Security Books - Page 6

The Best Damn Firewall Book Period

Syngress

Amazon Price: $59.95 List Price: $59.95 Available for download now By: Syngress

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> General
Subjects -> Business & Investing -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Security

Customer Reviews:
Total reviews: 9 Average rating: 4.0 of 5

Another Damn Firewall Book comma 1 out of 5 stars.
10 of 18 people found this review helpful.

Another firewall book comma
has lots and lost of information, none of which is definitive
Do yourself a favor and purchase something more precise to the firewall your trying to implement, such as the the Umer kahn book about cisco pix, or any of the other numerous titles that cover more specific ideas
buying this book is like buying The Best Damn Cookbook when your lookin for a book on baking cookies (period)

overly presumptuous, grossly incomplete, less then definitive, can you tell im bored (period)

Good Enough 4 out of 5 stars.
6 of 6 people found this review helpful.

This book will help you with basic and intermediate setups of certain firewalls. Of all the commercial firewalls out there, it allows you to look good in front of clients with various types. However to become advanced, I suggest FW speccific bppks.

Editorial Review:

The Best Damn Firewall Book Period covers the most popular Firewall products, from Cisco's PIX Firewall to Microsoft's ISA Server to CheckPoint NG, and all the components of an effective firewall set up. Anything needed to protect the perimeter of a network can be found in this book.

Stealing the Network: How to Own the Box

Ryan Russell, Ido Dubrawsky, FX, Joe Grand, Tim Mullen

Amazon Price: $34.26 List Price: $49.95 Usually ships in 24 hours By: Syngress Amazon Marketplace: 26 new & used starting at $17.61

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Hacking

Customer Reviews:
Total reviews: 32 Average rating: 4.5 of 5

Useful, readable illustration of computer security concepts 4 out of 5 stars.
3 of 3 people found this review helpful.

_Stealing the Network: How to Own the Box_ has 10 stories with a first person narrator, who is either an attacker, or in two cases, a defender. While the characterization isn't up to the standards of (good) commercial fiction* in most cases, it makes the technical medicine go down easier and gives a picture of who and why people do this stuff. That picture is useful in making an abstraction feel more like a concrete threat.

I think this would be a good intro for a non-technical manager of security staff who needs to know why we have to worry about these things. It's a faster read than Bruce Schneir's admirable _Secrets and Lies_, which is a straight discussion of how to think about security, and probably more rigorous and complete. This offers specific examples and leads to many similar lessons. I will read the next one, How to Own a Continent, when its turn comes up in the queue.

One quibble: for a book published in 2003, with a chapter that mentions Snort a couple of times, I was disappointed in the Laws of Security Appendix. Specifically, the Law that "Any IDS can be Evaded" contains some material that is way out of date. To state that "free ones are starting to come available" at least a decade after Shadow, and at least a couple of years after Snort surpassed proprietary intrusion detection solutions, is a bit, well, weird. Snort is big time - Checkpoint just bought the company that writes it. The two chapters telling a defender's tale refer to Snort.

Also, I'm not convinced of the law's validity. The escalation between intrusion evaders and detectors is an interesting one but I think IDS has the advantage in this go-round. We can detect it, if we're watching the right things. Many of the evasion techniques are themselves alertable!

Apart from that, I found myself nodding in agreement with most of what was said. This taught me some things, and I've read pretty widely. This title is available cheap if you look at used. Check it out.

*It's at least better than Tom Clancy, whose plots are the only thing separating him from pure cheese, the male equivalent of a romance novel.

Editorial Review:

"Stealing the Network: How to Own the Box is a unique book in the fiction department. It combines stories that are false, with technology that is real. While none of the stories have happened, there is no reason why they could not. You could argue it provides a road map for criminal hackers, but I say it does something else; it provides a glimpse into the creative minds of some of today’s best hackers, and even the best hackers will tell you that the game is a mental one." - from the foreword by Jeff Moss, President & CEO, BlackHat, Inc.

Hacking Exposed Web Applications, 2nd Ed. (Hacking Exposed)

Joel Scambray, Mike Shema, Caleb Sima

Amazon Price: $34.99 List Price: $49.99 Usually ships in 24 hours By: McGraw-Hill Osborne Media Amazon Marketplace: 49 new & used starting at $7.34

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Business & Culture -> Privacy
Subjects -> Computers & Internet -> Business & Culture -> Security

Customer Reviews:
Total reviews: 3 Average rating: 5.0 of 5

The best book to start your Web application hacking experience 5 out of 5 stars.
14 of 14 people found this review helpful.

I recently received copies of Hacking Exposed: Web Applications, 2nd Ed (HE:WA2E) by Joel Scambray, Mike Shema, and Caleb Sima, and Professional Pen Testing for Web Applications (PPTFWA) by Andres Andreu. I read HE:WA2E first, then PPTFWA. Both are excellent books, but I expect potential readers want to know which is best for them. I could honestly recommend readers buy either (or both) books. Most people should start by reading HE:WA2E, and then fill in gaps by reading PPTFWA.

Before proceeding I should note I used to work with the two ex-Foundstone authors of HE:WA2E, although I haven't been afraid in the past to review books honestly.

I read and reviewed the first edition of HE:WA about four years ago, and I rated that book five stars. Authors like Scambray and Shema exemplify the best aspects of the HE series: explaining technology, then showing how to exploit it. Frequently the first time security people hear about new applications is when they are being attacked. By digesting books in the core HE series, readers become familiar with the latest services, their flaws, and attacks against those technologies. HE:WA2E continues this tradition.

I was pleased to see HE:WA2E is largely a thorough reworking of the first edition. (This has not always been the case with HE books, considering there are five editions.) In one case, however, this worked against the authors. Ch 8 (Attacking XML Web Services) references non-existent material in Ch 1. Ch 1 in HE:WA2E is completely different from Ch 1 in the first edition, which contains the referenced diagram. A positive aspect of the rewrite is the frequent reference to outside material, instead of repeating techniques and tools already published. Combined with the extensive chapter-ending references list, this makes for a book packed with value. Note that the second edition still offers 520 pp, vastly exceeding the 386 pp of the first.

HE:WA2E is very consulting-oriented, which delivers some excellent real-world experience. For example, Ch 2 (Profiling) explains how to identify and deal with load balancers and web application firewalls. This seems to contrast with PPTFWA which says, for "IDS/IPS Systems," "[m]ake sure your client disables these." I thought HE:WA2E took a more realistic approach to this problem.

HE:WA2E's major weakness is its coverage of Web Services. PPTFWA does a better job addressing this important area. In fact, HE:WA2E's Web Services coverage seems fairly similar to the first edition's material. PPTFWA also includes a larger variety of attacks and tools, albeit in a manner not as organized as HE:WA2E. Ch 12 of HE:WA2E would be conceptually stronger if so-called "threat trees" were called "attack trees," as originally developed by Bruce Schneier in 1999. Furthermore, the list of "threats" on pp 404-5 are mostly vulnerabilities. The figures of Ollydbg in Ch 12 are also too small.

Despite these issues, I think HE:WA2E is the best general-purpose Web application security book available. I would definitely add it to your HE library. In other words, if you have HE:5E, you still need HE:WA2E. If you have the first edition of HE:WA, it's time for an update. After reading HE:WA2E, read PPTFWA. Perhaps both sets of authors could collaborate on a comprehensive Web app attack, defend, and test virtual machine, building on the one Andres Andreu built?

Editorial Review:

Implement bulletproof e-business security the proven Hacking Exposed way

Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.

Honeypots: Tracking Hackers

Lance Spitzner

Amazon Price: $30.89 List Price: $44.99 Usually ships in 24 hours By: Addison-Wesley Professional Amazon Marketplace: 35 new & used starting at $4.40

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Hacking

Customer Reviews:
Total reviews: 12 Average rating: 5.0 of 5

For anyone invested with cyber security responsibilities 5 out of 5 stars.
2 of 3 people found this review helpful.

Honeypots: Tracking Hackers By Lance Spitzner (Senior Security Architect for Sun Microsystems, Inc.) is an advanced computer science text to understanding and making use of "honeypots" (technological systems specifically designed to be compromised by online attackers) as burglar alarms, incident response systems, or tools for gathering information about hackers in order to better guard the security of one's compter data. Technical know-how, advanced theory, guidance from three legal experts, and more fill the pages of this excellent and very strongly recommended resource for anyone invested with cyber security responsibilities. An accompanying CD-ROM contains white papers, source code, and data captures of real attacks to facilitate the deployment of honeypot solutions to serious computer problems.

Editorial Review:

The ultimate guide to this rapidly growing cutting-edge technology. Written with the guidance of three legal experts, this material covers issues of privacy, entrapment, and liability. Softcover. CD-ROM included.

Dr. Tom Shinder's Configuring ISA Server 2004

Debra Littlejohn Shinder, Thomas W Shinder

Amazon Price: $49.95 List Price: $49.95 Available for download now By: Syngress

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Security
Subjects -> Computers & Internet -> General
Subjects -> Computers & Internet -> General AAS

Customer Reviews:
Total reviews: 20 Average rating: 4.0 of 5

Editorial Review:

Dr. Tom and Debra Shinder have become synonymous with Microsoft's flagship firewall product ISA Server, as a result of Tom's prominent role as a member of the beta development team, and Tom and Deb's featured placement on both Microsoft's ISA Server Web site and ISAserver.org. Tom and Deb's book on the first release of the product "Configuring ISA Server 2000" dominated the ISA Server 2000 book market having sold over 40,000 copies worldwide, and the ISA Server community is eagerly awaiting Tom and Deb's book on ISA Server 2004, which is the dramatically upgraded new release from Microsoft.

Dr. Tom and Debra Shinder have become synonymous with Microsoft's flagship firewall product ISA Server, as a result of Tom's prominent role as a member of the beta development team, and Tom and Deb's featured placement on both Microsoft's ISA Server Web site and ISAserver.org. Tom and Deb's book on the first release of the product "Configuring ISA Server 2000" dominated the ISA Server 2000 book market having sold over 40,000 copies worldwide, and the ISA Server community is eagerly awaiting Tom and Deb's book on ISA Server 2004, which is the dramatically upgraded new release from Microsoft. This book will be featured prominently on the ISAserver.org home page as well as referenced on Microsoft TechNet and ISA Server Web pages. Tom and Deb's unparalleled technical expertise combined with prime on-line marketing opportunities will make this the #1 book again in the ISA Server market.

* This book will provide readers with unparalleled information on installing, confiuguring, and troubleshooting ISA Server 2004 by teaching readers to: * Deploy ISA Server 2004 in small businesses and large organizations.

* Learn how to configure complex DMZ configurations using ISA Server 2004's new network awareness features and built-in multinetworking capabilities.

* Learn how to take advantage of ISA Server 2004's new VPN capabilities!

The Hacker's Handbook: The Strategy Behind Breaking into and Defending Networks

Susan Young, Dave Aitel

List Price: $97.95 By: Auerbach Publications Amazon Marketplace: 19 new & used starting at $47.99

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Business & Culture -> Security
Subjects -> Computers & Internet -> Certification Central -> General

Customer Reviews:
Total reviews: 5 Average rating: 4.0 of 5

Editorial Review:

The Hacker's Handbook: The Strategy Behind Breaking Into and Defending Networks, moves ahead of the pack of books about digital security by revealing the technical aspects of hacking that are least understood by network administrators. This is accomplished by analyzing subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific technical components and administrative tasks, providing theoretical background that prepares network defenders for the always-changing and creative tools and techniques of intruders.This book is divided into three parts. Part I introduces programming, protocol, and attack concepts. Part II addresses subject areas (protocols, services, technologies, etc.) that may be vulnerable. Part III details consolidation activities that hackers may use following penetration. Each section provides a "path" to hacking/security Web sites and other resources that augment existing content. Referencing these supplemental and constantly-updated resources ensures that this volume remains timely and enduring. By informing IT professionals how to think like hackers, this book serves as a valuable weapon in the fight to protect digital assets.

Forensic Discovery (Addison-Wesley Professional Computing Series)

Dan Farmer, Wietse Venema

Amazon Price: $35.99 List Price: $44.99 Usually ships in 24 hours By: Addison-Wesley Professional Amazon Marketplace: 46 new & used starting at $9.78

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Hacking

Customer Reviews:
Total reviews: 15 Average rating: 4.5 of 5

Editorial Review:

"Don't look now, but your fingerprints are all over the cover of this book. Simply picking it up off the shelf to read the cover has left a trail of evidence that you were here. "If you think book covers are bad, computers are worse. Every time you use a computer, you leave elephant-sized tracks all over it. As Dan and Wietse show, even people trying to be sneaky leave evidence all over, sometimes in surprising places. "This book is about computer archeology. It's about finding out what might have been based on what is left behind. So pick up a tool and dig in. There's plenty to learn from these masters of computer security." --Gary McGraw, Ph.D., CTO, Cigital, coauthor of Exploiting Software and Building Secure Software "A wonderful book. Beyond its obvious uses, it also teaches a great deal about operating system internals." --Steve Bellovin, coauthor of Firewalls and Internet Security, Second Edition, and Columbia University professor "A must-have reference book for anyone doing computer forensics. Dan and Wietse have done an excellent job of taking the guesswork out of a difficult topic." --Brad Powell, chief security architect, Sun Microsystems, Inc. "Farmer and Venema provide the essential guide to 'fossil' data. Not only do they clearly describe what you can find during a forensic investigation, they also provide research found nowhere else about how long data remains on disk and in memory. If you ever expect to look at an exploited system, I highly recommend reading this book." --Rik Farrow, Consultant, author of Internet Security for Home and Office "Farmer and Venema do for digital archaeology what Indiana Jones did for historical archaeology. Forensic Discovery unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder." --Richard Bejtlich, technical director, ManTech CFIA, and author of The Tao of Network Security Monitoring "Farmer and Venema are 'hackers' of the old school: They delight in understanding computers at every level and finding new ways to apply existing information and tools to the solution of complex problems." --Muffy Barkocy, Senior Web Developer, Shopping.com "This book presents digital forensics from a unique perspective because it examines the systems that create digital evidence in addition to the techniques used to find it. I would recommend this book to anyone interested in learning more about digital evidence from UNIX systems." --Brian Carrier, digital forensics researcher, and author of File System Forensic Analysis The Definitive Guide to Computer Forensics: Theory and Hands-On Practice Computer forensics--the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators--is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present a thorough and realistic guide to the subject. Dan Farmer and Wietse Venema cover both theory and hands-on practice, introducing a powerful approach that can often recover evidence considered lost forever. The authors draw on their extensive firsthand experience to cover everything from file systems, to memory and kernel hacks, to malware. They expose a wide variety of computer forensics myths that often stand in the way of success. Readers will find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for writing one's own forensic tools.The authors are singularly well-qualified to write this book: They personally created some of the most popular security tools ever written, from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins. After reading this book you will be able to *Understand essential forensics concepts: volatility, layering, and trust *Gather the maximum amount of reliable evidence from a running system *Recover partially destroyed information--and make sense of it *Timeline your system: understand what really happened when *Uncover secret changes to everything from system utilities to kernel modules *Avoid cover-ups and evidence traps set by intruders *Identify the digital footprints associated with suspicious activity *Understand file systems from a forensic analyst's point of view *Analyze malware--without giving it a chance to escape *Capture and examine the contents of main memory on running systems *Walk through the unraveling of an intrusion, one step at a time The book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links.

Stealing the Network: How to Own an Identity (Stealing the Network)

Timothy Mullen, Ryan Russell, Riley Eller, Jay Beale, FX FX, Chris Hurley, Tom Parker, Brian Hatch, Johnny Long

Amazon Price: $27.40 List Price: $39.95 Usually ships in 24 hours By: Syngress Amazon Marketplace: 25 new & used starting at $22.95

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Home Computing -> Internet -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Digital Law
Subjects -> Computers & Internet -> Business & Culture -> Hacking

Customer Reviews:
Total reviews: 9 Average rating: 4.0 of 5

Editorial Review:

You Are Who the Computer Says You Are

The first two books in this series, Stealing the Network: How to Own the Box and Stealing the Network: How to Own a Continent, have become classics in the Hacker and Infosec communities because of their chillingly realistic depictions of criminal hacking techniques and strategies. But what happens when the tables turn, and the criminal hackers become the targets of both law enforcement and each other? What happens when they must evade detection by creating new identities and applying their skills to get out fast and vanish into thin air. In Stealing the Network: How to Own an Identity, the hacker crew you've grown to both love and hate find themselves on the run, fleeing from both authority and adversary. They must now use their prowess in a way they never expected--to survive...

From the Diary of Robert Knoll, Senior My name, my real name, is Robert Knoll, Senior. No middle name. Most of those who matter right now think of me as Knuth. But I am the man of a thousand faces, the god of infinite forms.

Identity is a precious commodity. In centuries past, those who fancied themselves sorcerers believed that if you knew a being's true name, you could control that being. Near where I live now, there are shamans who impose similar beliefs on their people. The secret is that if you grant such a man, an agency, this power over yourself through your beliefs or actions, then it is true.

Only recently has this become true in the modern world. The people of the world have granted control of their existence to computers, networks, and databases. You own property if a computer says you do. You can buy a house if a computer says you may. You have money in the bank if a computer says so. Your blood type is what the computer says it is. You are who the computer says you are.

TOC

Part I Evasion

Prologue From the Diary of Robert Knoll, Senior

Chapter 1 In The Beginning

Chapter 2 Sins of the Father

Chapter 3 Saul on the Run

Chapter 4 The Seventh Wave

Chapter 5 Bl@ckTo\/\/3r

Chapter 6 The Java Script Caf

Chapter 7 Death by a Thousand Cuts

Chapter 8 A Really Gullible Genius Makes Amends

Chapter 9 Near Miss

Chapter 10 There's Something Else

Epilogue: The Chase

Part II Behind the Scenes

Chapter 11 The Conversation

Chapter 12 Social Insecurity

Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals

James Foster

Amazon Price: $49.95 List Price: $49.95 Available for download now By: Syngress

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Security
Subjects -> Computers & Internet -> Certification Central -> Exams -> Security+
Subjects -> Computers & Internet -> General

Customer Reviews:
Total reviews: 8 Average rating: 4.0 of 5

Editorial Review:

The book is logically divided into 5 main categories with each category representing a major skill set required by most security professionals:

1. Coding - The ability to program and script is quickly becoming a mainstream requirement for just about everyone in the security industry. This section covers the basics in coding complemented with a slue of programming tips and tricks in C/C++, Java, Perl and NASL.

2. Sockets - The technology that allows programs and scripts to communicate over a network is sockets. Even though the theory remains the same - communication over TCP and UDP, sockets are implemented differently in nearly ever language.

3. Shellcode - Shellcode, commonly defined as bytecode converted from Assembly, is utilized to execute commands on remote systems via direct memory access.

4. Porting - Due to the differences between operating platforms and language implementations on those platforms, it is a common practice to modify an original body of code to work on a different platforms. This technique is known as porting and is incredible useful in the real world environments since it allows you to not "recreate the wheel."

5. Coding Tools - The culmination of the previous four sections, coding tools brings all of the techniques that you have learned to the forefront. With the background technologies and techniques you will now be able to code quick utilities that will not only make you more productive, they will arm you with an extremely valuable skill that will remain with you as long as you make the proper time and effort dedications.

*Contains never before seen chapters on writing and automating exploits on windows systems with all-new exploits.

*Perform zero-day exploit forensics by reverse engineering malicious code.

*Provides working code and scripts in all of the most common programming languages for readers to use TODAY to defend their networks.

Stealing the Network: How to Own a Shadow (Stealing the Network)

Johnny Long, Tim Mullen, Ryan Russell

Amazon Price: $31.46 List Price: $49.95 Usually ships in 24 hours By: Syngress Amazon Marketplace: 38 new & used starting at $25.71

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Business & Culture -> Security
Subjects -> Computers & Internet -> Certification Central -> General

Customer Reviews:
Total reviews: 11 Average rating: 3.5 of 5

Editorial Review:

The best-selling Stealing the Network series reaches its climactic conclusion as law enforcement and organized crime form a high-tech web in an attempt to bring down the shadowy hacker-villain known as Knuth in the most technically sophisticated Stealing book yet. . As with previous title, How to Own a Shadow is a fictional story that demonstrates accurate, highly detailed scenarios of computer intrusions and counter-strikes. In How to Own a Shadow, Knuth, the master-mind, shadowy figure from previous books, is tracked across the world and the Web by cyber adversaries with skill to match his own. Readers will be amazed at how Knuth, Law Enforcement, and Organized crime twist and torque everything from game stations, printers and fax machines to service provider class switches and routers steal, deceive, and obfuscate. From physical security to open source information gathering, Stealing the Network: How to Own a Shadow will entertain and educate the reader on every page. The book;' companion Web site will also provide special, behind-the-scenes details and hacks for the reader to join in the chase for Knuth.