by gauging network bandwith and topology issues.

 Your Solutions Membership Gives You Access to:Comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page"From the Author" Forum where the authors post timely updates and links to related sitesThe complete code listings from the book