This book focuses on installing, configuring and optimizing Nessus, which is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems. As with many open source programs, Nessus is incredibly popular, incredibly powerful, and incredibly under-documented. There are many Web sites (including nessus.org) where thousands of users congregate to share tips, tricks, and hints, yet no single, comprehensive resource exists. This book, written by Nessus lead developers, will document all facets of deploying Nessus on a production network.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 12 Ratings

Required reading for network administrators - 2005-02-04
Reviewer Rating:
The purpose of Nessus is to provide an Open Source Solution for network auditing on all Unix like systems. This book not only details using Nessus but also comes with a CD containing the program, as well as Ethereal, Snort, and Newt (a port of the program to the Windows environment).

What is a network assessment? At its basic level it is an attempt to detect a live system and then identify the computing environment, services, applications, and vulnerabilities on that system. Basically there are two types of assessment - internal and external. An internal assessment is done over the local network and external is done from outside the LAN. Nessus will do both types and the book details how to do either, or both of them.

The authors do an excellent job of detailing installation, setup, and how to interpret the results of a scan as well as various factors that can affect the report. One of the parts not to be missed is the discussion of not only the benefits but also the potential problems of scanning your system. Some of the vulnerability types scanned for include buffer overflows, default passwords, backdoors, information leaks, and denial of service.

The Nessus scripting language is covered in detail in Appendix A instead of the main portion of the book; a choice I appreciated very much as it allowed the flow of the book to not be interrupted by such a highly technical section. With Open Source products there generally is no organized technical support phone number you can call of help. So, the authors include information on how to get help via the Nessus User Community, mailing lists, and archives.

Nessus Network Auditing is a highly recommended book for anyone interested in auditing their network to find potential problems before they become reality.

Great book! - 2005-02-28
Reviewer Rating:
don't even try to use Nessus without Renaud's book. it is great.

Getting Old and Lacking Real Meat - 2008-08-04
Reviewer Rating:
First, it's old. Even if you're using the open source 2.x versions and not the commerical 3.x versions, you'll find the content to be a bit dated. Not a problem for the most part, as this book talks a lot about vuln scanning concepts and all that is still applicable. And the differences in GUI layout between the book and latest versions isn't hard to rectify just by clicking around a little. The age of the text is more of a problem in that it lacks discussions of current attacks.

Second, a lot of the book just covers basics about vuln scans and using nessus. Sorry, but for the money I paid for this book, I'm not seeing the value that other reviewers are referring to. IMHO lots of this basic usage and intro stuff is covered in numerous online articles (some of which are linked from Tenable's website on the Nessus documentation page). Even topics like dealing with false-positives are covered pretty well in those resources.

Granted, the reviews are generally from 2004 and 2005, and many of the articles I'm referring to were written after then. So maybe this book was really helpful at that time - but for anyone considering buying this book circa 2008 or later, save your money. Either wait for an updated edition or look at free resources online.

As for the "lack of meat", this book just doesn't go deep enough. Again, I'm not getting much insight beyond what I already found online. I've gleaned some good tips, but again, not enough to justify the length (and cost) of this book.

Worth a read. - 2007-08-23
Reviewer Rating:
Considering Nessus is one of the best free network monitoring tools on the market, this is a perfect book to get to start working with Network Systems Auditing. For people that have a decent working knowledge with multi-platforms and Networking, this book is a good way to get your feet wet with to start preparing for your CISA Cert.

Excellent primer for new Nessus users - 2005-07-25
Reviewer Rating:
A good source for experienced users and a must read for novices.

At times the syntax of this book leaves a bit to be desired (the editors could have done a better job at polishing the final product). You cannot, however get a better source for Nessus information than the creator himself, who is a contributor to the book.

I would highly reccomend this book.