Books

Chris Brenton, Cameron HuntSybex, 2001.

Hits: 126
Rate it
Comment on it

Ellen Messmer writes: By authors Mike Shema and Bradley C. Johnson, the book "Anti-Hacker Toolkit, Second Edition" weighs in at 808 pages of useful information about the tools that hackers use and the methods network managers can deploy to fight back against them.

Hits: 102
Rate it
Comment on it

"Written by Paul Wolfe, Charlie Scott and Mike Erwin, the 'Anti-Spam Toolkit' is a 417-page guide to the various options for stopping the flood of unwanted e-mail clogging today's mail systems."

Hits: 37
Rate it
Comment on it

"In Beyond Fear, Bruce Schneier invites us to take a critical look at not just the threats to our security, but the ways in which we're encouraged to think about security by law enforcement agencies, businesses of all shapes and sizes, and our national governments and militaries. Schneier believes we all can and should be better security consumers, and that the trade-offs we make in the name of security - in terms of cash outlays, taxes, inconvenience, and diminished freedoms - should be part of an ongoing negotiation in our personal, professional, and civic lives, and the subject of an open and informed national discussion."

Hits: 39
Rate it
Comment on it

Written by Paul Reid, this 252-page guide offers an easy-to-read exposition to deploying biometrics technologies, including fingerprint, face, voice and iris.

Hits: 81
Rating: 7.60
Rate it
Comment on it

This overview of the many biometrics technologies, including fimgerprint, hand geometry, facial and voice recognition, and eye biometrics, explains how they work and some of the legal considerations, such as privacy concerns, that govern their use. Of the three authors, John Woodard, Jr. is a senior policy analyst at public-research organization RAND; Nicholas Orlans works at McLean, Va.-based MITRE Corp. as an engineer in biometrics research; and Peter Higgins is a consultant who worked at the FBI on one of the world' largest fingerprint automation project, IAFIS. $34.99.

Hits: 130
Rate it
Comment on it

"This authoritative reference offers complete coverage of all material on the Certified Information Systems Security Practitioner (CISSP) exam. You'll find exam objectives at the beginning of each chapter, helpful exam tips, end-of-chapter practice questions, and photographs and illustrations. The bonus CD-ROM contains practice tests and hundreds of questions. This comprehensive guide not only helps you pass this challenging certification exam, but will also serve as an invaluable on-the-job reference."

Hits: 149
Rate it
Comment on it

"Topics covered: The subjects covered by the Certified Information Systems Security Professional (CISSP) exam published by the International Information Systems Security Certification Consortium, including cryptography, access control, security policy, legal matters, and the physical safety of information, equipment, and people."

Hits: 118
Rate it
Comment on it

"The Concise Guide to Enterprise Internetworking and Security will provide network professionals with the information they need to securely design and maintain an efficient and scaleable Internet connection. It will not only include planning solutions, but office bandwidth delivery technologies, security practices, hardware considerations and testing as well."

Hits: 100
Rate it
Comment on it

"Topics covered: How black-hat hackers work, what tools and techniques they use, and how to assess and improve your systems' defenses. The author explains how Windows, Unix, and TCP/IP can be exploited for nefarious purposes, and details a modus operandi that's typical of the bad guys."

Hits: 106
Rating: 10.00
Rate it
Comment on it

Ellen Messmer writes: Authored by three Ernst & Young Security Services partners, this book is a basic primer for upper-level corporate executives in managing security risks related to applications and network use in their organizations. It explains the fundamentals of intrusion-detection systems, VPNs, firewalls and password controls to the uninitiated, who may well be the one in authority to pay for it all. The book includes a foreword by former New York mayor Rudy Giuliani, who exorts business execs to get wise to network security and the liability issues that can clobber them. "This is not a situation that can be solved just by increasing corporate security budgets," claims Giuliani, to which most IT managers would probably respond, "It couldn't hurt."

Hits: 79
Rating: 10.00
Rate it
Comment on it

Ellen Messmer writes: This book, "ISA Server 2004," is indeed just about that - Microsoft's ISA VPN/firewall and how to configure it for corporate use. At 1022 pages in total, this tome aims for comprehensiveness, blending more high-level technical description with the occasional detailed step-by-step instruction that network managers should find informative and readable.

Hits: 76
Rate it
Comment on it

How it is that hackers and computers worms take advantage of software is the topic of this 471-page volume by Greg Hoglund and Gary McGraw. The authors, who can tell you the difference between content-based buffer overflows and arithmetic errors in memory management, may strike an academic tone but their advice should prove helpful to computer programmers everywhere who want to at least be as smart as their hacker adversaries.

Hits: 142
Rating: 10.00
Rate it
Comment on it

Written by Brian Carrier, this 568-page book delves into the technical intricacies of preserving the digital crime scene and duplicating hard disks.

Hits: 6
Rate it
Comment on it

Ellen Messmer writes: Written by Dan Farmer and Wietse Venema, known for teaming on the creation of the SATAN network security scanner years back, the volume they've co-authored tackles the topic of analyzing digital evidence. The scope of their book primarily concerns Unix and Linux but not Windows, and doesn't include much discussion of commercial computer-forensic tools. Rather, the authors concentrate on technical explanations of how computer systems work, how lost files can be recovered and why, and how to discover the purpose of a program file left behind after an intrusion.

Hits: 9
Rate it
Comment on it

"Here's easy-to-understand book that introduces you to fundamental network security concepts, principles, and terms, while providing you with practical techniques that you can apply on the job. It helps you identify the best type of intrusion detection system for your environment, develop organizational guidelines for passwords, set general computer security policies, and perform a security review and risk assessment."

Hits: 133
Rate it
Comment on it

Ellen Messmer writes: Authored by Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness and Michael Lester, this "ethical hacking" guide takes on the topics of penetration testing tools, common exploits, vulnerability analysis and closing the holes.

Hits: 143
Rate it
Comment on it

"Chirillo gives you step-by-step guidance on how to keep the hacks out of your network using the same powerful Tiger Box tools that hackers use to detect and penetrate network vulnerabilities. Drawing on his experience as a consultant hired by Fortune 1000 companies to break into their corporate networks, Chirillo covers all the necessary security steps - from system to daemon - and helps you tie the information together to create a highly effective security policy."

Hits: 101
Rate it
Comment on it

Presents the reader with approximately twenty computer-security incident "case studies," including the evidence as log files, network maps and so on, to allow the reader to determine exactly what occurred. The detailed answers to these security puzzles are available in the second half of this 322-page book, written by Mike Schiffman, Adam O'Donnell, Bill Pennington and David Pollino. $27.99.

Hits: 95
Rate it
Comment on it

Ellen Messmer writes: Not for the faint of heart, this 737-page book on hacker techniques and some defenses for them is an encyclopedia of mischief for hacking Windows, Novell NetWare, Unix, dial-up, PBX, voicemail, VPNs, wireless, firewalls and the Web. Authored by Stuart McClure, president of Foundstone, Joel Scambray, senior director of Security for Microsoft's MSN and George Kurtz, CEO of Foundstone, this volume is the updated fourth version of "Hacking Exposed" and tries to stay one jump ahead of the hacker script-kiddies. $29.99.

Hits: 398
Rating: 7.00
Rate it
Comments: (3)

Ellen Messmer writes: "This 541-page volume tells you how attackers may seek to undermine Windows Server 2003 and other Microft-based products. Interestingly enough, it's co-authored by Joel Scambray, senior director of MSN Security for Microsoft, along with Stuart McClure, president and chief technology officer at security firm Foundstone, with consultant Chip Andrews listed as contributing author. While the book does contain some trite suggestions such as "Keep up with vendor patches--religiously!", something no one who uses Microsoft products needs to be told again, the book is loaded with remarkable detail on the mind-boggling number of ways to subvert Windows-based servers. Fortunately, the book is also chockful of countermeasures, too."

Hits: 112
Rating: 10.00
Rate it
Comment on it

Ellen Messmer writes: Published as part of Wiley Publishing's "Dummies" series with its familiar yellow cover, the book "Hacking for Dummies" informs IT professionals how to go about arranging extensive ethical-hacking penetration tests for every facet of their organization's network. Written by Kevin Beaver, this 358-page volume also covers remediation and counter-measures as well as offering guidance on getting management buy-in to a process that can be disruptive or even controversial.

Hits: 151
Rate it
Comment on it

An extensive technical guide on Linux security and defending against hacker attacks. Over 700 pages, the book delves into local user attacks, break-ins from the outside, mail and Web server security issues, denial-of-service attacks and discovering and recovering from an attack.

Hits: 86
Rate it
Comment on it

Ellen Messmer writes: Written by a cast of ten information security consultants from Foundstone, this 228-page volume seeks to be a kind of reference manual for Windows and Unix administrators that want to tighten security. While hackers are probably already familiar with the information in this book, "Network Security Portable Reference" offers admins a crash course in how hackers regard their networks -including a list of "useful ports and services in the hacking process" and where trojan horses tend to reside.
$20.99.

Hits: 46
Rate it
Comment on it

A 200-page guide to protecting systems against a variety of hacker techniques, plus a how-to on monitoring, data recovery and software patching. $31.49

Hits: 84
Rate it
Comment on it

"Topics covered: Internetwork Operating System (IOS) commands you can use to protect Cisco Systems routers from a variety of attacks. Specialized sections deal with security assessment, auditing, access control, privileges, optional services, and the legal importance of your login banners' contents."

Hits: 210
Rate it
Comment on it

"Written in a clear, easy-to-understand style, this book gives readers the opportunity to look at security from various perspectives; it grounds them firmly in the history and fundamentals of the field, as well as prepares them for today's most difficult security challenges. Topics comprehensively covered in this book include: the use of technology in physical security; understanding security in the context of setting; security scenarios; public and private police relations; legal liability; internal resource identification; external community connections; and more."

Hits: 19
Rate it
Comment on it

Written by Ron Ben Natan, chief technical officer at Guardium, this 413-page volume tackles preferred security measures for Oracle, SQL Server, DB2, Sybase, and MySQL.

Hits: 57
Rate it
Comment on it

Ellen Messmer writes: Authored by Foundstone consultants Chris Prosise, Kevin Mandia and Matt Pepe, this 507-page volume tackles a wide range of topics, from preparing to conduct incident response investigations to collecting forensics and writing reports. It also includes mention of some commercial products used in monitoring, forensics and network traffic analysis.
$27.99.

Hits: 50
Rate it
Comment on it

"Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for use by practitioners to conduct the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Preparing for the examination is a major effort because it requires a thorough understanding of the topics contained in the Common Body of Knowledge (CBK) for the field as specified in the Generally Accepted Systems Security Principles (GASSP)." $69.97

Hits: 113
Rate it
Comment on it

Ellen Messmer writes: Authored by Sun Microsystems' engineers Li Gong and Gary Ellison with assistance from software-documentation consultant Mary Dageforde, this 356-page book describes access control, authentication, digital certificates and general security policies for Java 2. The book is intended for Java programmers interested in focusing on Java underlying security architecture so they can take full advantage of it.

$44.99.

Hits: 47
Rate it
Comment on it

Ellen Messmer writes: By authors Jelena Mirkovic, Sven Dietrich, David Dittrich and Peter Reiher, the book explains in detail how distributed denial-of-service attacks are carried out by perpetrators, the legal issues that surround criminal prosecution, and some of the commercialproducts out on the market for mitigating DDDos attacks.

Hits: 22
Rate it
Comment on it

"Written by an experienced information security specialist, Investigating Computer-Related Crime is tailored to the needs of corporate information professionals and investigators. It gives a step-by-step approach to understanding and investigating security problems, and offers the technical information, legal information, and computer forensic techniques you need to preserve the security of your company's information.Investigating Computer-Related Crime discusses the nature of cyber crime, its impact in the 21st century, its investigation and the difficulties encountered by both public law enforcement officials and private investigators."

Hits: 10
Rate it
Comment on it

Ellen Messmer writes:

The author, Linda McCarthy, is touted as the executive security advisor in Symantec's CTO division; former vice president of systems engineering at Recourse Technologies and prior to that, senior vice president at Netsec and manager of security research at Sun Microsystems. The book she has written - which she emphasizes in a preface is "not a work of fiction. This is a collection of real security audits" - is a collection of her real-world adventures with the names of corporations and individuals changed. While the tales are amusing enough, they ultimately fail to satisfy since they awkwardly straddle that netherworld between fact and fiction. Take the example of the fictionally-named "Wall Street giant" that McCarthy dubs "InterMint Financial" where systems administrators "Jose and Dawn" seem to be "clueless."

"I found all the legal systems to be wide open," McCarthy writes with the breathless tone that characterizes the whole book, while also noting, "No doubt InterMint's lawyers would have been appalled."

This book is good as a detective novel, but the moral of the story tends to always be that people are pretty clueless about security.

Hits: 54
Rate it
Comment on it

"Covers every significant J2SE and J2EE security mechanism, presenting practical implementation techniques for the entire J2EE project lifecycle: analysis, design, development, deployment and operations."

Hits: 51
Rate it
Comment on it

Ellen Messmer writes: The danger that emerges when the cunning combine virus code and encryption is the topic of this 392-page volume by Adam Young and Moti Yung. The result of blending a virus and cryptographic techniques might be a computer worm that could encrypt the files stored in computers it attacks, rendering access to the information impossible. Or it might be a trojan horse that makes use of digital signatures for optimum control by its maker. The varying possibilities, laid out in the jargon of the crypto geek, is both a wake-up call to corporations and governments, and unfortumately, a textbook for putting cryptovirology into action.

Hits: 40
Rate it
Comment on it

"A direct port of the MCNS course, providing you with a comprehensive, self-paced training solution. This book helps you, the network professional understand the risks to modern networks and how to install, configure, operate, manage, and verify Cisco network security products and Cisco IOS software features that enable network security."

Hits: 101
Rate it
Comment on it

Ellen Messmer writes: Written by Tom Patterson and Scott Gleeson Blue, the book Mapping Security presents an overview for the chief security officer on the ins and outs of building secure systems around the world. The book offers managerial advice related to European and Scandinavian countries, the Americas, the Middle East and Asia.

Hits: 11
Rate it
Comment on it

Ellen Messmer writes: Written by Hewlett-Packard security expert Wenbo Mao, this 700-page volume is an extensive technical look atprivate-key and public-key cryptographic schemes. The book is targeted towards college students in advanced computer science courses and security engineers in high-tech companies. $38.49.

Hits: 71
Rate it
Comment on it

"Using steps laid out by professional security analysts and consultants to identify and assess risks, Network Security Assessment offers an efficient testing model you can adopt, refine, and reuse to create proactive defensive strategies to protect your systems from the threats that are out there, as well as those still being developed. This thorough and insightful guide covers offensive technologies by grouping and analyzing them at a higher level -from both an offensive and defensive standpoint -helping administrators design and deploy networks that are immune to offensive exploits, tools, and scripts."

Hits: 15
Rate it
Comment on it

Written by Tom Thomas, this 456-page book starts by defining security basics, including VPNs, intrusion detection, and content filtering, and proceeds to detail how to implement security in Cisco's routers, switches, firewalls and wireless LANs.

Hits: 54
Rate it
Comment on it

"This information-packed book provides over 100 quick, practical, and clever things to do to help make your Linux, Unix, or Windows networks more secure today. It goes beyond securing TCP/IP-based services by providing intelligent, host-based security techniques. Loaded with concise but powerful examples of applied encryption, intrusion detection, logging, trending, and incident response, Network Security Hacks demonstrates effective methods for defending your servers and networks from a variety of devious and subtle attacks. Learn how to detect the presence (and track every keystroke) of network intruders, new methods for protecting your network and data using strong encryption, and even techniques for laying traps for would-be system crackers."

Hits: 24
Rate it
Comment on it

"Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library's advanced features. And, instead of bogging you down in the technical details of how SSL works under the hood, this book provides only the information that is necessary to use OpenSSL safely and effectively." $27.97.

Hits: 96
Rate it
Comment on it

"Coverage includes: All-new discussions of the Advanced Encryption Standard (AES), IPsec, SSL, and Web security; Cryptography: In-depth, exceptionally clear introductions to secret and public keys, hashes, message digests, and other crucial concepts; Authentication: Proving identity across networks, common attacks against authentication systems, authenticating people, and avoiding the pitfalls of authentication handshakes; Core Internet security standards: Kerberos 4/5, IPsec, SSL, PKIX, and X.509; Email security: Key elements of a secure email system-plus detailed coverage of PEM, S/MIME, and PGP; Web security: Security issues associated with URLs, HTTP, HTML, and cookies; Security implementations in diverse platforms, including Windows, NetWare, and Lotus Notes." $54.99.

Hits: 103
Rate it
Comment on it

Ellen Messmer writes: This 853-page volume, authored by Roberta Bragg, Mark Rhodes-Ousley and Keith Strassberg, spans the topics of network, application, operating system and physical security. It provides solid detail on basic technology and strategy without an excess of product definition that might render this worthy volume obsolete in a fast-changing industry.

Hits: 35
Rate it
Comment on it

Ellen Messmer writes: This updated version of the Unix security guide first published in 1991 and again in 1996 has the three authors, Simson Garfinkel, Gene Spafford and Alan Schwartz, focusing on what they say are the four most common versions of Unix today: Solaris, Linux, FreeBSD, and MacOS X. The book specifically excludes the so-called "trusted Unix" versions that include enhancements such as compartmentalization, data labelling and access control features prefered by some government agencies. The wide-ranging 954-page book on Unix security is targeted towards the technically-adept administrator who wants to take practical steps to secure systems. $38.47.

Hits: 71
Rate it
Comment on it

RADIUS provides a complete, detailed guide to the underpinnings of the RADIUS protocol, with particular emphasis on the utility of user accounting. Author Jonathan Hassell draws from his extensive experience in Internet service provider operations to bring practical suggestions and advice for implementing RADIUS. He also provides instructions for using an open-source variation called FreeRADIUS."

Hits: 15
Rate it
Comment on it

"Safeguard your Linux systems against today's most vicious attacks!; Realistic, step-by-step techniques from one of the world's leading Linux security experts; Covers IP Tables, ARP attacks, adaptive firewalls, VPNs, wireless networks, Samba, monitoring, 2.4 kernel security, and much more; Quick and effective recovery from intrusions; CD-ROM contains important new tools for monitoring networks and locking out hackers."

Hits: 100
Rate it
Comment on it

"Topics covered: The kinds of attacks--against Windows 2000 and Linux systems--that are covered on the SANS Institute's Global Information Assurance Certification (GIAC) exam, as well as the software tools and configuration strategies that you can use to protect your systems against them. The authors cover many attacks--including Trojans, host spoofs, and others--and many defensive weapons (like firewalls and intrusion detection systems)." $34.99

Hits: 103
Rate it
Comment on it

Ellen Messmer writes: Intended for systems managers supporting the OpenBSD operating system in their organizations, this 518-page book covers hardware, installation, default services, X Window System, domain name services, Web servers with Apache, OpenSSH, Kerberos, authnetications modes, IPSec and much more.

Hits: 139
Rate it
Comment on it

"Learn how to help protect your messaging infrastructure from attack with this focused guide to Microsoft Exchange Server 2003 security features and tactics. Written by an Exchange Server expert, with insights gleaned directly from the Exchange Server 2003 development team, this guide details new system features and delves into client-server, server-Internet, and server-client security options—all in a single, comprehensive volume. Topics include physical and operational security; threat assessment and modeling; deployment considerations; SMTP relaying; content control/filtering; virus protection; spam; security features for Internet communications and clients, including Microsoft Office Outlook, Outlook Web Access, IMAP, and POP; intrusion detection/monitoring; backup and recovery; and security auditing."

Hits: 55
Rate it
Comment on it

Ellen Messmer writes: Intended to be read primarily by customers of Sun Microsystems, this book is likely to tell you everything you ever wanted to know about managing Secure Shell technology on the Solaris Operating Environment.
$39.

Hits: 49
Rate it
Comment on it

Ellen Messmer writes: Intended primarily for customers using Sun Microsystems' Solaris operating enviroment 2.5.1 or newer, this volume expects readers to have knowledge equivalent to a Sun certified administrator or Sun certified network administrator for Solaris. That said, this 365-page volume by Sun engineers Alex Noordegraaf and Glenn Brunette is an in-depth "how-to" guide for using the Solaris Security Toolkit software.
$40.

Hits: 57
Rate it
Comment on it

"Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters."

Hits: 87
Rate it
Comment on it

Authored by Bryan Costales and Marcia Flynt, the book addresses spam prevention when the mail transfer agent is sendmail as part of the Unix, Linux and BSD family of operating systems.

Hits: 25
Rate it
Comment on it

Written by security consultant Robert Slade, this 215-page volume is intended as an introductory guide to collecting computer-crime evidence that complies with legal requirements for it.

Hits: 21
Rate it
Comment on it

"Spam Kings: The Real Story behind the High-Rolling Hucksters Pushing Porn, Pills, and %*@)# Enlargements is the first book to expose the shadowy world of the people responsible for the junk email problem. Author and veteran investigative journalist Brian S. McWilliams delivers a compelling account of the cat-and-mouse game played by spam entrepreneurs in search of easy fortunes and those who are trying to stop them."

Hits: 29
Rate it
Comment on it

"Addresses SQL Server vulnerabilities and provides security solutions. Covers installation, administration, and programming--plus security issues such as authentication, encryption, intrusion detection, and more. Written for IT professionals administering or programming any SQL Server-based application--includes coverage of SQL Server 7, SQL Server 2000, and SQL Server (Yukon)."
$34.99.

Hits: 43
Rate it
Comment on it

Stealing the Network: How to Own the Box is a unique book in the fiction department. It combines stories that are false, with technology that is real. While none of the stories have happened, there is no reason why they could not. You could argue it provides a road map for criminal hackers, but I say it does something else; it provides a glimpse into the creative minds of some of today’s best hackers, and even the best hackers will tell you that the game is a mental one." - from the foreword by Jeff Moss, President & CEO, BlackHat, Inc.

Hits: 39
Rate it
Comment on it

Written by Peter Szor, security architect for Symantec's virus-research devision, this volume sums up techniques used by computer-virus investigators to combat malicious code and insight into how they come up with disinfection methods.

Hits: 73
Rate it
Comment on it

By authors Julie Lucas and Brian Moeller, this book covers the basics of what a security response team does, how it fits inside the orhanization as well as staffing and computer forensics issues.

Hits: 35
Rate it
Comment on it

Ellen Messmer writes: This straightforward and easy-to-read book by Allan Liska on the fundamentals of network security, ranging from firewalls and VPNs to monitoring of routers, switches and servers, is a useful starting point for any network administrator. However, don't expect to find a large amount of information related to specific products on in-depth treatment of the latest barrage of network attacks.

Hits: 50
Rate it
Comment on it

"Written by Jack Koziol with six contributing authors, the 620-page volume is a technical guide to vulnerabilities in Windows, Linux and Solaris, in addition to database applications. The authors detail exploits and possible countermeasures."

Hits: 33
Rating: 10.00
Rate it
Comment on it

"Voice Over Internet Protocol Security has been designed to help the reader fully understand, prepare for and mediate current security and QoS risks in todays complex and ever changing converged network environment and it will help you secure your VoIP network whether you are at the planning, implementation, or post-implementation phase of your VoIP infrastructure."

Hits: 454
Rate it
Comment on it