Encryption Books - Page 5

Kerberos: The Definitive Guide

Jason Garman

Amazon Price: $23.07 List Price: $34.95 Usually ships in 24 hours By: O'Reilly Media, Inc. Amazon Marketplace: 54 new & used starting at $7.06

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Microsoft -> Networking
Subjects -> Computers & Internet -> Networking -> Networks, Protocols & APIs -> General
Subjects -> Computers & Internet -> Networking -> Networks, Protocols & APIs -> General AAS

Customer Reviews:
Total reviews: 6 Average rating: 4.0 of 5

Editorial Review:

Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos makes your network more secure and more convenient for users by providing a single authentication system that works across the entire network. One username; one password; one login is all you need. Fortunately, help for administrators is on the way. Kerberos: The Definitive Guide shows you how to implement Kerberos for secure authentication. In addition to covering the basic principles behind cryptographic authentication, it covers everything from basic installation to advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting. In addition to covering Microsoft's Active Directory implementation, Kerberos: The Definitive Guide covers both major implementations of Kerberos for Unix and Linux: MIT and Heimdal. It shows you how to set up Mac OS X as a Kerberos client. The book also covers both versions of the Kerberos protocol that are still in use: Kerberos 4 (now obsolete) and Kerberos 5, paying special attention to the integration between the different protocols, and between Unix and Windows implementations. If you've been avoiding Kerberos because it's confusing and poorly documented, it's time to get on board! This book shows you how to put Kerberos authentication to work on your Windows and Unix systems.

Security Warrior

Cyrus Peikari, Anton Chuvakin

Amazon Price: $29.67 List Price: $44.95 Usually ships in 24 hours By: O'Reilly Media, Inc. Amazon Marketplace: 41 new & used starting at $15.00

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Certification Central -> Exams -> Security+

Customer Reviews:
Total reviews: 27 Average rating: 4.5 of 5

Editorial Review:

When it comes to network security, many users and administrators are running scared, and justifiably so. The sophistication of attacks against computer systems increases with each new Internet worm.

What's the worst an attacker can do to you? You'd better find out, right? That's what Security Warrior teaches you. Based on the principle that the only way to defend yourself is to understand your attacker in depth, Security Warrior reveals how your systems can be attacked. Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.

Security Warrior places particular emphasis on reverse engineering. RE is a fundamental skill for the administrator, who must be aware of all kinds of malware that can be installed on his machines -- trojaned binaries, "spyware" that looks innocuous but that sends private data back to its creator, and more. This is the only book to discuss reverse engineering for Linux or Windows CE. It's also the only book that shows you how SQL injection works, enabling you to inspect your database and web applications for vulnerability.

Security Warrior is the most comprehensive and up-to-date book covering the art of computer war: attacks against computer systems and their defenses. It's often scary, and never comforting. If you're on the front lines, defending your site against attackers, you need this book. On your shelf--and in your hands.

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments

Douglas J. Landoll

Amazon Price: $63.96 List Price: $79.95 Usually ships in 24 hours By: CRC Amazon Marketplace: 28 new & used starting at $56.00

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> MIS
Subjects -> Computers & Internet -> Business & Culture -> Manager's Guides to Computing
Subjects -> Computers & Internet -> Certification Central -> Exams -> Security+

Customer Reviews:
Total reviews: 4 Average rating: 5.0 of 5

Editorial Review:

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments provides detailed insight into precisely how to conduct an information security risk assessment. Designed for security professionals and their customers who want a more in-depth understanding of the risk assessment process, this volume contains real-world advice that promotes professional development. It also enables security consumers to better negotiate the scope and rigor of a security assessment, effectively interface with a security assessment team, deliver insightful comments on a draft report, and have a greater understanding of final report recommendations. This book can save time and money by eliminating guesswork as to what assessment steps to perform, and how to perform them. In addition, the book offers charts, checklists, examples, and templates that speed up data gathering, analysis, and document development. By improving the efficiency of the assessment process, security consultants can deliver a higher-quality service with a larger profit margin. The text allows consumers to intelligently solicit and review proposals, positioning them to request affordable security risk assessments from quality vendors that meet the needs of their organizations.

Cryptography for Dummies

Chey Cobb

Amazon Price: $22.49 List Price: $24.99 Usually ships in 7 to 11 days By: For Dummies Amazon Marketplace: 40 new & used starting at $10.17

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Networking -> General AAS

Customer Reviews:
Total reviews: 10 Average rating: 3.5 of 5

Pretty Good Intro to Cryptography 4 out of 5 stars.
12 of 14 people found this review helpful.

I've stumbled across cryptography for about the past year, so recently I decided to go ahead and learn some basics (as I think the subject and InfoSec is really interesting). Most cryptography books out there are for the advanced and are mathematically rigorous. While I gladly welcome math, I needed an overview to bring me up to speed, prepping me for more intermediate (and eventually advanced) texts later.

I've never read a Dummies book dealing with computer technology before, because although they're written for absolute novices, the low-level writing style irritates me, usually takes too long to get to the "interesting stuff", and the "yippity-skippity!" attitude will eventually make me go seek a more advanced text. Basically, Dummies books "hold your hand", and if this is what you need, they're great! But if not, they can be rather slow for you (as for me).

However, Cryptography for Dummies is pretty good, aside from a few misses. By this being a Dummies book, the impression of this text being for complete neophytes is false - if you don't have any experience with basic computer science topics (e.g. binary, binary-to-decimal conversions, bits/bytes/words, etc.), the first couple chapters may be a little hard to understand, as the author assumes you at least know that stuff.

Aside from that, the author does a good job explaining the basic topics one needs to understand cryptography and its inner-workings. However, the author's writing style leaves much to be desired at times. At points, I found myself scratching my head, re-reading passages several times, trying to figure out what the author meant. At times when he should explain the nuances of something, he doesn't, leaving you to go, "HUH?" (A good example of this are the early parts where he talks about keys but doesn't explain what a key is or how they interact with other parts of a cryptographic system.)

There are other sections where the author leaves entire descriptions of things out, where you'll have to figure it out for yourself. Perhaps this is purposeful, so he won't get too far into the topic, as this book is basically an overview. Something else I noticed too is the vast amount of errors the book has! I'm not sure if Dummies has an 'Errata' section on its site.

While this book is by no means a complete text (probably not even a 1/3-complete text), overall, it's good for those who want an overview of the subject, and plan on venturing further, as I do.

Editorial Review:

• Cryptography is the most effective way to achieve data security and is essential to e-commerce activities such as online shopping, stock trading, and banking
• This invaluable introduction to the basics of encryption covers everything from the terminology used in the field to specific technologies to the pros and cons of different implementations
• Discusses specific technologies that incorporate cryptography in their design, such as authentication methods, wireless encryption, e-commerce, and smart cards
• Based entirely on real-world issues and situations, the material provides instructions for already available technologies that readers can put to work immediately
• Expert author Chey Cobb is retired from the NRO, where she held a Top Secret security clearance, instructed employees of the CIA and NSA on computer security and helped develop the computer security policies used by all U.S. intelligence agencies

Writing Secure Code, Second Edition

Michael Howard, David LeBlanc

Amazon Price: $31.49 List Price: $49.99 Usually ships in 24 hours By: MICROSOFT PRESS - LB&C - Model: 9780735617223 Amazon Marketplace: 72 new & used starting at $4.99

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Programming -> General

Customer Reviews:
Total reviews: 35 Average rating: 4.0 of 5

The most comprehensive, example-centric Microsoft secure coding book 4 out of 5 stars.
5 of 7 people found this review helpful.

I read six books on software security recently, namely "Writing Secure Code, 2nd Ed" by Michael Howard and David LeBlanc; "19 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega; "Software Security" by Gary McGraw; "The Security Development Lifecycle" by Michael Howard and Steve Lipner; "High-Assurance Design" by Cliff Berg; and "Security Patterns" by Markus Schumacher, et al. Each book takes a different approach to the software security problem, although the first two focus on coding bugs and flaws; the second two examine development processes; and the last two discuss practices or patterns for improved design and implementation. My favorite of the six is Gary McGraw's, thanks to his clear thinking and logical analysis. The other five are still noteworthy books. All six will contribute to the
production of more security software.

If "Building Secure Software" by Gary McGraw and John Viega was the Unix world's resource for secure coding, WSC2E is the Microsoft equivalent. Even as a Unix-deploying professional (who performs incident response on Windows compromises), I found plenty of OS-agnostic material to justify reading WSC2E. I especially like when the authors provide examples of what coders do wrong, followed by examples of what to do right. Remarkably for a book published in late 2002, WSC2E even explains cross-site scripting attacks afflicting major news organizations as recently as a few months ago! The rules for writing firewall-friendly applications in ch 15 were very welcome, and seldom seen elsewhere. The flaw-avoidance recommendations for technologies like RPC, SQL, and COM Internet Services were well-written.

The major problem with WSC2E, often shared by Microsoft titles, is the misuse of terms like "threat" and "risk." Unfortunately, the implied meanings of these terms varies depending on Microsoft's context, which is evidence the authors are using the words improperly. It also makes it difficult for me to provide simple substitution rules. Sometimes Microsoft uses "threat" when they really mean "vulnerability." For example, p 94 says "I always assume that a threat will be taken advantage of." Attackers don't take advantage of threats; they ARE threats. Attackers take advantage of vulnerabilities.

Sometimes Microsoft uses terms properly, like the discussion of denial of service as an "attack" in ch 17. Unfortunately, Microsoft's mislabeled STRIDE model supposedly outlines "threats" like "Denial of service." Argh -- STRIDE is just an inverted CIA AAA model, where STRIDE elements are attacks, not "threats." Microsoft also sometimes says "threat" when they mean "risk." The two are not synonyms. Consider this from p 87: "the only viable software solution is to reduce the overall threat probability or risk to an acceptable level, and that is the ultimate goal of 'threat analysis.'" Here we see confusing threat and risk, and calling what is really risk analysis a "threat analysis." Finally, whenever you read "threat trees," think "attack trees" -- and remember Bruce Schneier worked hard on these but is apparently ignored by Microsoft.

Overall, I thought WSC2E was very thorough and comprehensive, yet accessible and authoritative. The excuses in appendix B were priceless and almost enough to justify reading the whole book, along with the security principles in ch 3. I'm also remembering the great quote on p 55: "history is a vast early warning system." Just ignore the terminology in chapter 4 and elsewhere, and hope Microsoft uses Gary McGraw's "Software Security" to correct the vocabulary problems appearing in its developers.

Editorial Review:

WRITING SECURE CODE 2ND ED

The Tao of Network Security Monitoring: Beyond Intrusion Detection

Richard Bejtlich

Amazon Price: $40.94 List Price: $64.99 Usually ships in 24 hours By: Addison-Wesley Professional Amazon Marketplace: 51 new & used starting at $29.95

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Privacy

Customer Reviews:
Total reviews: 20 Average rating: 5.0 of 5

Editorial Review:

"The book you are about to read will arm you with the knowledge you need to defend your network from attackers--both the obvious and the not so obvious...If you are new to network security, don't put this book back on the shelf! This is a great book for beginners and I wish I had access to it many years ago. If you've learned the basics of TCP/IP protocols and run an open source or commercial IDS, you may be asking 'What's next?' If so, this book is for you." --Ron Gula, founder and CTO, Tenable Network Security, from the Foreword "Richard Bejtlich has a good perspective on Internet security--one that is orderly and practical at the same time. He keeps readers grounded and addresses the fundamentals in an accessible way." --Marcus Ranum, TruSecure "This book is not about security or network monitoring: It's about both, and in reality these are two aspects of the same problem. You can easily find people who are security experts or network monitors, but this book explains how to master both topics." --Luca Deri, ntop.org "This book will enable security professionals of all skill sets to improve their understanding of what it takes to set up, maintain, and utilize a successful network intrusion detection strategy. " --Kirby Kuehl, Cisco Systems Every network can be compromised. There are too many systems, offering too many services, running too many flawed applications. No amount of careful coding, patch management, or access control can keep out every attacker. If prevention eventually fails, how do you prepare for the intrusions that will eventually happen? Network security monitoring (NSM) equips security staff to deal with the inevitable consequences of too few resources and too many responsibilities. NSM collects the data needed to generate better assessment, detection, and response processes--resulting in decreased impact from unauthorized activities. In The Tao of Network Security Monitoring, Richard Bejtlich explores the products, people, and processes that implement the NSM model. By focusing on case studies and the application of open source tools, he helps you gain hands-on knowledge of how to better defend networks and how to mitigate damage from security incidents. Inside, you will find in-depth information on the following areas. *The NSM operational framework and deployment considerations.* How to use a variety of open-source tools--including Sguil, Argus, and Ethereal--to mine network traffic for full content, session, statistical, and alert data. *Best practices for conducting emergency NSM in an incident response scenario, evaluating monitoring vendors, and deploying an NSM architecture. *Developing and applying knowledge of weapons, tactics, telecommunications, system administration, scripting, and programming for NSM. *The best tools for generating arbitrary packets, exploiting flaws, manipulating traffic, and conducting reconnaissance. Whether you are new to network intrusion detection and incident response, or a computer-security veteran, this book will enable you to quickly develop and apply the skills needed to detect, prevent, and respond to new and emerging threats.

Security+ Certification Exam Cram 2 (Exam Cram SYO-101) (Exam Cram 2)

Kirk Hausman, Diane Barrett, Martin Weiss, Ed Tittel

Amazon Price: $26.39 List Price: $39.99 Usually ships in 24 hours By: Que Amazon Marketplace: 66 new & used starting at $0.49

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Certification Central -> Publisher -> Que

Customer Reviews:
Total reviews: 36 Average rating: 3.5 of 5

Editorial Review:

The Security+ certification is CompTIA's answer to the market's need for a baseline, vendor-neutral security certification. The IT industry recognizes there is a need to better train, staff, and empower those tasked with designing and implementing information security, and Security+ is an effort to meet this demand. Security+ will become the baseline certification for Microsoft's new security certification initiative (to be announced in 2003). This book is not intended to teach new material. Instead it assumes that you have a solid foundation of knowledge but can use a refresher on important concepts as well as a guide to exam topics and objectives. This book focuses exactly on what you need to pass the exam - it features test-taking strategies, time-saving study tips, and a special Cram Sheet that includes tips, acronyms, and memory joggers not available anywhere else. The series is supported online at several Web sites: examcram.com, informit.com, and cramsession.com.

The accompanying CD features PrepLogic™ Practice Tests, Preview Edition. This product includes one complete PrepLogic Practice Test with approximately the same number of questions found on the actual vendor exam. Each question contains full, detailed explanations of the correct and incorrect answers. The engine offers two study modes, Practice Test and Flash Review, full exam customization, and a detailed score report.

Computer Forensics: Incident Response Essentials

Warren G. Kruse, Jay G. Heiser

Amazon Price: $34.64 List Price: $54.99 Usually ships in 24 hours By: Addison-Wesley Professional Amazon Marketplace: 64 new & used starting at $6.93

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Business & Culture -> Privacy
Subjects -> Computers & Internet -> Computer Science -> Software Engineering -> Information Systems

Customer Reviews:
Total reviews: 22 Average rating: 4.5 of 5

Editorial Review:

Computer security is a crucial aspect of modern information management, and one of the latest buzzwords is incident response--detecting and reacting to security breaches. Computer Forensics offers information professionals a disciplined approach to implementing a comprehensive incident-response plan, with a focus on being able to detect intruders, discover what damage they did, and hopefully find out who they are.

There is little doubt that the authors are serious about cyberinvestigation. They advise companies to "treat every case like it will end up in court," and although this sounds extreme, it is good advice. Upon detecting a malicious attack on a system, many system administrators react instinctively. This often involves fixing the problem with minimal downtime, then providing the necessary incremental security to protect against an identical attack. The authors warn that this approach often contaminates evidence and makes it difficult to track the perpetrator. This book describes how to maximize system uptime while protecting the integrity of the "crime scene."

The bulk of Computer Forensics details the technical skills required to become an effective electronic sleuth, with an emphasis on providing a well-documented basis for a criminal investigation. The key to success is becoming a "white hat" hacker in order to combat the criminal "black hat" hackers. The message is clear: if you're not smart enough to break into someone else's system, you're probably not smart enough to catch someone breaking into your system. In this vein, the authors use a number of technical examples and encourage the readers to develop expertise in Unix/Linux and Windows NT fundamentals. They also provide an overview of a number of third-party tools, many of which can be used for both tracking hackers and to probe your own systems.

The authors explain their investigative techniques via a number of real-world anecdotes. It is striking that many of the same hacks detailed in Cliff Stoll's classic The Cuckoo's Egg are still in use over 10 years later--both on the criminal and investigative fronts. It is up to individual companies whether or not to pursue each attempted security violation as a potential criminal case, but Computer Forensics provides a strong argument to consider doing so. --Pete Ostenson

Topics covered: Overview of computer crime investigative response, including extensive descriptions of hacking techniques. Frequent examples are used to demonstrate how to extract evidence from a violated computer system. Appendices include sample incident-response forms.

Build Your Own Security Lab: A Field Guide for Network Testing

Michael Gregg

Amazon Price: $44.31 List Price: $50.00 Usually ships in 24 hours By: Wiley Amazon Marketplace: 44 new & used starting at $26.33

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Certification Central -> Exams -> Security+

Customer Reviews:
Total reviews: 1 Average rating: 5.0 of 5

Excellent for novices 5 out of 5 stars.
1 of 1 people found this review helpful.

I'll be completely honest. I went through this in about two hours, and I plan on returning it. It simply didn't have anything new for me. I was expecting it to be more along the lines of setting up a virtual network, attempting to hack the VMs, and then checking the procedures to see if you did it right.

Instead, this book covers things like how to install OSes into VMs, gives basic overviews of tools, etc. However, this is a great book if you're at the appropriate level for it. I think this makes a good follow-up to CompTIA's Security+ certification. It'll help novices get their feet wet with actual hands-on activities. I've done nearly everything in this book on my own, and that's really the only problem with it. While I didn't pay a great deal of attention to every bit of text, it seemed to be technically accurate and free from errors.

I wish I could give a more detailed review, but I thought I'd at least post this since no one has reviewed it yet. Just take your skill level into account when considering this title. If you want more advanced books, check out the Hacking Exposed series, Grey Hat Hacking, and the Penetration Tester's Open Source Toolkit.

Editorial Review:

If your job is to design or implement IT security solutions or if youre studying for any security certification, this is the how-to guide youve been looking for. Heres how to assess your needs, gather the tools, and create a controlled environment in which you can experiment, test, and develop the solutions that work. With liberal examples from real-world scenarios, it tells you exactly how to implement a strategy to secure your systems now and in the future.

Cryptography Decrypted

H. X. Mel, Doris M. Baker

Amazon Price: $36.51 List Price: $44.99 Usually ships in 24 hours By: Addison-Wesley Professional Amazon Marketplace: 41 new & used starting at $19.00

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Privacy
Subjects -> Computers & Internet -> Computer Science -> General
Subjects -> Computers & Internet -> Computer Science -> General AAS

Customer Reviews:
Total reviews: 35 Average rating: 4.5 of 5

Editorial Review:

Cryptography is at the heart of computer security: without it, secure e-commerce and Internet communications would be impossible. Decision-makers and sophisticated computer users need to understand cryptography -- but most explanations are highly mathematical and technical. Cryptography Decrypted explains cryptography in "plain English" -- and is authoritative and thorough enough to address the needs of professionals. It explains the processes step-by-step, with extensive visuals. The authors present the elements of cryptography systems; public key infrastructure (PKI); and the IPSec standard for virtual private network security; then review real-world systems and their applications. They show how real-world systems are attacked, and how to protect them; introduce essential cryptographic terms; and present the fascinating history of cryptography through sidebars highlighting its important events, people, and breakthroughs. For every decision-maker and computer user who needs to understand cryptography, this book is also ideal for security pros who need to educate management about cryptography.