Republished with permission from
WatchGuard Technologies, Inc.
Geek Lit: Top Security Reads for 2000
Dave Piscitello, President, Core Competence, Inc.
December is as much a
celebratory and gift-giving month for some people as it is a religious
celebration for others. Thoughtful gift giving is high on the Emily Post
list of suitable and well-mannered behavior. The personal touch of
investing time and thought into selecting a gift (instead of opting for
the gift certificates you purchase online and e-mail to your loved ones
the night before) shows you care.
O.K., enough of the Hallmark
moment. The truth is, technology people are difficult to purchase for. We
are typically avid consumers of high-tech gadgets, and these are generally
expensive items. So what can you buy a network security wonk or wannabe
for $25.00 to $50.00? Not music CDs -- most folks with dedicated bandwidth
are burning CDRs as fast as they can find MP3s of the music they want on
the 'Net. Blank CDRs are as impersonal as gift certificates. How about a
book on the subject of network security?
A book? How geeky is that? Exactly
my point. Geek is chic, honest. Aren’t you more popular at parties now
that Internet and Security are soooo cool? Buy your fellow geeks a book,
and suggest this gift genre when friends, relatives, and spouses ask you
what they should buy a fellow geek. Yes, it’s personal, especially when
the book is one you’ve read or has come recommended. Inscribe something
inside it (warm and fuzzy is in, too): It might be the only time all year
long when you actually write someone more than a note on a
Fred Avolio, Rik Farrow, and I will even save you surfing time. Here’s an annotated list of security books we have read and reviewed. These can all be purchased online from The Internet Security Conference Bookstore. As an added incentive, TISC will donate its Amazon partner revenue for the month of December to Deep Well, a South Carolina charity that assists needy families year-round with food, clothing, and emotional support.
you want to understand hacking in intimate detail, this is the book for you. It’s an
excellent read by three talented computer scientists who are adept
writers. The best place to read Hacking Exposed is in front of
your PC. Whether you are a *NIX or Windows user, you’ll be able to
download the same tools script-kiddies and more sophisticated attackers
use, and experiment (responsibly, of course). I read the book first on a
plane, then in my office with both LINUX and NTWS so I could try out as
many of the tools as possible. Look for the more recent second
2000 Security Handbook
Phil Cox, an outstanding consultant and instructor of many security courses, explains the security considerations when configuring a Windows 2000 host or server. He also does a commendable job of explaining how to use complementing security technology—firewalls, VPNs, proxy servers—to further harden your intranet, extranet, or e-business networks. You can sample Phil’s writing style by reading a TISC Insight column he wrote on Windows 2000 Vulnerabilities, September 8, 2000.
Web: Tales of Digital Crime from the Shadows of Cyberspace
This is one of Rik Farrow’s favorites. He admits to some prejudice
because he wrote the forward, but why would Rik write a forward for a book
he wouldn’t whole-heartedly endorse? Tangled Web contains summaries of
the CSI/FBI annual surveys in the second chapter, and stories about
prominent hacker criminal cases, with sometimes unpublished information
about various well-known hacks, their investigation (including both
sides), the plea or court outcome, and more.
Warfare and Security
Fred Avolio’s top pick. Fred wrote a thorough review on this book,
which concludes by stating, “Information Warfare and Security
so thoroughly covers the space of information warfare theory, measures,
and countermeasures, … because it was written as a text for a course that
had to cover all of this material. What may be surprising … is that such
complete coverage could be done in such an easy-to-read way.”
Cryptography: Protocols, Algorithms, and Source Code in C
If you care about security, you'll eventually need to understand cryptography. This is the most comprehensive source on cryptography you will ever need or find. From a chronology of cryptographic systems to actual C source code of algorithms, Bruce’s coverage is nothing less than encyclopedic. Again, look for the second edition.Not New, but Classic
Judging from the e-mail exchange conducted before I wrote this column, Fred and Rik seem to be technology book junkies as much as I am. Some additional “must read” security books on our shelves include:
And on the Wish List ...
Was this article useful to you? Is there a security topic you want our experts to tackle? Let us know at firstname.lastname@example.org.
Copyright © 1996 - 2001
WatchGuard Technologies, Inc. All rights reserved.