I've been playing around with Nessus. Boy can you get a lot of false positives with it, but it's fun to play with. You really need to know a little about what you're doing, for example it finds a flaw in my anonymous only OpenBSD ftpd(8) that got patched nearly 2 years ago, so a report can easily appear unnecessarily alarmist. That said, there are probably many unpatched servers left on the Internet ...
Apart from that I'm reading "Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition" by William R. Cheswick, Steven M. Bellovin and Aviel D. Rubin. It is very good.
Author M. G. Liebach
LastMod 2016-05-01 (9fc4632)