Softpanorama
(slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

Softpanorama Bookshelf:
Old Unix/Internet Security Books

Maintained by Dr. Nikolai Bezroukov.
Links and bibliographical information
about the books are prepared in
association with Amazon.com

News	See also	Introductory	Intrusion detection	Solaris	Linux
Network security	Firewalls	WWW	Security Tools	TCP/IP	Etc

You can use Honor System to make a contribution, supporting this site

There are very few decent Unix security books. The reason is easy to explain: security is a dumping ground for professionals and few if any of those authors have in depth understanding of the system they are writing about comparable with the level of understanding of the author of an advanced book on the subject. There are a lot of snake oil salesmen in security that try to propagate FUD about hackers and comprovises.

So the task of finding one is pretty difficult and it might be that one can probably be better off buying a decent Unix system administration book and TCP/IP networking book with security chapters, than a book specialized in security and written by a clueless author. After all a good defense is always based on real knowledge and in the case of Unix/Internet security on the knowledge of Internet protocols and Unix internals (or at least Unix system administration). Junk books like Harking Exposed are making money by pring to provide a popular (and extremely superficial) view on a very complex topic. IMHO a good Unix security book presuppose deep knowledge of OS and networking.

In case of security books it's probably unreasonable to expect them to cover recent trends. They should concentrate on fundamental principles of security. Essentially the best source of the most recent information on Unix and Internet security is Internet itself. The field is too dynamic and it's difficult to write books that cover recent trends. With typical year or more writing/editing/publishing cycle they will be outdated before they will be finished. But for the fundamental, core issues and introductory material books are a better deal that Internet materials and can help you save time and effort in mastering this large and difficult field. Unix security consists of two interconnected parts:

OS-related stuff (some of it is version specific, so Linux books are not that helpful for Solaris administrators and vise versa).
Networking and TCP/IP related stuff

Some books concentrate on tools, some on principles. The main principle of security is famous KISS principle, and that can serve as a litmus test during book evaluation. If they do not stress the importance of stripping the system down to minimum number of components it's quite possible that other areas are covered weakly as well.

For security books one should be especially beware about "lemming effect" reviews, when a lot of newcomers to the field praise a very weak book with an attractive title. The word "Hacking" is a real cash cow in the security book title. I recommend you to be very skeptical about any security book with this particular word in the title; real professionals are seldom so greedy, snake oil salesmen usually are ;-)

Among semi-decent Unix security books I would like to mention Linux System Security: The Administrator's Guide to Open Source Security Tools by Scott Mann. Contrary to the title it's not a Linux specific book: it covers generic free Unix tools. Although tools themselves are covered rather superficially, this book can help understanding your tools needs and might be instrumental in installing and using of some of recommended tools.

A rare good book is Mastering Network Security by Chris Brenton.

So far a decent (but outdated) introductory book on Unix security is still Practical Unix and Internet Security. I am not big fun of this book, but still I would like to admit that it's a decent book. The major drawback is that it's not tools oriented and large part of it is quite outdated. See my review of the book. But the biggest advantage of this book is that it's available in HTML. I feel that it should be used with Linux System Security: The Administrator's Guide to Open Source Security Tools -- a better and more modern book, but not introductory in nature.

For TCP/IP-related security in addition to Mastering Network Security you can find 50% discounted Actually Useful Internet Security Techniques Larry J. Hughes / Published 1995. It's not bad, but outdated... See my list of booksellers.

See also: Peter Gavlin Security book review the good the bad and...the worst - SunWorld - October 1998 -- preferences IMHO are questionable, though ;-)

Dr. Nikolai Bezroukov

You can use Honor System to make a contribution, supporting this site

Old News ;-)

**** Mastering FreeBSD and OpenBSD Security

by Paco Hope, Yanek Korff, Bruce Potter

If you are looking at implementing one of the BSD distributions of Linux and want to secure your installation this book is an excellent choice. The authors cover the basic security that applies to all Linux distributions such as filesystem security and creating a sandbox, and then follows up with security options specific to BSD. The chapters cover installation, secure administration, creating a secure DNS server, secure mail servers (including Sendmail, Postfix, and qmail), secure web server, firewalls, intrusion detection, system auditing and incident response, and some forensics. However, the forensics information provides a decent overview without being detailed enough to be very useful.

The authors do a really good job of explaining not only how to do various tasks but also the reasoning behind it and how it works to resolve specific problems. I like the fact that the authors don't do this in a piecemeal approach but provide a pathway to get to the system hardened before heading off into the specifics of harding particular services link DNS and Sendmail. They actually have a step by step procedure starting from a fresh install. This alone makes this one of the better books on hardening FreeBSD and OpenBSD. Mastering FreeBSD and OpenBSD Security is highly recommended.

Real World Linux Security (2nd Edition)

Hardening part (Ch 02) is weak. The author does not understand the compromises involved. The only useful chapter is Ch04. Common break-ins by subsystem. But it's not in depth (DNS part is extremely weak). But used book can be bought for $5 or less and at this price might make sense.

??? Network Security Assessment

by Chris McNab (Author)

Paperback: 371 pages ; Dimensions (in inches): 0.94 x 9.08 x 6.98
Publisher: O'Reilly & Associates; 1st Edition edition (March 1, 2004)
ISBN: 059600611X
Average Customer Review: Based on 7 reviews. Write a review.
Amazon.com Sales Rank: 4,913

Too generic to be really useful. No more then overview of consepts.

Excellent book to assess your own network security..., May 19, 2004

Reviewer: Thomas Duff (see more about me) from Portland, OR United States

Target Audience
Network administrators or security administrators who want to assess the security of their systems.

Contents
This book is a series of assessments that you can do to your systems to determine the level of your system security

The book is divided into the following chapters: Network Security Assessment; The Tools Required; Internet Host And Network Enumeration; IP Network Scanning; Assessing Remote Information Systems; Assessing Web Services; Assessing Remote Maintenance Services; Assessing FTP And Database Services; Assessing Windows Networking Services; Assessing Email Services; Assessing IP VPN Services; Assessing Unix RPC Services; Application-Level Risks; Example Assessment Methodology; TCP, UDP Ports, And ICMP Message Types; Sources Of Vulnerability Information

Review
Every day brings word of new exploits and new security bugs in various operating systems. Some are new and unique, and many are rehashed exploits made possible by the failure to patch and secure your systems. In order to see your system as a cracker would, you need to understand the mindset and toolsets that are used against you. This book, Network Security Assessment, will help you do just that.

Each chapter starts with a brief explanation of the area being discussed, as well as some of the overall security concerns related to that service. The rest of the chapter is then devoted to various exploits and tools that can be launched against the different operating systems. Chris McNab uses extensive illustrations and output listings to show the reader how the tools work and what type of information can be exposed to an attacker. Since many of the tools are Unix-based or are expected to be used against Unix-type systems, the author does assume familiarity with administration of Unix variants.

There are a lot of things to like about this book. The assessment methodology is organized and well thought out. It's not just a random scattering of exploits. The author also takes great pains to provide the sites where you can download the tools. In addition to that, the tools are also mirrored at the O'Reilly site so that you are protected against websites that may move around. The argument could be made that this provides a fledging cracker with all the information they need to break into your system. True, but the information already exists, and they will find it with or without this book. This book levels the playing field by making security information available to corporate administrators so that they have a chance against attackers.

Conclusion
A worthy addition to the bookshelf of network and security administrators. By following the exploits and processes outlined, you'll be able to sleep well knowing that you've covered as many bases as you can.

Network Security Hacks
by Andrew Lockhart (Author)

Paperback: 304 pages ; Dimensions (in inches): 0.77 x 8.98 x 5.94
Publisher: O'Reilly & Associates; 1st Edition edition (April 1, 2004)
ISBN: 0596006438
Average Customer Review: Based on 1 review.

*** Practical Unix & Internet Security, 3rd Edition
by Gene Spafford (Author), Simson Garfinkel (Author), Alan Schwartz (Author)

Paperback: 984 pages ; Dimensions (in inches): 1.76 x 9.30 x 7.06
Publisher: O'Reilly & Associates; 3rd edition (February 21, 2003)
ISBN: 0596003234

Other Editions: Paperback (Bargain Price) | Hardcover | All Editions
Average Customer Review: Based on 33 reviews.

Rare OK book. Outdated and partially spoiled by adding Alan Schwartz to the team: he did not manage to do a complete updating of the text: some chapters are still old with a lot of irrelevant material.

Building Open Source Network Security Tools Components and Techniques

by Mike Schiffman

Paperback: 416 pages ; Dimensions (in inches): 0.97 x 9.22 x 7.46
Publisher: John Wiley & Sons; 1 edition (October 11, 2002)
ISBN: 0471205443

In-Print Editions: e-book (Adobe Reader) | All Editions
Average Customer Review: Based on 22 reviews. Write a review.
Amazon.com Sales Rank: 69,083

Man Page Reprint, February 19, 2003

Reviewer: A reader from Atlanta, GA United States

If you don't read the man pages then this book is for you. After reading the glowing reviews I went out to purchase this book. I am extremely disappointed. The lion-share of the book is merely API description. There are some neat examples in every chapter, but they are available on the internet... The end chapters of the book are well written concise summaries of known techniques and concepts (possibly the only redeeming component of the book)
After using libnet I was expecting something great from the man who wrote such an awesome library. Experienced programmers should use the man pages. If you're new to information security topics then you might find this book useful.
A newbie would be well served by this book.

Reviewer: jose_monkey_org (see more about me) from ann arbor, mi

this is pretty much the book I've been looking to add to my library for a while. schiffman covers the major libraries in security (libnet, libdnet, libpcap, openssl, libsf, and libnids) in a smooth and excellent way, and then brings them together in several small apps and then firewalk 5.0. in this book we learn techniques to complement the tools we learn how to craft.

i was a bit let down in some of the details being left out of the libraries schiffman didn't write, such as pcap and ssl. these are really difficult to master libraries, some more attention could have been given here.

another reviewer noted that the book really ignores the windows developer, which is true to an extent. however, what schiffman doesn't say (and the reviewer doesn't state) is that several of the libraries (pcap, libnet, libdnet, openssl) work just fine on windows. it would have been helpful to have seen that covered more, but perhaps in the next edition.

all in all, a recommended book. now infosec people will have no reason to say they can't write their own network attack apps. and hopefully it will inspire someone to write a better mousetrap, too. i'm still surprised it took so long to appear on the shelves!

Refreshing Networking Security material!, October 31, 2002

Reviewer: slash@drexel.edu (see more about me) from Baltimore, Maryland

There are many security books on the shelves today. Most of them describe the same hacker tools and methods. They don't get very technical and once you've read one, you've read them all. Building Open Source Network Security Tools is a different breed of security book.

Building Open Source Network Security Tools , just as the name suggests, is about how to build network security tools. This is a technical book, so you are going to have a little knowledge of C and your networking principles. This is definitely not a managers book.

First the book describes some basic principles in developing security software. This is a quick primer in case you have never been involved in software development. Next the book goes on to describe several commonly used libraries like libnet and libpcap. For each library, the structures and functions are explained, then there is sample code. I have written programs using libpcap and libnet before and I still learned something. There is even a section on OpenSSL programming. OpenSSL is a rather large and cryptic, no pun intended, library (in my experience anyways). This book sheds some light on it! These chapters are a great reference to have when making a new security tool.

The author then goes on to explain the several techniques like attack and penetration and active reconnaissance. Not only does the author tell you how they would in a technical sense, he provides code that does it, and explains each piece. This is very useful since most tools in the wild aren't very well commented ;) There is also a chapter on buffer overflows and format string vulnerabilities. These chapters are very well done and do a good job in explaining how they work and how to write code to use them. It may sound like this is an offensive hacker book, but it also gives examples on how to write defensive programs, like a port scan detection tool. At the end of the book the author ties it all together with a large program that utilizes many of the techniques mention in the book.

I found this book to be very refreshing. I had been waiting for a good security programming reference, and this is it. As a part of the Honeynet Project, I have seen a large number of compromises and tools, and one thing I've found is that in order to truly know who your enemy is, and how they operate, you need to know how their tools work. I wish this book had been released years ago when I first became interested in network security. It would have saved me from stumbling around old web pages and dead links. If you're an information security professional, this book is a must have for your library.

??? Solaris 9 Security

by Ashish Daniel Wilfred

Price:

$49.99

Paperback: 376 pages ; Dimensions (in inches): 0.81 x 8.56 x 7.82
Publisher: Premier Press; ; 1 edition (November 12, 2002)
ISBN: 1592000053
Amazon.com Sales Rank: 917,620
It's only 376 pages, so might be an brief introduction, not more... The author also co-wrote PHP Professional Projects. It might be dangerous to buy this book without browsing the content in the bookstore...

**+ Solaris 8 Security

by Edgar Danielyan

Our Price: $39.99

Paperback - 296 pages 1st edition (October 24, 2001)
New Riders Publishing; ISBN: 1578702704 ; Dimensions (in inches): 0.65 x 9.01 x 7.05

Very weak: as close to junk as you can get. Definitely not recommended even as an intro.

??? Hack Proofing Sun Solaris 8

Randy Cook (Editor), Ido Dubrawsky (Contributor), F. Williams Lynch (Contributor), Ed Mitchell, Wyman Miles, F. William Lynch

Paperback - 407 pages (October 2001)

Syngress Media Inc; ISBN: 192899444X

Amazon.com Sales Rank: 69,292

Table of Contents

Chapter 1: Are You at Risk for a Hacker Attack?
Chapter 2: Introduction to �Hardening� Your Solaris Operating System
Chapter 3: Hacker Tools & Techniques
Chapter 4: Securing Your Users Accounts and Environments
Chapter 5: Securing Your Independent System
Chapter 6: Protecting Permissions and Filesystems
Chapter 7: Types of Attacks
Chapter 8: Cron: What it is and How It Protects You
Chapter 9: Planning: The Best Defense Against Disaster
Chapter 10: Commercial Solaris Security Tools
Chapter 11: Solaris Security Freeware and Shareware
Chapter 12: You�ve Been Attacked � Now What?: Triage & Recovery Guide
Appendix A: Secrets
Appendix B: Additional Resources

The TOC looks pretty reasonable, but 400 pages for twelve chapters (30 pages per chapter) are definitely not enough for in-depth coverage.

Well-organized approach to securing Solaris systems, January 9, 2002

Reviewer: Richard Bejtlich (see more about me) from Texas, USA

I am a senior engineer for network security operations. I am not a Solaris system administrator, but I read "Hack Proofing Sun Solaris 8" (HPSS8) to learn more about securing Solaris systems. HPSS8 addresses a wide variety of Solaris security issues, and is suitable for beginning and intermediate system administrators.

HPSS8 is not a Solaris version of "Hack Proofing Linux" (HPL), which I reviewed in October. While HPL seems more like a catalog of open source security tools, HPSS8 focuses on explaining the features and configuration of Solaris hosts. The authors provide useful explanations of Trusted Solaris, with enhancements like Role Based Access Control and Mandatory Access Control. Admins unwilling to deploy Trusted Solaris can experiment with the SunSCREEN Basic Security Module (BSM), which raises a default Solaris 8 installation to the C2 security level. HPSS8 describes how to deploy Sun's Kerberos implementation, called Sun Enterprise Authentication Mechanism (SEAM). The book also introduced me to Sun's implementation of file-based access control lists to protect SUID files.

As a casual reader, not responsible for implementing these tools, I found HPSS8's coverage adequate. I learned about enterprise-grade security features I never knew existed. I'm not sure if admins needing in-depth explanations will find what they need in HPSS8.

HPSS8 appears to be written by authors who know their material. I found no errors, although I admit I am not a Solaris expert. The network security discussions, with which I am more familiar, seemed error-free as well. I appreciated the heavily technical buffer overflow explanation in ch. 10, and was surprised to learn in ch. 8 that Solaris by default routes packets between multiple interfaces. The only slip in editing appeared to be unnecessary "double coverage" of Snort (in ch. 3 and ch. 8), probably written by different authors.

If you're a junior Solaris admin and you need to lock down your machines, securely operate web, email, caching, routing, firewalling, and related services, HPSS8 will definitely help you. Senior Solaris admins will probably not learn new tricks. Security professionals who want to familiarize themselves with Solaris features will enjoy reading HPSS8, as I did.

(Disclaimer: I received a free review copy from the publisher.)

Linux Security (Craig Hunt Linux Library)

by Ramon J. Hontanon, Ramon J. Hontaanon, Craig Hunt

Our Price: $34.99

Paperback - 496 pages 1ST edition (June 14, 2001)
Sybex; ISBN: 078212741X ; Dimensions (in inches): 1.20 x 9.00 x 7.56

Amazon.com Sales Rank: 33,503

Very useful addition to your Linux (Unix) security library, September 10, 2001
Reviewer: Halvard Halvorsen (see more about me) from United Kingdom
This is the first book I have bought from the Craig Hunt Linux library and judging by this volume I will be buying more.

It's an excellent book covering all aspects of Linux security
from physical site security to VPN's. It's up to date: a good section with clear examples on iptables is included.

For each section the author selects a few (or as in the case of file integrity just one product like tripwire) products and explains with good examples how to install and configure from scratch (including installing the rpm's). The language is clear and the author explains both why and how. There is an excellent section on nessus and the tripwire part really shows what a cumbersome beast tripwire now has become ... The focus is almost 100% on freely available tools in true Linux spirit.

It's not without minor faults however - but so far I have only found one major one. The section on "Starting Network Services from /etc/rc.d" is weak: it messes up the runlevels (1 is single user and 5 is X11), it does not mention the fact that Kill scripts are run before the Start script when _entering_ a new run level and there is no mention of ntsysv (or chkconfig).

I do like the fact that Hontanon is not at all afraid of giving strong recommendations - i.e. "Among the password auditing tools ... John the Ripper stands out as the clear winner because of its performance and ease of use".

This is not a beginners book - it assumes general Linux and networking knowledge.

If you are looking for a source for overall Linux security, Unix security tools and how to use these tools look no further. This book should be on your bookshelf along with the 2nd edition of "Maximum Linux Security" and (the now slightly out of date) "Practical Unix&Internet Security".

Recommended.

???+ Hacking Linux Exposed: by Brian Hatch, James B. Lee, George Kurtz
Our Price: $27.99; Paperback - 566 pages 1st edition (March 27, 2001)
McGraw-Hill Professional Publishing; ISBN: 0072127732 ;; Buy two of these, May 30, 2001
Reviewer: A reader from Atlanta, GA, USA
I wasn't a fan of Hacking Exposed, largely because its Unix section was a mere 50 pages of superficial, outdated, and obvious fluff. Hacking Linux Exposed makes up for that lack by digging into Unix in much more depth. Though it is modeled after the attack/countermeasure style of the original HE, this book includes a whole chapter of security measures at the beginning that you can implement instantly to get your machine locked down before getting into the nitty-gritty detail about other things in the hacker's arsenal.I was particularly enthralled with chapter 10, which talks about what the hacker will do after they have gained root access, from simple things like adding accounts to complicated issues like kernel modules, complete with source code. Chapter 7 includes some really wonderful examples of how the hacker can abuse networking protocols themselves, something I haven't seen covered in such depth before.The book is logically organized. The first part covers the way the hackers find and probe your machine. The second talks about getting in from the outside, be it network or physical. The third part talks about gaining additional priveleges, and the last part of the book is dedicated to mail, ftp, web, and firewalls. The appendicies are actually useful. They seem to have dropped the small 1-page case studies from the original book and replaced them with longer hacker-eye-views of real attacks which are an interesting read, and really tie the book together.This book is Linux specific in it's countermeasures, but I'd recommend this to any unix user. They do a good job of discussing differences between Linux variants as well, they don't just assume everyone has a RedHat box on their desk. Very refreshing.This book is great for both the theory and practical uses. I could spend weeks implementing all the suggestions they have, but they seem to have thought of this because their risk ratings let you know where you should concentrate as you secure your systems.Like Hacking Exposed, this book also has a website, (...) but it seems more up-to-date -- for example when the ptrace bug in older kernels came out, they posted a kernel module you could compile to protect your system until you could upgrade -- and includes all the source code contained in the book.I bought two of these, one for home and one for the office, and I suggest you do the same.

???? Hack Proofing Sun Solaris 8

Randy Cook (Editor), Ido Dubrawsky (Contributor), F. Williams Lynch (Contributor), Ed Mitchell, Wyman Miles, F. William Lynch

Paperback - 407 pages (October 2001)

Syngress Media Inc; ISBN: 192899444X

Amazon.com Sales Rank: 69,292

Here is some info about Ido Dubrawsky from his paper Freeware Intrusion Detection Tools:

... has been working in UNIX and network administration field for nine years. When not working on security, he spends his free time with his wife, Diana, their two children, and their dog, Reidy. He is currently employed by Cisco Systems in the Cisco Secure Consulting Service as a Network Security Engineer.

Table of Contents

TOC looks pretty reasonable, but 400 pages are definitely not enough for in-depth coverage.

**+ Solaris 8 Security: by Edgar Danielyan; Our Price: $39.99; Paperback - 296 pages 1st edition (October 24, 2001)
New Riders Publishing; ISBN: 1578702704 ; Dimensions (in inches): 0.65 x 9.01 x 7.05

**** HP-UX 11i Security

by Chris Wong

Our Price: $39.99

Paperback - 480 pages 1st edition (September 26, 2001)
Prentice Hall PTR; ISBN: 0130330620 ; Dimensions (in inches): 1.28 x 9.24 x 7.04
table of contents

Real World Linux Security Intrusion Prevention, Detection and Recovery

by Bob Toxen

Our Price: $35.99

Paperback - 400 pages 1st edition (December 15, 2000)
Prentice Hall PTR/Sun Microsystems Press; ISBN: 0130281875 ; Dimensions (in inches): 1.56 x 9.24 x 7.05

Table of contents
Amazon.com Sales Rank: 10,746

Avg. Customer Rating:

This is only 400 pages books about pretty complex subject, but the book got several very positive reviews. First four are so positives that I suspect some of them might be "friends and family" type of reviews. Judging from the Table of contents the book covers (or at least mention) several important areas including using Snort (mentioned in the ch. 15), Hardening (Ch 12). The latter is a definite plus, although the items listed in this chapter has nothing to do with tightening system setting and stripping the system to bones.

At the same time the chapter 13 title looks misleading (contents has nothing to do with hardware)

13. Preparing Your Hardware.
Timing Is Everything. Advanced Preparation. Switch to Auxiliary Control (Hot Backups). TCP Wrappers. Adaptive TCP Wrappers: Raising the Drawbridge. Cracker Trap. Ending Cracker Servers with a Kernel Mod. Fire Drills. Break Into Your Own System with Tiger Teams.

And the content of chapter 9 "Gutsy Break-Ins" (Mission Impossible Techniques. Spies. Fanatics and Suicide Attacks.) looks like an indication of snail-oil salesmen style.

***** A useful book, December 11, 2000
Reviewer: Jonathan Low from Sunnyvale, CA USA
This book is written in clear prose and is easily understood. His description of attacks and how to defend against them is fascinating and extensive. He has a section titled "Obscure but Deadly Problems". I fear they are not as obscure as one would hope, as I have encountered such problems. The historical notes, such as that of the Symlink Attack (section 6.8.3 in the grey box on page 298), allow the reader a deeper level of understanding. The resources and instructions for finding the attacker's system given in chapter 20 are very useful.

?? E-mail Virus Protection Handbook: Protect Your E-Mail from by Syngress Media. Paperback (October 30, 2000): Amazon price:$31.96
You Save: $7.99 (20%)

Managing Cisco Network Security by Syngress Media(Editor), Inc Staff Syngress Media. Paperback (October 30, 2000): Amazon price:$47.96

Mission Critical Interworking Security (Mission Critical Series) by Syngress Media(Editor), Inc Staff Syngress Media. Paperback (December 30, 2000): Amazon price:$47.96
Red Hat Linux Security Toolkit
by David A. Bandel: Paperback - 500 pages Bk&Cd Rom edition (May 2000)
IDG Books Worldwide; ISBN: 0764546902 ; Dimensions (in inches): 1.17 x 9.16 x 7.30
Amazon.com Sales Rank: 78,536
Avg. Customer Review:
Number of Reviews: 1
BONUS CD-ROM INCLUDES: Caldera OpenLinux 2.3 Security Tools ;-)

???? Managing TCP/IP Networks: Techniques, Tools and Security: Gilbert Held / Hardcover / Published 2000
Amazon price: $89.95
SSL and TLS Essentials: Securing the Web ~ Usually ships in 24 hours: Stephen Thomas / Paperback / Published 2000
Amazon price: $27.99 ~ You Save: $7.00 (20%)

Web Security ~ Usually ships in 24 hours: Amrit Tiwana / Paperback / Published 1999
Amazon price: $29.71 ~ You Save: $5.24 (15%)

Designing Secure Database Driven Web Sites: Jimmy Nasr, Roger Mahler / Textbook Binding / Published 2000
Amazon price: $38.24 ~ You Save: $6.75 (15%) (Not Yet Published -- On Order)
Linux Security Toolkit: David A. Bandel / Paperback / Published 2000
Amazon price: $31.99 ~ You Save: $8.00 (20%) (Not Yet Published -- On Order)

Network Intrusion Detection - An Analysis Handbook: Paperback - 267 pages (July 1999)
New Riders Publishing; ISBN: 0735708681 ; Dimensions (in inches): 0.63 x 9.03 x 7.05
Amazon.com Sales Rank: 2,319
Avg. Customer Review: ***** Number of Reviews: 6
Building Linux and OpenBSD Firewalls: Wes Sonnenreich, Tom Yates / Paperback / Published 2000
Amazon price: $35.99 ~ You Save: $9.00 (20%)
**** Linux System Security: The Administrator's Guide to Open Source Security Tools: Scott Mann / Textbook Binding / Published 1999
Amazon price: $48.99
A decent book !!! See review below

** Checkpoint Firewall-1 : Administration Guide

Marcus Goncalves, Steven Brown / Paperback / Published 1999
Amazon price: $55.00
Average Customer Review:

Junk. The author written several other junk books on the subject including:

Firewalls : A Complete Guide ~ Usually ships in 24 hours

Marcus Goncalves(Editor) / Paperback / Published 1999
Amazon price: $43.99 ~ You Save: $11.00 (20%)
Read more about this title...

Firewalls Complete (Complete Series) ~ Usually ships in 24 hours

Marcus Goncalves / Paperback / Published 1998
Amazon price: $54.99
Average Customer Review:
Read more about this title...

This book is an insult.
Reviewer: Kevin Tsai from Oakland, CA December 29, 1999

I'm a systems consultant and have worked with a number of different firewall products including FireWall-1. FireWall-1's network address translation feature is very powerful if you manually set up network objects and the local.arp file and configure the NAT rule. This book does even touch on these aspects; the Arch&Admin (that comes with the Firewall-1 CD) explains this in detail in 65 pages. *Copied from the CD documentation: for example, the discussion on SYN Flooding Attack (pages 138-143) is mostly taken WORD-FOR-WORD from Arch&Admin (pages 329-333). Many examples are copied verbatim. *PPTP is not secure relative to alternatives - why recommend it? I thought the authors were veterans. *Checkpoint's OPSEC makes FireWall-1 extensible, and a couple of the add-ons such as RealSecure (attack recognition) and StoneBeat (high availability) are very complementary products. I'd expect professionals who'd write a book on FireWall-1 to have experience in these add-ons. *Of the 450 pages, only the first 306 pages are FireWall-1 related; the next 100 pages (Chapter 13) are on generic Internet attacks √ which many books cover more in content and detail. Balance is glossary and index (that's over 10% of the book). *Stripping down NT: the first thing you should do before installing FireWall-1 on NT is strip all the services from the network control panel applet. I guess the authors didn't even bother to copy Joe DiPietro.

This book does not cover anything on FireWall-1 that the software documentation from Checkpoint does not cover. As a matter of fact, Checkpoint's documentation covers much more depth AND breadth than this book. From what I understand, the only documentation on FireWall-1 that is better than Checkpoint's is Checkpoint's Hebrew version of the documentation.

For the price of this book, I'd expect more in-depth coverage on the technical deployment of the product (for the technical implementer), on the strategic deployment of the product (for the CIO), or both. This book provides neither. Stick with the CD's documentation.

Asp/Mts/Adsi Web Security (Prentice Hall Series on Microsoft Technologies) ~ Usually ships in 2-3 days: Richard Harrison / Paperback, 450 pp with CD/ Published March, 1999 by Prentice Hall PTR (ECS Professional)/ISBN 0-13-084465-9
Amazon price: $44.99; RICHARD HARRISON is a Microsoft Certified Solution Developer (MCSD) and a senior consultant for a major global IT services company. He is also the coauthor of Professional Active Server Pages 2.0
Table of content. The accompanying CD-ROM contains source code for examples.

Protecting Networks With Satan ~ Usually ships in 24 hours: Martin Freiss, Robert Bach (Translator); Paperback / Published 1998
Amazon price: $15.96

**+ [April5, 1999] EBOOK AVAILABLE IN THE PERSONAL BOOKSHELF
Maximum Internet Security: A Hackers Guide ISBN: 1575212684 -> http://www.mcp.com/personal/ -- very weak

Classic

Unix System Security : A Guide for Users and System Administrators (Addison-Wesley Professional Computing Series): David A. Curry / Hardcover / Published 1992 -- old classic

Outdated but still useful.

Recommended Introductory Unix Security Books

**** Practical Unix and Internet Security HTML version is available from the O'Reilly Networking CD

Simson Garfinkel, Gene Spafford / Paperback / O'Reilly, 1996 - 2nd edition/ 971 pages, no CD

Table of content -- 27 chapters, 7 supplements

Recommended with reservations

The great advantage of the book is that it is available in HTML. That's really make it better than it was before and added an additional star in my evaluation ;-).

It's a good introduction to the subject. Somewhat outdated -- four years old in a very dynamic field, Rootkit is not even mentioned, Bugtraq mentioned only in supplement, etc. Far from being practical and can be used only as a general introductory text in Unix security. Not recommended for Internet security (superficial and incomplete). Good style -- Simson Garfinkel of The UNIX-Haters Handbook fame is a really talented journalist (but now only a journalist, see his interview with Amazon.com).

The main problem with the book is that instead of relying on tools as any Unix author should, the authors use a cookbook/reference approach giving recipes about improving security. References to important RFCs, FAQ and CERT advisories are absent. For example RFC1244 (now superseded by RTC2196) is not mentioned in index (and probably in the text as well) although Ch.2 and Ch.24 mirror its content.

No attempts were made to explain what tools can be used for checking/fixing particular class of problems or to present a bigger picture in which the flaw exists. Typesetting is very primitive. Although one of the authors is a (former) programmer judging by just the book content it is difficult to believe that he is able to spell PERL :-).

The book is not updated enough to compete with newer books on Internet Security. For corporate users possible alternatives are combinations of one book on Unix security (for example, one book on tools like Linux System Security: The Administrator's Guide to Open Source Security Tools and one book on Internet security (for example Actually Useful Internet Security Techniques by Larry J. Hughes or some more recent book on network security).

Often non-security books written by a specialist in particular area can be a better deal than books from security folks. For example TCP/IP Network Administration by Craig Hunt contains a lot more information about how properly configure TCP/IP than this book and in Ch.12 has a very decent overview of security in just 40 pages.

See my review of the book

Here are some Amazon readers reviews:

Excellent General Introduction

Mark R. Lindsey (puis-book-review-amazon@mark.datasys.net) from Valdosta, Georgia, USA April 25, 1999

This is a superb discussion of networked-system security, in general. It doesn't pretend to be an up-to-the-minute shopping list of security flaws: that job is better left to web sites. Instead, the text educates readers with a conceptual idea of Computer Security that can be applied successfully to existing systems, and to systems not yet built. It's exactly the sort of educational value that we'd expect from simsong and spaf.

But it does go beyond theoretical education, to explain with great clarity fundamental issues in system security. Covering everything from physical security to filesystem quirks, this tome is fascinating in its scope. I have found the special section on writing solid network applications (CGI programs, and the like) to be of great value.

In short, this book provides the Common Body of Knowledge in computer security. Start here, and you'll have the basis for a comprehensive understanding of related issues -- one that transcends the individual bugs to see the bigger picture.

L@Demailly.com from CA, USA , May 12, 1998 **
outdated and light on internet security
I should have paid more attention when I bought this book in a series of security books and I regret this buy. Its "best seller" position is IMO unjustified because the networking/internet sections (10 total lines on SSL!, mentions of Netscape 2.0b2, nothing on ICMPs attacks, 3 lines about spoofing...) are completly outdated and/or pretty useless.

A reader , July 21, 1997 **
Disappointing
Had this book cost me $5, I would've been perfectly happy with it, but for over $30... These people have written a lot, but said little. They did mention a few things to watch out for, but this could've been fit in under 50 pages. The rest is reiteration of trivial. Some topics, like cryptography, were a bait, but haven't been covered in depth. And, boy, about a third of the book talks about stuff from intro UNIX texts. I tend to think that people concerned with UNIX security know how to move between directories. Also worth knowing that Garfinkel co-authored so called "UNIX haters notebook". His prejudice shows.

*** Linux System Security: The Administrator's Guide to Open Source Security Tools: Scott Mann / Textbook Binding / Published 1999, 512 pages, CD
Amazon price: $48.99; Table of contents; [Sample Chapter]; [Preface]; Semi-decent book on open source security tools. It's not Linux specific. The book that beats a lot of mediocre books like Maximum Security (by anonymous) or Solaris Security( by Peter Gregory) to name a few, but still is not without significant flaws: the author does not understand half of the tools he is writing about.
Actually all tools described are not Linux specific and can be used for any Unix including FreeBSD and Solaris. First several chapters (2-4) are pretty superficial (for example huge and non-trivial problem of assigning and maintaining user groups on a production server is covered in half-page) and contain almost no useful information, but tools chapters are better and some of them are really useful.

The authors seems really used tools that they are writing about although they never go into fine details that is typical for real experts. For several popular tools the book provides some useful info that is difficult to find elsewhere. Pretty decent typography, although it's a little bit too academic and does not use icons on margins that IMHO simplify reading.

As for the classic open security tools, the book covers PAM(36 pages), Sudo(20 pages), TCP Wrappers(24 pages), SSH(55 pages), Tripwire(24 pages), CFS and TCFS (30 pages), and ipchains.

From the first reading it looks like at least some "tools" chapters are *not* a rehash of existing online documentation. In addition to the chapters about classic open source security tools I like chapters about logs: a chapter on syslog (Ch.8) and a chapter on log file management (Ch.17).

Now about weaknesses. The chapter on Tiger is extremly weak. The second author of the book ELLEN L. MITCHELL is a network analyst at Texas A&M University, responsible for campus network security, development, and administration. She currently maintains the Tiger UNIX security package, but is unable to maintain a pretty simple set of hardening scripts :-(. That's due her efforts, Tiger is now a legacy tool :-). Actually information is not completely useless -- it's not difficult to switch to another tool after one understands how Tiger works. Titan can be considered for Solaris. Perl is superior for writing Unix vulnerability scanners in comparison with shell, but Bastille is no way a better set of scripts than outdated Tiger. From the point of view of architectural solutions Tiger is much stronger (that the polite way to way that Bastille is junk).

There are several serious omissions. Book is incomplete in a sense that neither Snort (or any similar intrusion detection tool), nor open source network scanners (Saint, Sara, etc.) are covered. Nmap is not covered as well.

Of course there are some typos, but generally not that many. But what is really bad is that the Prentice Hall book page http://www.phptr.com/ptrbooks/ptr_0130158070.html currently is pretty basic with no errata or additional links. The authors do not provide a WEB site for the book. That is a really bad sign :-(.

This book can probably be used for studying Unix security at universities along with somewhat outdated Practical Unix and Internet Security and this combination can somewhat compensate deficiencies of the latter (non tool oriented descriptive approach).

**+ Hacking Exposed Network Security Secrets and Solutions

by Joel Scambray, Stuart McClure, George Kurtz

Paperback - 703 pages 2nd edition (January 15, 2000)
McGraw-Hill Professional Publishing; ISBN: 0072127481 ; Dimensions (in inches): 1.72 x 9.11 x 7.27

The main purpose of the book is to serve as an advertisement of the authors hacking courses. The main strength of the book is that it contains a useful tips about networking utilities and security tools as well as a basic assortment of networking attacks. From other point of view there is a difference between openness and provoking people to do something wrong. There is a very fine line here. I wondered at times whether some parts of the book were written with the "Anarchist's Cookbook." in mind :-). Still, there is some good content here. For example as for tools the book does contain some relevant information. You can probably can save some time that otherwise will be spent browsing the Internet starting from the set of tools outlined in the book.

The authors did not produce the coherent picture of what is what and the book is fragmentary. It's more like a collection of notes or a reference of useful tools. Paradoxically Unix part of the book is extremely weak. Looks like neither of the authors understand Unix well.

** Bloated...with little substance, July 21, 2000
Reviewer: neptoona (see more about me) from Wilmington, DE USA

This book is really nothing more than a guide. If you don't have time to search the internet (and the stuff is not hard to find) then this book may be of some help. It's amazing how they managed to fill up so many pages and tell you very little. They tell you about all of the tools and where to get them, but they give you nothing on how to use them, with the exception of nmap and ncat. If you can get this book used for a few bucks, then it may be a good buy as a reference, but don't buy it at the retail price.

*** Been There, Done That., January 20, 2000

Reviewer: A reader from Moscow, Russia
I didn't find anything in this book that I hadn't found after doing a few days worth of research on the web. Many parts of the text seem to have been directly lifted from the Read Me files of the tools that the author is trying to describe. A real cut-n-paste job.

*** the book is good but its not good enough, November 9, 1999
Reviewer: A reader from Cairo,Egypt

the book-as i said before in the summary- is good but its not good enough.....its not written for a certain class of readers......its not high enough for the experts and its ont simple enough for the beginners

***** Easy to Read and Very Informative, August 6, 2000
Reviewer: Samuel C. Adams (see more about me) from San Antonio, TX USA

I manage a crew of about 20 people who do intrusion detection analysis. The stellar achivement of the authors of Hacking Exposed is packing their book with useful information AND making it easy to read. The only thing wrong with this book is that in attempting to cover everything, the authors talk about some things that aren't really worth knowing and skimp on topics where most readers would want more depth.

There are many topics that received excellent coverage in this book. Among them are: DNS records and zone transfers, the ins and outs of nmap, Unix log files, the NT null session or Red Button vulnerability, the SAM database and NT password guessing. This book does an excellent job covering Netbios and NT vulnerabilities which I found exteremly useful since most of my background involves Unix.

Topics that could have been left out of this book or that received undue attention include Windows 95/98 and Novell. In the last section of the book the Authors seemed to want to cover as many tools and vulnerabilities as possible. I would have preferred a more informative treatment of a smaller number of issues.

An important topic I thought the authors didn't do justice was buffer overflow vulnerabilities. The reader is referred to papers done by Dr. Mudge and AlephOne.

All in all I found this book very useful and look forward to the second edition.

**** Good security read, summarizing well known exploits., May 3, 2000
Reviewer: A reader from Baltimore, MD

Hacking Exposed offers a good overview of many well-known, and some lesser known, secuirty vulnerabilities. A fairly quick read, strikes a good balance between superficiality and going too deeply into code. Very good on NT and router security (often overlooked), but could be better on UNIX (not much Linux-specific advice here). As a part-time admin for a small network, I'm glad I picked this book up. Would have like to see more on security tips for small business security -- ex. review/advice re: SonicWall /Watchguard type boxes.

Here is a couple of reviews of a specific category of readers that I would called "a wanna-be hackers":

About time someone knew what they were writing about, September 14, 2000
Reviewer: rhelic (see more about me) from Canastota, NY USA

I've read about 4 security books and this book was far better than the rest. Instead of simply telling you not to run a certain service cuz it might have a hole, it actually tells you what the hole is, how to exploit it, and where to get the tools you need to exploit it. This isn't a list of programs and their holes though, it starts at the begining teaching you how to enumarate (get info) from a computer from all kinds of different methods, such as trying to find out OSs, their versions, services that are running and who is currently on the system. It talks about scanning groups of computers to find the few that are exploitable. It then goes on to explain specific Windows9X holes, then NT, to Novell, and then to Unix. Spending upto 60 pages on each operating system (very in depth and all of it usefull). There are also chapters just on dialup and VPNs (virtual private networks), firewalls, network hardware (routers) and an entire chapter just about DoS's (Denial of Services). It then goes into Advance Techniques, problems with PHP and ASP, and then onto a chapter on Windows2000 (talk about being up to date). As far as my book collection goes, this definetly gets my Top5 rating of the 100+ books I've read. Theres alot of meat to eat in this book.

WHAT A BOOK!, July 24, 2000
Reviewer: Nectron from California
i am really interested in computing, networks, and security, i bought this book from amazon.com, when i was looking for a book that TEACHES me how to hack, and teaches me how to block hackers attacks, i know that a lot of bigenner hackers like me, are looking for a mentor or for a guide, to learn hacking or to be a security expert, this book is really really scaring, and reallly shows you how vulnerable your network or computer is... the last word i say is: ( IF YOU'RE LOOKING FOR A TECHNICAL BOOK, IF YOU WANT TO BE A HACKER, BUY THIS BOOK NOW! )

i g07 7his b00k n0w i'm 7h3 m4s70r h4X0r, June 2, 2000
Reviewer: A reader from USA
this book is totally amazing! i used to know how to code in QBasic, but now i am a master hacker! thank you very much mr smartay hacker man for writing this book for me. if it weren't for you i wouldn't be as good of a hacker that i am today.

** Unix System Security Tools (Unix Tools)

Seth Ross / Paperback / Published 1999
Amazon price: $31.96 ~ You Save: $7.99 (20%) (Not Yet Published -- On Order)

Paperback - 512 pages Bk&Cd Rom edition (September 1999)
McGraw-Hill; ISBN: 0079137881 ; Dimensions (in inches): 1.33 x 9.01 x 6.04
Amazon.com Sales Rank: 76,042

This is a weak and a very short book -- much shorter that you would expect from a regular book that contains 512 pages. This fact is partially due to very narrow (6 inches wide) pages with wide margins. Such pages contain approximately half of usual page content -- so the volume of the book is equal to 256 pages of "regular" book.

It does contain a CD with tools, but that's it.

Look at the table of content. Aha! 16 chapters, so its less than 16 normal pages for a chapter.

For example the Chapter 6 "Filesystem Security" is really extremely superficial and does not cover even the main concepts.

The book describes Tiger and Cops -- definitely outdated legacy scanners that are not that useful nowadays, but still remain classic of the field.

Generally the book creates an unfavorable impression of hasty and superficial compilation. I think that Linux System Security: The Administrator's Guide to Open Source Security Tools is a much better book.

See also the author resume www.albion.com/seth/resume.html. It's not clear why the author decided to write about security:

Seth T. Ross is a San Francisco-based Internet author and entrepreneur who's been working on Internet projects since 1990. He's currently conducting independent research on computer security topics and developing a suite of UNIX and network security tools.

COMPUTER BOOKS

Author � UNIX System Security Tools, McGraw-Hill, forthcoming

Author � Netdictionary (www.netdictionary.com), 1997

Editor/Publisher � The Newbie's Guide to the Microsoft Network, by Michael Lehman, Albion Books, 1995

Editor/Publisher � Netiquette, by Virginia Shea, Albion Books, 1994

Author � Taking the Next Step: The Buyer's Guide to NeXTSTEP Computing, Albion Books, 1993

** Unix Security (Sys Admin-Essential Reference Series): Paperback / Published 1997; This "book" is really a collection of (magazine?) articles by different authors and thus suffers from a lack of focus and cohesion -- from the online review in Amazon.com. The book does contains several useful scripts, but generally it is weak.

Intrusion Detection

**** Network Intrusion Detection: An Analysis Handbook

Stephen Northcutt

Amazon price: $31.99
Textbook Binding - 267 pages (July 1999)
New Riders Publishing; ISBN: 0735708681 ; Dimensions (in inches): 0.63 x 9.03 x 7.05
Amazon.com Sales Rank: 3,530
Avg. Customer Review: ****+
Number of Reviews: 10

*****	Best IDS book for hands-on implementors	January 29, 2000
	Reviewer: Jay Heiser (see more about me) from Vienna, VA
	Of the 3 available intrusion detection texts, this is by far the best for someone who actually wants to do intrusion detection. It is breezy & chatty--like sitting down with a good friend (unfortunately, one who doesn't organize his thoughts very well and whose editor was apparently in a hurry). This is a bits & bytes book; it assumes some knowledge of TCP/IP and security concepts, but it accomodates non-specialists. It is useful for readers of varying levels of familiarity with Internet protocols. Northcutt provides an excellent introduction to the specific mechanisms of the most common network attacks, and offers the most cogent description I've seen of the [purported] Mitnick attack on Shimomura. I especially enjoyed his efforts at providing neophyte intrusion analysts with political advice. His insight that host-based IDS is technically superior to network-based, but politically impractical is a gem of organizational wisdom.
*****	Readable, intelligent, down-to-earth.	October 1, 1999
	Reviewer: Greg Broiles (see more about me) from Oakland, CA
	Network Intrusion Detection is rare among technical books - it's comprehensive, accurate, interesting, and intelligent; it's got none of the "filler" chapters which seem to be prevalent in the genre. It's well worth the relatively small investment of time and money required to read and understand it. The author has "been there, done that" which gives him a perspective unavailable to professional technical authors who write about Java one month, CORBA the next, will be assigned a firewall book next. This book will be useful to people responsible for intrusion detection, people who manage them, and to people who need to understand attack techniques and the forensic tools needed to detect and document them. Highly recommended; it's in the same class as Cheswick & Bellovin's classic _Firewalls and Internet Security_.
*****	Northcutt hits the ball out of the park!	August 25, 1999
	Reviewer: Richard Bejtlich (bejtlich@altavista.net) from Texas
	I am the chief of a 15 person intrusion detection team, with responsibility for centralized, around-the-clock monitoring of a global network. I believe I have enough experience to claim Steven's book is first rate and sorely needed. His reconstruction of a Christmas Eve system compromise and his analysis of Kevin Mitnick's TCP hijack of Tsutomu Shimomura's host are excellent case studies. His coverage of reset scans and other non-standard reconnaissance techniques prompted me to scour my traffic for the same events and write a paper on my findings. I do not agree with some of his conclusions on SYN ACK and reset scans, but his work made me investigate those topics. While I would have preferred slightly more explanation and examples of network traces (who wouldn't?), I hope this book begins a trend of sharing (sanitized) packet-level incident details within the IDS community. I recommended Steven's book to every analyst on my flight and every person in my unit, and I plan to build in-house training around it. I guarantee every person with a technical leaning and a position on the front line of intrusion detection will appreciate Steven's book. See you at SANS Network Security 99

*** Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response: Edward G. Amoroso(Preface) / Paperback / Published 1999
Amazon price: $40.99 ~ You Save: $8.96 (18%)
Average Customer Review: ****
Dr. Amoroso teaches security course at Stevens Institute of Technology. The book looks like average college textbook written by professional educator with no strong contacts with practical side of the subject. The author wrote two other security books. None was significant.

*** Intrusion Detection (Macmillan Technology Series): by Rebecca Gurley Bace; Amazon price: $50.00; Textbook Binding - 350 pages 1 edition (December 21, 1999)
New Riders Publishing; ISBN: 1578701856 ; Dimensions (in inches): 1.07 x 9.42 x 7.57
Amazon.com Sales Rank: 11,172
Avg. Customer Review: ***
Number of Reviews: 2; This book is a marginal book. Not very technical but not very management oriented either. It's akin to below average college CS textbooks. Or law books. It's designed for CIO smacking....
Slashdot Intrusion Detection [Book Review]

** Intrusion Detection : Network Security Beyond the Firewall ~ Usually ships in 24 hours: Terry Escamilla / Paperback / Published 1998
Amazon price: $31.99 ~ You Save: $8.00 (20%); Paperback - 416 pages (October 1998)
John Wiley & Sons; ISBN: 0471290009 ; Dimensions (in inches): 0.88 x 9.28 x 7.55
Amazon.com Sales Rank: 58,575
Avg. Customer Review:
Number of Reviews: 10

Jarringly unfocussed and inaccurate...

August 13, 1999

Reviewer: A reader from San Francisco, CA

I wanted to like this book, seeing as how I've made intrusion detection an important part of my career (the book spends a few pages discussing a paper I wrote), and there are no good offline resources on the subject. Unfortunately, I found little to appreciate in this book, which could have benefited greatly from better technical editing, a sharper concept of what its audience is, and (unfortunately) a better grounding in the subject matter.

The most important problem with this book will be obvious to most readers. Escamilla doesn't address the subject of intrusion detection until midway through the book, opting instead to fill the first half of the book with background information about computer security. This information is presented poorly (and with glaring inaccuracies). Almost all of it is covered better in other books, which readers unfamiliar with network security will need to buy anyways to make the intrusion detection concepts discussed in the latter half of the book accessible.

Unfortunately, the relevant half of the book isn't much better. A confused mish-mash of technologies are presented under the banner of I-D (I know of very few people in the security industry who consider security scanners to be I-D systems), and the most widely used forms of I-D are given scant coverage.

Worse still, the author profiles real commercial I-D systems (towards the end of the book). Apart from the fact that this information was unsalvageably outdated before the book made it to the press, it's also biased. Descriptions of one system span 3 pages, while another merits a single paragraph. Many important systems (which were widely known at the time of this book's release) are not covered at all. And, predictably, most of the details about the commercial systems covered read like marketing material, with almost no comparisons to the other systems covered.

Although this book is a mess, it's not an unrecoverable one. The authors descriptions of Do-It-Yourself intrusion detection on Unix systems is competant, if not revolutionary, and is almost reminiscent of Cheswick and Bellovin's work in _Firewalls_and_Internet_Security_. A better informed, more coherent second revision of this book would be worth looking at.

Unfortunately, there's very little to recommend this book. A critical and informed reader might get some value out of it, but nothing that couldn't be obtained more easily from the Internet. At its worst, however, this book can be misleading, and is thus an inappropriate introduction to its subject. Overall, a deeply flawed book. Steer clear.

Solaris

** Solaris Security ~ Usually ships in 24 hours

Peter H. Gregory / Paperback / Published 1999
Amazon price: $39.99

Average Customer Review: ** Number of Reviews: 1

When the book title is "Solaris security" and not "Hacking exposed" one can probably expect a decent level. Not true.

The book can probably be partially useful for beginning Unix administrators, but in no way it can be considered a Solaris Security book.

First of all the useful content is almost absent. If you skip first 23 pages and appendixes you might find that you have bought less than 150 horribly typeset pages of general information useful only for beginning Solaris sysadmins, if any.

The quality of the book can be illustrated by the folowing quote (preface, page XLI):
ftp://ftp.win.tne.nl/pub/security/tcp_wrappers_7.6tar.gz

This archive was compromised more than two years ago and is now defunct so putting such URL in the book looks unprofessional. And the value of this recommendation is pretty obvious.

Now about important tools: Aset is covered in just one page. COPS in one-half, Tiger -- one half, Tripwire in one. None of the modern tools are covered at all. After that statistic one might wonder why the book is called Solaris security. Well, that's probably gives you an idea.

I agree completely with the following review of the reader from New Hampshire, but I would give one stars instead of two.

** A reader from New Hampshire, US , October 13, 1999
Very basic, riddled with errors and typos
They should have named this book "Beginning Solaris Administration with a touch of Security". This book presents basic system administration techniques, many of them extremely obvious or simple common sense. Security is glossed over very quickly with little to no 'meat'. "We recommend running COPS or Tiger to audit this weakness, see Chapter 4." Chapter 4 includes a one paragraph note on COPS.

In addition to the lack of any real content, like all recent computer books, this one is rife with errors and typos. Example: The chapter on DNS--the author continually comments on blocking port 43 at the firewall to prevent DNS queries and zone transfers. Everyone knows that DNS uses port 53--in fact, the author notes that in a table 10 pages earlier. I would just attribute this to a typo, but he mentions port 43 at least 5 times on one page.

I expected better of SUN and Prentice-Hall, but I guess I should have known better based on the Janice Winsor books.

Linux specific books

Building Linux and OpenBSD Firewalls

Wes Sonnenreich, Tom Yates / Paperback / Published 1999
Amazon price: $44.99

Paperback - 512 pages (October 1999)
John Wiley & Sons; ISBN: 0471353663

Linux Security (The Landmark Series)

John S. Flowers / Paperback / Published 1999
Amazon price: $23.99 ~ You Save: $6.00 (20%) (Not Yet Published -- On Order)

Paperback - 400 pages (October 1999)
MacMillan Publishing Company; ISBN: 0735700354
.

Linux Speakers' Bureau Speaker Listing

Welcome To Inquisit!

WEB security

**** Web Security : A Step-By-Step Reference Guide: Lincoln D. Stein / Paperback / Published 1998

See also: Publisher web-site page

Interviews: Lincoln Stein on Web Security

Reviews: ERCB Short Review

About the Author: Lincoln D. Stein is a freelance writer and Director of Information Systems at the Curagen Corporation, a biotechnology company. He is the the keeper of the World Wide Web's Security FAQ. And one can read the FAQ first as the book is based on it. Author's Home Page: http://www.genome.wi.mit.edu/WWW/.

Other books authored by Lincoln Stein

How to Set Up and Maintain a Web Site: Second Edition

How to Set Up and Maintain a World Wide Web Site : The Guide for Information Providers

*** Web Security & Commerce (Nutshell Handbook) ~ Usually ships in 24 hours: Simson Garfinkel, Gene Spafford / Paperback / Published 1997
Amazon price: $26.36 ~ You Save: $6.59 (20%); Superficial and incomplete. Can be used as a decent overview, that that's probably it. Lack practical recommendations.

????? Administrating Web Servers, Security and Maintenance ~ Usually ships in 24 hours

Eric Larson, Brian Stephens / Textbook Binding / Published 1999
Amazon price: $40.00
Average Customer Review: ***** Number of Reviews: 1

Textbook Binding - 567 pages 1 edition (December 15, 1999)
Prentice Hall; ISBN: 0130225347 ; Dimensions (in inches): 1.60 x 9.21 x 7.03
Amazon.com Sales Rank: 12,674

Table of contents

I. WEB SERVER ADMINISTRATION.
1. What is a Web Server?
2. Planning Your Server.
3. Users and Documents.
4. Server Configuration.
5. Server-Side Programming.
6. Log Files.
7. Search Engines, Robots, and Automation.

II. WEB SECURITY.
8. Introduction to Security.
9. Network Security.
10. Web Server Security.
11. CGI Security.
12. Web Client Security.
13. Secure Online Transactions.
14. Intrusion Detection and Recovery.

SSL and TLS Essentials: Securing the Web ~ Usually ships in 24 hours

Stephen Thomas / Paperback / Published 2000
Amazon price: $27.99 ~ You Save: $7.00 (20%)

Web Security ~ Usually ships in 24 hours

Amrit Tiwana / Paperback / Published 1999
Amazon price: $29.71 ~ You Save: $5.24 (15%)

Designing Secure Database Driven Web Sites

Jimmy Nasr, Roger Mahler / Textbook Binding / Published 2000
Amazon price: $38.24 ~ You Save: $6.75 (15%) (Not Yet Published -- On Order)

???? Web Security Sourcebook

Aviel D. Rubin, et al / Paperback / Published 1997

Standard disclaimer: The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor d

Softpanorama Bookshelf: Old Unix/Internet Security Books