Network Security Assesment by Chris McNab is mostly pointless. It's stated purpose is to enable security conscious web admins to test their own security by running probes.
I don't see the point of putting this in a book, though. It's not for beginners, it's much to difficult to understand for that. But it's not for more advanced admins, either. Mostly it's just a list of bugs and exploits that networks are vunerable to and some ways of testing your own network for these vunerablities. The problem is that any admin worth his salt would be subscribed to half a dozen bug fix and security mailing lists already. So why buy the book? You could get most of this info by looking through the slashdot archives.
So what's the point of this book? Mostly so an ex-hacker can sell his consulting business. The author is a former black hat system cracker in his teen years who is now trying to make it in the consulting business. It would look really good on a resume or brochure to say you literally "wrote the book" on network security.
Save your money, just do a google search on network security and trawl usenet.
Article comments
1 - jadester
short and to the point.
It seems to be the case with a good many network security books these days that they simply reproduce easy-to-find info that can be obtained for free (excepting your internet access costs) online.
2 - Chris McNab
Isn't the point with such books that the information is freely available - but time has been spent by an author organizing the information, weeding out any incorrect or irrelevant details, and presenting it in an easy to read way?
The feedback i've received has been positive from administrators, as they don't have to trawl through securityfocus, CVE, and other archives in search of the information.
As for the consulting business plug, I mention my employer in passing, and do not plaster company logos on the cover (a la Hacking Exposed and Foundstone), so I don't see what the problem is there.
The O'Reilly catalog page for the book, with table of contents and sample chapter, is at http://www.oreilly.com/catalog/networksa/