Security & Encryption Books - Page 4

Security+ Certification All-in-One Exam Guide

Gregory White

Amazon Price: $39.68 List Price: $62.99 Usually ships in 24 hours By: McGraw-Hill Osborne Media Amazon Marketplace: 47 new & used starting at $25.00

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Certification Central -> Publisher -> Osborne-McGraw-Hill

Customer Reviews:
Total reviews: 24 Average rating: 4.0 of 5

Not really all-in-one 3 out of 5 stars.
2 of 2 people found this review helpful.

In my opinion this book is pretty good for study material, but the things it lacks are more in-depth thinking questions for every chapter.

I am not sure about the writing style. This book does have formal way of writing to present the materials but it sometime overlaps with previous chapters which made me feel boring. I prefer an easier to understand writing style instead of formal.

If this book is arranged and written according to compTIA objectives just like sybex does with its books, I think this will make the reader easier to navigate the area that they want to focus more.

This book covers cryptography in great details which is good, even though not all of them will be examined, such as the way how the algorithm is written and the formula.

As for other things, this book is good enough, worth reading but to really pass security+ exam, other books are recommended in combination with this book. I passed the exam with the help of this book along with sybex Fast Pass and got the measureup from newhorizon which is a training center that I used.

Editorial Review:

All-in-One is all you need! This authoritative reference offers complete coverage of all material on the Security+ certification exam. You'll find exam objectives at the beginning of each chapter, helpful exam tips, end-of-chapter practice questions, and photographs and illustrations. The bonus CD-ROM contains a testing engine with questions found only on the CD. This comprehensive guide not only helps you pass this challenging exam, but will also serve as an invaluable on-the-job reference.

Management of Information Security

Michael E. Whitman, Herbert J. Mattord

Amazon Price: $97.95 List Price: $97.95 Usually ships in 24 hours By: Course Technology Amazon Marketplace: 39 new & used starting at $4.68

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> MIS
Subjects -> Business & Investing -> Management & Leadership -> Leadership
Subjects -> Business & Investing -> General

Customer Reviews:
Total reviews: 4 Average rating: 4.0 of 5

Philosophical (Textbook) exposition of InfoSec 4 out of 5 stars.
17 of 19 people found this review helpful.

If you're looking to get down into the nitty-gritty of infosec, for ways and methods of securing networks and systems, then this probably isn't the book you need. This is a textbook and so it overs a fairly high level viewpoint, even philosophical approach, to infosec. The granualarity just isn't there for the practising person to gain much from this in a substantive way.

That said, the book does provide a readable and useful overview of all aspects of the infosec planning and administration process. Each chapter has questions yet no answers. Chapters include:

Introduction to the management of info sec
Planning for infosec
Planning for contingencies
Information security policy
Developing the security program
Security Management models and practices
Risk Management: identifying and assessning risk
RIsk Management: Assessing and controlling risk
Protectiion Mechanisms
Personnel and security
Law and Ethics
Information Security Project management (the weakest chapter in the book...meant as an introduction)

While the authors won't tell you how to configure a firewall for example, they will teach you who, how and why this must be done and what must be done to guide and support decisions like this in an organizational environment. This book is about top down security management. It teaches you to use policy, procedures, people, programs, projects and planning in a three dimenional security matrix: confidentiality, integrity, availability, security, transmission, processing, policy, technology and education/training with regard to people, data, hardware, software and procedures, all within the methodology of the secSDLC. So it is a philsophical journey thorugh the heart of the matter written by two guys who obviously know and enjoy their subject.

This books is well written and has a number inserts highlighting differrent things like different types of attacks, concepts like human firewalls and such that enhance the readability while leading a connection to reality that threatens to become a little tenuous when dealing with much abstraction.

SO, a good textbook. I used it for a subject I took and found it useful. WHile it may be a little dry at times, due to the technical nature of the material, if you are serious about learning information security then the need to be consistently entertained is probably just a little alien to your nature anyway. This book will give you an excellent grounding in the things you should be condisering and doing when planning, analyzing, designing, implementing and managing and maintaining infosec.

An excellent addition and support for the material presented in the book- as referred by the authors- is bunch of free materials published by the National Institute of Standards and Technology, found at the computer security resource center. These include papers such as SP 800-12, SP 800-14, and so forth. The website is http://csrc.nist.gov/publications/nistpubs/ It is important to check this out if you are serious about infosec. This book is a good starting point for deliving deeper into that world.

Editorial Review:

Management of Information Security is designed for senior and graduate-level business and information systems students who want to learn the management aspects of information security. This text takes a "view from the top" and presents important information for future managers regarding information security. The material covered in this text is often part of a capstone course in an information security.

Network Security Assessment: Know Your Network

Chris McNab

Amazon Price: $29.16 List Price: $39.95 In stock soon. Order now to get in line. First come, first served. By: O'Reilly Media, Inc. Amazon Marketplace: 26 new & used starting at $4.41

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Privacy

Customer Reviews:
Total reviews: 21 Average rating: 4.5 of 5

Very good book for security policy enablers and admins 5 out of 5 stars.
3 of 3 people found this review helpful.

This is one of the few books that I have come across that focuses mainly on the innards of security assessments. The services based security and counter measures are helpful for threat modeling. This book is really great for people in the security risk and threat analysis for a quantitative and qualitative validation. Good book to help in setting up corporate security policy model.

Other people have already provided a good chapter wise run-down so I will skip that here...

Buy this book :)

Editorial Review:

If you're a network administrator, you're under pressure to defend your systems from attack. But short of devoting your life to becoming a security expert, what can you do to ensure the safety of your mission critical systems? Using steps laid out by professional security analysts and consultants to identify and assess risks, Network Security Assessment offers an efficient testing model you can adopt, refine, and reuse to create proactive defensive strategies to protect your systems from the threats that are out there, as well as those still being developed. This thorough and insightful guide covers offensive technologies by grouping and analyzing them at a higher level--from both an offensive and defensive standpoint--helping administrators design and deploy networks that are immune to offensive exploits, tools, and scripts. If you need to develop and implement a security assessment program, you'll find everything you're looking for in this time-saving new book.

Stealing Your Life: The Ultimate Identity Theft Prevention Plan

Frank W. Abagnale

Amazon Price: $16.47 List Price: $24.95 Usually ships in 24 hours By: Broadway Amazon Marketplace: 54 new & used starting at $7.16

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Personal Finance -> General
Subjects -> Business & Investing -> Personal Finance -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Culture

Customer Reviews:
Total reviews: 11 Average rating: 4.5 of 5

Editorial Review:

The charismatic forger immortalized in the film Catch Me If You Can exposes the astonishing tactics of today’s identity theft criminals and offers powerful strategies to thwart them based on his second career as an acclaimed fraud-fighting consultant.
Consider these sobering facts:

        *Six out of ten American companies and government agencies have already been hacked.

        *An estimated 80 percent of birth certificate requests are fulfilled through the mail for people using only a name and a return address. So I could take your name and use my address, and get your birth certificate. From there I’m off to the races.

        *Americans write 39 billion checks a year, and half of these folks never reconcile their bank statements.

        *A Social Security number costs $49 on the black market. A driver’s license goes for $90. A birth certificate will set you back $79.


When Frank Abagnale trains law enforcement officers around the country about identity theft, he asks officers for their names and addresses and nothing more. In a matter of hours he can obtain everything he would need to steal their lives: Social Security numbers, dates of birth, current salaries, checking account numbers, the names of everyone in their families, and more. This illustrates how easy it is for anyone from anywhere in the world to assume our identities and in a matter of hours devastate our lives in ways that can take years to recover from. Considering that a fresh victim is hit every four seconds, Stealing Your Life is the reference everyone needs by an unsurpassed authority on the latest identity theft schemes.

Abagnale offers dozens of concrete steps to transform anyone from an easy mark into a hard case that criminals are likely to bypass:

• Don’t allow your kids to use the computer on which you do online banking and store financial records (children are apt to download games and attachments that host damaging viruses or attract spyware).

• Beware of offers that appeal to greed or fear in exchange for personal data.

• Monitor your credit report regularly and know if anyone’s been “knocking on your door.”

• Read privacy statements carefully and choose to opt out of sharing information whenever possible.


Brimming with anecdotes of creative criminality that are as entertaining as they are enlightening, Stealing Your Life is the practical way to shield yourself from one of today’s most nefarious and common crimes.

MCSE Self-Paced Training Kit (Exam 70-298): Designing Security for a Microsoft® Windows Server(TM) 2003 Network (Training Kit)

Roberta Bragg

Amazon Price: $37.79 List Price: $59.99 Usually ships in 24 hours By: MSOFT - MICROSOFT PRESS - Model: 0-7356-1969-7 Amazon Marketplace: 49 new & used starting at $17.87

Buy at Amazon.com

Features:

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Certification Central -> Exams -> MCSE

Customer Reviews:
Total reviews: 16 Average rating: 3.0 of 5

Editorial Review:

Announcing an all-new MCSE TRAINING KIT designed to help maximize your performance on Exam 70-298, one of two core MCSE design exams. Written by well-known IT security consultant, columnist, and speaker Roberta Bragg, this kit packs the tools and features exam candidates want most—including in-depth, self-paced training based on exam content; exam tips from an expert, exam-certified author; and a robust testing suite. It also provides practice exercises and design activities for the skills and expertise you can apply to the job.

Focusing on designing security for a Microsoft Windows Server 2003 network, the official study guide covers gathering and analyzing business and technical requirements; creating the logical and physical design for a security-enhanced network infrastructure; designing an access control strategy for enterprise data; and creating physical design for a security-enhanced client infrastructure.

Ace your exam preparation by working at your own pace through the lessons, practices, design activites, and practice tests. The flexible, best-of-class testing suite features a test engine on the CD-ROM, 300 practice questions, and pre-assessment and post-assessment capabilities. Choose timed or untimed testing mode; generate random tests or focus on discrete objectives or chapters; and get detailed explanations for right and wrong answers—including a customized learning path to enhance further study. You also get a 180-day evaluation version of Windows Server 2003, Enterprise Edition software—making this kit an exceptional value and a great career investment.

Foundations of Security: What Every Programmer Needs to Know (Expert's Voice)

Neil Daswani, Christoph Kern, Anita Kesavan

Amazon Price: $22.63 List Price: $39.99 Usually ships in 24 hours By: Apress Amazon Marketplace: 59 new & used starting at $1.56

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Home Computing -> Internet -> General AAS

Customer Reviews:
Total reviews: 7 Average rating: 4.5 of 5

Editorial Review:

Information Technology is for everyone, not just geeks. But that means security is everyone's business, as you will discover in the pages of this excellent book!

— Vinton G. Cerf - a Founding Father of the Internet

This book serves as a great complement to the courses that make up the Stanford Center for Professional Development (SCPD) Security Certification Program. The book explains in detail how to defend against a wide range of attacks, and teaches principles of secure system design.

— Dr. Dan Boneh, Associate Professor, Computer Science and Electrical Engineering, Stanford University

Foundations of Security: What Every Programmer Needs to Know teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems. Once youre enabled with the techniques covered in this book, you can start to alleviate some of the inherent vulnerabilities that make todays software so susceptible to attack. The book uses web servers and web applications as running examples throughout the book.

For the past few years, the Internet has had a "wild, wild west" flavor to it. Credit card numbers are stolen in massive numbers. Commercial web sites have been shut down by Internet worms. Poor privacy practices come to light and cause great embarrassment to the corporations behind them. All these security-related issues contribute at least to a lack of trust and loss of goodwill. Often there is a monetary cost as well, as companies scramble to clean up the mess when they get spotlighted by poor security practices.

It takes time to build trust with users, and trust is hard to win back. Security vulnerabilities get in the way of that trust. Foundations of Security: What Every Programmer Needs To Know helps you manage risk due to insecure code and build trust with users by showing how to write code to prevent, detect, and contain attacks.

• The lead author cofounded the Stanford Center for Professional Development Computer Security Certification.
• This book teaches you how to be more vigilant and develop a sixth sense for identifying and eliminating potential security vulnerabilities.
• Youll receive hands-on code examples for a deep and practical understanding of security.
• Youll learn enough about security to get the job done.

Microsoft ISA Server 2006 Unleashed

Michael Noel

Amazon Price: $37.79 List Price: $59.99 Usually ships in 24 hours By: Sams Amazon Marketplace: 55 new & used starting at $34.53

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Home Computing -> Internet -> General AAS

Customer Reviews:
Total reviews: 2 Average rating: 2.0 of 5

Editorial Review:

ISA Server 2006 is a robust application layer firewall that provides organizations with the ability to secure critical business infrastructure from the exploits and threats of the modern computing world. ISA’s ability to act as an edge firewall, a Virtual Private Networking solution, a reverse proxy server, or a content caching device give it unprecedented flexibility and position it as a valuable security tool for many types of organizations.

 

ISA Server 2006 Unleashed provides insight into the inner workings of the product, as well as providing best-practice advice on design and implementation concepts for ISA. In addition to detailing commonly requested topics such as securing Outlook Web Access, deploying ISA in a firewall DMZ, and monitoring ISA traffic, this book provides up-to-date information about the new enhancements made to the 2006 version of the product. The author draws upon his experience deploying and managing enterprise ISA environments to present real-world scenarios, outline tips and tricks, and provide step-by-step guides to securing infrastructure using ISA.

 

The CEH Prep Guide: The Comprehensive Guide to Certified Ethical Hacking

Ronald L. Krutz, Russell Dean Vines

Amazon Price: $31.50 List Price: $50.00 Usually ships in 24 hours By: Wiley Amazon Marketplace: 48 new & used starting at $15.51

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Certification Central -> General
Subjects -> Computers & Internet -> Certification Central -> General AAS

Customer Reviews:
Total reviews: 3 Average rating: 4.5 of 5

exceptional 5 out of 5 stars.
2 of 2 people found this review helpful.

i have never read a book so easy!!! it makes me wanna read more and more,all chapters are exciting, i really wanna thank the writer for making it more explicit for even network dummies, with that said, everyone is capable of understanding this book and executing what its thought, not necessarily for exam purposes.

Editorial Review:

• The Certified Ethical Hacker program began in 2003 and ensures that IT professionals apply security principles in the context of their daily job scope
• Presents critical information on footprinting, scanning, enumeration, system hacking, trojans and backdoors, sniffers, denial of service, social engineering, session hijacking, hacking Web servers, and more
• Discusses key areas such as Web application vulnerabilities, Web-based password cracking techniques, SQL injection, wireless hacking, viruses and worms, physical security, and Linux hacking
• Contains a CD-ROM that enables readers to prepare for the CEH exam by taking practice tests

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks

Michal Zalewski

Amazon Price: $26.37 List Price: $39.95 Usually ships in 24 hours By: No Starch Press Amazon Marketplace: 41 new & used starting at $8.99

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Privacy
Subjects -> Computers & Internet -> Computer Science -> Software Engineering -> Information Systems
Subjects -> Computers & Internet -> Networking -> Networks, Protocols & APIs -> LAN

Customer Reviews:
Total reviews: 26 Average rating: 4.5 of 5

Zalewski deals in the minutia 5 out of 5 stars.
2 of 2 people found this review helpful.

Silence on the Wire is not your typical security book detailing the
latest application exploits or generalized security trends and attack
prevention. Zalewski deals in the minutia. If you were to construct
a Bell Curve of security knowledge and concepts, you would need to
chop out a large portion of this graph and simply include the upper
threshold, in which Zalewski thrives on the seemingly unknown.

Zalewski takes a bottom-up approach. He dives right into the security
of hardware design, Random Number Generation, and how this can all add
up to information leakages otherwise known as security threats. If
you have ever typed on a keyboard, then you may be interested in
knowing what signature you are generating of yourself every time you
log into that remote SSH console. Perhaps you might also be
interested in the fact that simple mathematical operations, such as 2
* 100, could result in timing attacks against your algorithm, whereas
100 * 2 may not. Scary stuff.

Zalewski continues with seemingly innocuous attacks that can occur
before your IP packets ever leave the local network. It is unnerving
to find out just how easy (and cheap) it is to reconstruct data from
those blinking lights on your network equipment, or unsanitary
Ethernet frames. Have you ever given thought to how nice it was to
have virtual network auto-configuration on your switches? Well, so do
your foes.

Once your packets touch other nodes all across the Internet, that's
when the real fun begins. If you are already familiar with the OSI
Model and the TCP/IP suite, then your reading will hit a low point for
the next thirty pages or so. However, when you emerge from this sand
trap of common knowledge, most certainly provided to assist uninformed
readers, you are met with quite worthy knowledge detailing the ability
to accurately identify remote parties, who otherwise may wish to
remain anonymous. Your choice of Operating System and Web Browser may
help somewhat, but Zalewski shows how you can still be sniffed out
even across the sea of the Internet.

Zalewski concludes the book with a brief look at the entire Internet
as an aggregate system, and how subtleties of its inner-workings can
be exploited by those who understand them. It never once crossed my
mind to utilize carefully constructed packets for distributed
computing tasks acting as Boolean operations, but one of the final
topics regarding parasitic storage does appear quite attainable.
Zalewski's final chapter in the book leaves us with the lesson that
sometimes all you need to do to discover the minutia, is to open your
eyes.


* p. 127: Figure 9-6, regarding TCP options, is incorrect.
* p. 182/183: '6,4512' should read '64,512'.
* p. 198: 'user-racking' should read 'user-tracking'.
* p. 216: 'www.rogue-severs.com' should likely read 'www.rogue-servers.com'.
* p. 233: 'recover the information he when it bounces back' should
likely read 'recover the information when it bounces back'.

Editorial Review:

Author Michal Zalewski has long been known and respected in the hacking and security communities for his intelligence, curiosity and creativity, and this book is truly unlike anything else out there. In Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, Zalewski shares his expertise and experience to explain how computers and networks work, how information is processed and delivered, and what security threats lurk in the shadows. No humdrum technical white paper or how-to manual for protecting one’s network, this book is a fascinating narrative that explores a variety of unique, uncommon and often quite elegant security challenges that defy classification and eschew the traditional attacker-victim model.

SSH, The Secure Shell: The Definitive Guide

Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes

Amazon Price: $26.37 List Price: $39.95 Usually ships in 24 hours By: O'Reilly Media, Inc. Amazon Marketplace: 44 new & used starting at $22.70

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Networking -> Networks, Protocols & APIs -> General
Subjects -> Computers & Internet -> Networking -> Networks, Protocols & APIs -> General AAS
Subjects -> Computers & Internet -> Networking -> Intranets & Extranets

Customer Reviews:
Total reviews: 34 Average rating: 4.0 of 5

Editorial Review:

Are you serious about network security? Then check out SSH, the Secure Shell, which provides key-based authentication and transparent encryption for your network connections. It's reliable, robust, and reasonably easy to use, and both free and commercial implementations are widely available for most operating systems. While it doesn't solve every privacy and security problem, SSH eliminates several of them very effectively.

Everything you want to know about SSH is in our second edition of "SSH, The Secure Shell: The Definitive Guide," This updated book thoroughly covers the latest SSH-2 protocol for system administrators and end users interested in using this increasingly popular TCP/IP-based solution.

How does it work? Whenever data is sent to the network, SSH automatically encrypts it. When data reaches its intended recipient, SSH decrypts it. The result is "transparent" encryption-users can work normally, unaware that their communications are already encrypted. SSH supports secure file transfer between computers, secure remote logins, and a unique "tunneling" capability that adds encryption to otherwise insecure network applications. With SSH, users can freely navigate the Internet, and system administrators can secure their networks or perform remote administration.

Written for a wide, technical audience, "SSH, The Secure Shell: The Definitive Guide" covers several implementations of SSH for different operating systems and computing environments. Whether you're an individual running Linux machines at home, a corporate network administrator with thousands of users, or a PC/Mac owner who just wants a secure way to telnet or transfer files between machines, ourindispensable guide has you covered. It starts with simple installation and use of SSH, and works its way to in-depth case studies on large, sensitive computer networks.

No matter where or how you're shipping information, "SSH, The Secure Shell: The Definitive Guide" will show you how to do it securely.