Information Security Books I Read (+ "review")


My security book is out! Buy it at Amazon!
Skip the intro

Visit my infosecurity information portal http://www.info-secure.org

After you bought my book, go and see a new complete list of my security book reviews below:

(09/04/2001) "Information Warfare: How to Survive Cyber Attacks" by Michael Erschloe [published at SecurityWatch]
(08/24/2001) "Hacking Linux Exposed" by Brian Hatch, James Lee and George Kurtz [published at SecurityWatch]

(08/2001) "Incident Response" by Kenneth R. van Wyk and Richard Forno [published at SecurityWatch]

(01/09/2002) "Incident Response: Investigating Computer Crime" by Kevin Mandia, Chris Prosise [published at SC Magazine web portal]

(03/13/2002) "Hacker's Challenge" by Mike Schiffman [published at SC Magazine web portal]

(06/04/2002) "CERT Guide to System and Network Security" by Julia Allen [published at SC Magazine web portal]

(05/01/2002) "Know You Enemy" by Project Honeynet [posted at Amazon.com]

(07/10/2002) "Authentication: From Passwords to Public Keys" by Richard E. Smith [published at SC Magazine web portal]

(08/02/2002) "Honeypots: Tracking Hackers" by Lance Spitzner [published at SlashDot web portal] (also posted on the Amazon.com)

(09/11/2002) "Web Hacking: Attacks and Defense" by Stuart McClure, Saumil Shah, Shreeraj Shah [posted at Amazon.com]

(09/11/2002) "Building Linux and OpenBSD Firewalls" by Wes Sonnenreich, Tom Yates [posted at Amazon.com]

(09/30/2002) "Anti-Hacker Tool Kit" by Mike Shema, Bradley C. Johnson, Keith J. Jones [posted at Amazon.com]

(09/30/2002) "Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPNs), Routers, and Intrusion Detection Systems" by Stephen Northcutt, Karen Fredrick, Scott Winters, Lenny Zeltser, Ronald W Ritchey [posted at Amazon.com]

(10/09/2002) "Incident Response" by Eugene Schultz and Russell Shumway [published in ;login USENIX magazine]

(10/30/2002) "Network Intrusion Detection, 3rd edition" by Stephen Northcutt and Judy Novak [published at SC Magazine web portal]

(11/04/2002) "The Art of Deception: Controlling the Human Element of Security" by Kevin D. Mitnick, William L. Simon [posted at Amazon.com]

(11/04/2002) "Network Intrusion Detection: An Analyst's Handbook (3nd Edition)" by Stephen Northcutt, Judy Novak [posted at Amazon.com]

(11/25/2002) "Wireless Security and Privacy: Best Practices and Design Techniques"by Tara M. Swaminatha, Charles R. Elden [posted at Amazon.com]

(01/02/2003) "A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony As An Expert Technical Witness" by Fred Chris Smith, Rebecca Gurley Bace [posted at Amazon.com]

(01/17/2003) "Hacker's Challenge 2: Test Your Network Security & Forensic Skills" by Mike Schiffman, Bill Pennington, David Pollino, Adam O*Donnell [posted at Amazon.com]

(01/28/2003) "Building Open Source Network Security Tools: Components and Techniques" by Mike Schiffman [posted at Amazon.com]
(04/17/2003) "IT Security: Risking the Corporation" by Linda McCarthy [posted at Amazon.com]

(04/17/2003) "FreeBSD: The Complete Reference" by Roderick W. Smith [posted at Amazon.com]

(04/22/2003) "Securing Linux: A Survival Guide for Linux Security" by SANS Institute [posted at SANS web site]

(05/05/2003) "Securing Cisco Routers: Step-by-Step" by Joshua L. Wright, John N. Stewart (SANS) [posted at Amazon.com]

(05/13/2003) "Mission-Critical Security Planner: When Hackers Won't Take No for an Answer" by Eric Greenberg [posted at Amazon.com]

(05/13/2003) "Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses" by Ed Skoudis [posted at Amazon.com]

(06/19/2003) "Firewalls and Internet Security: Repelling the Wily Hacker" by William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin [posted at Amazon.com]

(07/17/2003) "Hacking Exposed" by by Stuart McClure, Joel Scambray, George Kurtz [posted at Amazon.com]

(08/19/2003) "Access Denied: The Complete Guide to Protecting Your Business Online" by Cathy Cronkhite, Jack McCullough [posted at Amazon.com]

(08/19/2003) "Inside the Security Mind: Making the Tough Decisions" by Kevin Day [posted at Amazon.com]

(09/24/2003) "Computer Security: 20 Things Every Employee Should Know" by Ben Rothke [posted at Amazon.com]

(09/24/2003) "Black Ice: The Invisible Threat of Cyberterrorism" by Dan Verton [posted at Amazon.com]

(10/01/2003) "HackNotes(tm) Network Security Portable Reference" Michael Horton, Clinton Mugge [posted at Amazon.com]

(11/06/2003) "Incident Response and Computer Forensics, Second Edition" by Chris Prosise, Kevin Mandia, Matt Pepe [posted at Amazon.com]

(11/06/2003) "HackNotes(tm) Web Security Pocket Reference" by Mike Shema [posted at Amazon.com]

(11/20/2003) "Managing A Network Vulnerability Assessment" by Justin Peltier, John A. Blackley, Thomas R. Peltier [posted at Amazon.com]

(12/10/2003) "Investigative Data Mining for Security and Criminal Detection" by Jesus Mena [posted at Amazon.com]

(12/10/2003) "How Secure is Your Wireless Network? Safeguarding Your Wi-Fi LAN" by Lee Barken [posted at Amazon.com]

(02/04/2004) "Intrusion Detection and Prevention" by Eugene Schultz, Jim Mellander, Carl F. Endorf [posted at Amazon.com]

(02/04/2004) "The Effective Incident Response Team" by Julie Lucas, Brian Moeller [posted at Amazon.com]


All my Amazon reviews.

My older book list follows:

Below I provide a list of network security/cryptography/network architecture books I read or plan to read together with a short "review" (that is better be called an opinion, as it is as biased as they go).

This is supposedly of interest to my future employer and to whoever else interested (if not in my opinions, but in the list of the books all in one place). When I was looking for security books to read something of this sort would have been very helpful, but I was unable to find it.

So, now as soon as a new book surfaces in any of the BugTRAQ lists, firewal-wizards, fwtk-users, ids-list, linux-security, NTSECURITY.NET lists, WNT Mag Security UPDATE, R.I.S.K.S. digest and some others I will read it (if I have time and money, that is) and post the "review" here. Otherwise, I will just post the title and author and online availability.

Also, if you have some reviews for other books, better reviews for the books mentioned or at least pointers to review pages - do send them via email. I am reluctant to just take some review I see in the mailing list and post it on this page as I am unsure about copyright issues.

To judge whether I am any sort of authority on the subject refer to my infosec portal http://www.info-secure.org (yes, I am looking to be hired now!).

Also, I would stay away from "reviewing" the Classics, like this book. Some people much more worthy than me did that already.

My dream is to become the most complete collection of InfoSec book references, so that people entering the field would be able to find what they want quickly. Right now the list is really F-A-R from complete. Also I plan to list the target audience for each book in the future.

UPDATE! I decided to add links to some online-only resources on security. As there are too many of those, only links to resources that rival books in size, content organization and purpose will be posted. They are organized as a separate online section.

Here go the books in no particular order (while there are not many of them this is probably tolerable).

Jump to 1 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 100 105 110 115 120 125 130 135 140 145 150 155 160 170 180 190 200
Online books 1 5


1
Title: Cryptography and network security : principles and practice
Author: Stallings, William.
Publication date: 1999
Opinion: new version of his book, see below, review by Robert M. Slade here
4
Title: Intrusion detection : network security beyond the firewall
Author: Escamilla, Terry, 1956-
Publication date: 1998
Opinion: to be added soon

5
Title: Internet security professional reference
Publication date: 1997
Opinion: utterly useless CD-ROM (not a paper book) with RFCs and some Windows NT book chapters. 
6
Title: TCP/IP : architecture, protocols, and implementation with IPv6 and IP security
Author: Feit, Sidnie.
Publication date: 1997
Opinion: really good book on fundamentals of the current state of TCP/IP as well as future IPv6. All protocols explained.
7
Title: Internet and TCP/IP network security : securing protocols and applications
Author: Pabrai, Uday O.
Publication date: 1996
Opinion: to be added soon
, review by Robert M. Slade here
8
Title: Practical UNIX and Internet security
Author: Garfinkel, Simson.
Publication date: 1996
Opinion: The Book on Internet and UNIX security.
9
Title: Building Internet firewalls
Author: Chapman, D. Brent.
Publication date: 1995
Opinion: The Book on firewalls. Both practical and conceptual.
10
Title: Network and internetwork security : principles and practice
Author: Stallings, William.
Publication date: 1995
Opinion: a textbook for a security student, mostly theoretical , review by Robert M. Slade here
11
Title: Practical computer network security
Author: Hendry, Mike.
Publication date: 1995
Opinion: thin overview, not useful, apart from convincing the boss security has a value , review by Robert M. Slade here
13
Title: PCweek intranet and internet firewall strategies
Author: Amoroso, Edward G.
Publication date: 1996
Opinion: really nice, a bit *executive-ish* overview of FW technology with some policy details and some technical details. Types of FW and their applicability is discussed, review by Robert M. Slade here
14
Title: Internet Security with Windows NT
Author: Edwards, Mark Joseph
Publication date: 1998
Opinion: very good in-depth Win NT security reference, practical and clearly written. Available online for free, review by Robert M. Slade here
15
Title: Applied cryptography
Author: Schneier, Bruce
Publication date: 1996
Opinion: really good practical intro to cryptography for programmers and engineers, contains code for many algorithms. I enjoyed reading that one. 
16
Title: Maximum Security: A Hackers Guide To Protecting Your Network
Author: Anonymous
Publication date: 1996
Opinion: a bit dated book that covers most of the security field-very practical approach to attack, defense and system-specific properties (not only UNIX). That book got me interested in that area some time ago! It is really powerful. Available for free as part of InformIT
17
Title: Maximum Linux Security
Author: Anonymous
Publication date: 1999
Opinion: Good description of Linux and a detailed description of attack/defense/monitoring tools for it (all those are also on the CD-ROM). Targeted for beginners. 
18
Title: Secure Computing
Author: Summers, Rita
Publication date: 1997
Opinion: Pretty interesting theoretical book that aims to cover all from mathematical foundations to secure system design to cryptography. Lots of references. According to the author, most info was collected in public libraries(?). 
19
Title: ICSA guide to cryptography
Author: Nichols, R
Publication date: 1999
Opinion: to be added soon

20
Title: Web security and commerce
Author: Garfinkel, Simson; Spafford, Gene
Publication date: 1999
Opinion: to be added soon
, review by Robert M. Slade here
21
Title: Handbook of Applied Cryptography
Author: Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone
Publication date: 1999
Opinion: to be added soon, available online for free in PDF and PostScript here

22
Title: Network Intrusion Detection, An Analysis Handbook
Author: Northcutt, Stephen
Publication date: 1999
Opinion: plan to read, review by Robert M. Slade here

23
Title: Firewalls and Internet Security: Repelling the Wily Hacker
Author: Cheswick and Bellovin
Publication date: 19xx
Opinion: plan to read, review by Robert M. Slade here

24
Title: Firewalls Complete
Author: Goncalves, Marcus
Publication date: 19xx
Opinion: plan to read, review in RISKS digest and review by Robert M. Slade here

25
Title: Mastering Network SecurityFirewalls Complete
Author: Brenton, Chris
Publication date: 19xx
Opinion: plan to read

26
Title: Building Linux and OpenBSD Firewalls
Author: Sonnenreich, Wes and Yates, Tom
Publication date: 1999
Opinion: plan to read

27
Title: Hacker Proof; The Ultimate Guide to Network Security
Author: Klander, Lars Renehan, Edward J., Jr.
Publication date: 1997
Opinion: plan to read

28
Title: Designing Network Security
Author: Kaeo, Merike
Publication date: 1999
Opinion: plan to read
Review: (submitted by the reader) Very good introduction to a wide range of network security issues and so lutions. It is nice to read something that is not all about UNIX, but also covers design issues and newer security technologies. There is an obvious Cisco presence.

29
Title: Computer System and Network Security
Author: White, Gregory B. Pooch, Udo W.
Publication date: 1995
Opinion: plan to read

30
Title: TCP/IP Network Administration
Author: Hunt, Craig
Publication date: 19xx
Opinion: plan to read

31
Title: Checkpoint Firewall-1 : Administration Guide
Author: Goncalves, Marcus and Brown, Steven
Publication date: 1999
Opinion: plan to read

32
Title: E-commerce Security Strategies: Protecting the Enterprise
Author: Cameron, Debra
Publication date: 1998
Opinion: plan to read

33
Title: Hacking Exposed: Network Security Secrets and Solutions
Author: McClure, Stuart et al
Publication date: 1999
Opinion: Amazing book on attacks, their principles and methodology. All the classics from NT/Unix/NetWare worlds: from old ones to pretty recent (including some on Windows 2000). Good as a HOWTO with relevant explanations. Countermeasures are also provided.

33
Title: Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response
Author: Amoroso, Edward G.
Publication date: 1999
Opinion: plan to read
Review: (submitted by the reader) An excellent book for anyone who is going to spend any amount of time with IDS. It is mostly technical and goes from a basic introduction of IDS concepts to complex technical issues. It's a bit thin for the price, but the content is well worth it.review by Robert M. Slade here

34
Title: Windows NT Security
Author: McInerney, Michael J.
Publication date: 1999
Opinion: plan to read

35
Title: Windows NT Security Handbook
Author: Sheldon, Thomas
Publication date: 1996
Opinion: plan to read

36
Title: Internet Firewalls and Network Security
Author: Hare, Chris and Siyan, Karanjit
Publication date: 1996
Opinion: plan to read

37
Title: Securing computer networks: analysis, design, and implementation
Author: Fisch, Eric A. and Pooch, Udo W.
Publication date:1999
Opinion: plan to read

38
Title: Linux Firewalls
Author: Zieger, Robert L.
Publication date: 19xx
Opinion: plan to read

39
Title: Intrusion Detection
Author: Bace, Rebecca
Publication date: 19xx
Opinion: plan to read, review by Robert M. Slade here

40
Title: NT Network Security
Author: Strebe, Prekins and Moncur
Publication date: 19xx
Opinion: plan to read

41
Title: Internet Security for Business
Author: Schultz, Bernstein, Bhimani and Siegel
Publication date: 19xx
Opinion: plan to read

42
Title: Security Technologies for the World Wide Web
Author: Oppliger, Rolf
Publication date:2000
Opinion: plan to read, review in RISKS list, review by Robert M. Slade here

43
Title: Network Security Essentials: Applications and Standards
Author: Stallings, William
Publication date:2000
Opinion: plan to read, review in WNT Security List

44
Title: Handbook of Information Security Management
Author: Krause, Micki and Tipton, Harold
Publication date:1999
Opinion: Great collection of articles supposedly aimed at those preparing for CISSP (mentions Common Body of Knowledge etc). Describes everything from physical security and biometrics to law and ethics. Not very entertaining, but useful and interesting. Also not a HOWTO hands-on guide.

45
Title: Configuring Windows 2000 Server Security
Author: Syngress Media Inc. Staff
Publication date:1999
Opinion: plan to read

46
Title: Network Security: Private Communication in a Public World
Author: Kaufman, Charlie, Perlman, Radia, Speciner, Mike
Publication date:1995
Opinion: plan to read, review by Robert M. Slade here

47
Title: Web Security Sourcebook
Author: Rubin, Aviel D., Geer, Daniel, Ranum, Marcus
Publication date: 1997
Opinion: plan to read

48
Title: Information Warfare & Security
Author: Denning, Dorothy E.
Publication date: 1998
Opinion: plan to read

49
Title: Network Security
Author: Cisco Systems Inc
Publication date: 1998
Opinion: plan to read

50
Title: Web Security
Author: Tiwana, Amrit
Publication date: 1998
Opinion: plan to read

51
Title: Internet Besieged
Author: Denning, Dorothy E., Denning, Peter J.
Publication date: 1998
Opinion: plan to read, review here, review by Robert M. Slade here

52
Title: Web Security
Author: Khare, Rohit, Rifkin, Adam
Publication date: 1997
Opinion: plan to read, review by Robert M. Slade here

53
Title: Web Security: A Step-by-Step Reference Guide
Author: Stein, Lincoln
Publication date: 1998
Opinion: plan to read, review by Robert M. Slade here

54
Title: Defending Your Digital Assets Against Hackers, Crackers, Spies and Thieves
Author: Nichols, Randall K., Ryan, Daniel, et al.
Publication date:1999
Opinion: plan to read, review in WNT Mag Security UPDATE list

55
Title: Windows 2000 Security Little Black Book
Author: Mclean, Ian
Publication date:2000
Opinion: plan to read, review in Win2000 Mag Security UPDATE list

56
Title: Computer Vulnerabilities
Author: Knight, Eric
Publication date:2000
Opinion: reading now, draft available here, online only

57
Title: The Process of Network Security: Designing and Managing a Safe NetworK
Author: Wadlow, Thomas A.
Publication date:2000
Opinion: plan to read, review in Win2000Mag Security UPDATE list

58
Title: Microsoft Windows NT Security: System Administrator's Guide
Author: Lambert, Nevin and Patel, Manish
Publication date: 1997
Opinion: plan to read

59
Title: Managing TCP/IP Networks: Techniques, Tools and Security
Author: Held, Gilbert
Publication date:2000
Opinion: plan to read

60
Title: Computer Security Basics
Author: Russell, Debirah ; Gangemi, G.T.
Publication date: 199x
Opinion: a good book to really know "what it is all about", but no more

61
Title: Infomation System Security Officer's Guide
Author: Kovacich, Gerald L.
Publication date: 1998
Opinion: plan to read, review in SECURITYJOBS mailing list

62
Title: Linux System Security: The Administrator's Guide to Open Source Security Tools
Author: Mann, Scott; Mitchell, Ellen L.
Publication date:2000
Opinion: review here, nice book for administrators who want to know more about security that describes many aspects of host-level security. Ssh, xinetd, sudo, tcp_wrappers, crack, ipchains, tripwire, logrotate are described.

63
Title: Solaris Security
Author: Gregory, Peter H.
Publication date:2000
Opinion: a good book on Solaris administration and security, starts with a chilling "rm -rf /" story ;-) and then goes to both technical and managerial issues. Very good as a reference for Solaris admins.

64
Title: Halting the Hacker: A Practical Guide to Computer Security
Author: Pipkin, Donald
Publication date: 1997
Opinion: plan to read

65
Title: Peter Norton's Guide To Network Security Fundamentals
Author: Norton, Peter and Stockman, Michael
Publication date:1999
Opinion: plan to read, review in Win2000Mag Security UPDATE list

66
Title: IPSEC: The New Security Standard For The Internet, Intranets, And Virtual Private Networks
Author: Doraswamy, Naganand and Harkins, Dan
Publication date:1999
Opinion: plan to read, review in Win2000Mag Security UPDATE list

67
Title: Internet and Intranet Security Management: Risks and Solutions
Author: Janczewski, Lech
Publication date:2000
Opinion: plan to read, review in Win2000Mag Security UPDATE list

68
Title: Information Security: Protecting The Global Enterprise
Author: Pipkin, Donald
Publication date:2000
Opinion: plan to read, review in Win2000Mag Security UPDATE list

69
Title: Computer Security Policies and SunScreen Firewalls
Author: Walker and Cavanaugh
Publication date:2000
Opinion: plan to read

70
Title: Internet Security
Author: Meyers, Tim, Sheldon, Tom and Snyder, Joel
Publication date: 1997
Opinion: plan to read, review by Robert M. Slade here

71
Title: Intranet Security
Author: Vacca, John
Publication date: 1997
Opinion: plan to read, review by Robert M. Slade here

72
Title: Intranet Security: Stories from the Trenches
Author: McCarthy, Linda
Publication date: 1998
Opinion: plan to read, review by Robert M. Slade here

73
Title: LAN Security Handbook
Author: Dutton, Ellen
Publication date: 1994
Opinion: plan to read, review by Robert M. Slade here

74
Title: Network Security
Author: Shaffer and Simon
Publication date: 1994
Opinion: plan to read, review by Robert M. Slade here

75
Title: Network Security Secrets
Author: Stang
Publication date: 1993
Opinion: plan to read, review by Robert M. Slade here

76
Title: Network Security
Author: Baker, Richard
Publication date: 1993
Opinion: plan to read, review by Robert M. Slade here

77
Title: Virtual Private Networking
Author: Zarkower, Jonathan
Publication date:2000
Opinion: plan to read, review by Robert M. Slade here

79
Title: Implementing Virtual Private Networks
Author: Brown, Steven
Publication date:1999
Opinion: plan to read, review by Robert M. Slade here

80
Title: Implementing IPsec
Author: Kaufman, Elizabeth and Newman, Andrew
Publication date:1999
Opinion: plan to read, review by Robert M. Slade here

81
Title: The Complete Guide to Internet Security
Author: Merkow , Mark S.and Breithaupt, Jim
Publication date:2000
Opinion: plan to read, review in Win2000Mag Security UPDATE list

82
Title: Programming Windows Security
Author: Brown, Keith
Publication date:2000
Opinion: plan to read, review in Win2000Mag Security UPDATE list

83
Title: Firewalls: 24 Seven
Author: Strebe, Matthew and Perkins, Charles L.
Publication date:1999
Opinion: plan to read, review in Win2000Mag Security UPDATE list

84
Title: Internet Security Protocols: Protecting IP Traffic
Author: Black, Uyless
Publication date:2000
Opinion: plan to read, review in Win2000Mag Security UPDATE list

85
Title: Microsoft Windows 2000 Security Technical Reference
Author: Internet Security Systems
Publication date:2000
Opinion: plan to read, review in Win2000Mag Security UPDATE list

86
Title: NT 4 Network Security
Author: Moncur, Michael G., Perkins, Charles, Strebe, Matthew
Publication date:1999
Opinion: plan to read, review in R.I.S.K.S.

87
Title: Designing Secure Web-based Applications for Microsoft Windows 2000
Author: Howard, Michael
Publication date:2000
Opinion: plan to read, review in W2K Securyty List
88
Title: Windows 2000 Server Security For Dummies
Author: Sanna, Paul J.
Publication date:2000
Opinion: plan to read
89
Title: Introduction To NT/2000 Security Programming with Visual Basic
Author: Appleman, Daniel
Publication date:2000
Opinion: plan to read
90
Title: Java Security Handbook
Author: Jaworski, Jamie and Perrone , Paul J. Perrone
Publication date:2000
Opinion: plan to read
91
Title: Windows 2000 Security
Author: Bragg, Roberta
Publication date:2000
Opinion: plan to read,review in Win 2000 list
92
Title: Hack Proofing Your Network: Internet Tradecraft
Author: Russell, Ryan, Cunningham, Stace
Publication date:2000
Opinion: review in R.I.S.K.S. list, really powerful book for intermediate to advanced levels covers all aspects of security starting from ethics to exploit development with examples 
93
Title: MCSE Designing Security for Windows 2000: Study Guide
Author: Syngress Media
Publication date:2000
Opinion: this is an MCSE study guide, review in Win2000 Update list
94
Title: Practical Firewalls
Author: Ogletree, Terry William
Publication date:2000
Opinion: plan to read
95
Title: MCSE: Windows 2000 Network Security Design Exam Notes
Author: Govanus, Gary and King, Robert
Publication date:2000
Opinion: plan to read, review in Win2000 Update list
96
Title: Mission Critical Internet Security
Author: Syngress Media
Publication date:2001
Opinion: plan to read, review in Win2000 Update list
97
Title: Modelling and Analysis of Security Protocols
Author: Ryan, Peter and Schneider, Steve
Publication date:2000
Opinion: plan to read, review in Win2000 Update list
98
Title: Real World Linux Security
Author: Toxen, Bob
Publication date:2000
Opinion: plan to read, review in Win2000 Update list
99
Title: Configuring CISCO IP Security
Author: Syngress Media
Publication date:2000
Opinion: plan to read, review in Win2000 Update list
100
Title: Windows 2000 Security Handbook
Author: Sheldon, Tom and Cox, Phil
Publication date:2000
Opinion: plan to read, review in Win2000 Update list
101
Title: Securing Windows NT/2000 Servers for the Internet: A Checklist for System Administrators.
Author: Norberg, Stefan
Publication date:2000
Opinion: plan to read, review in Win2000 Update list
102
Title: Secure Networking with Windows 2000 and Trust Services
Author: Feghhi, Jalal and Jalil
Publication date:2001
Opinion: plan to read, review in Win2000 Update list
103
Title: Security and Privacy for E-Business
Author: Ghosh, Anup K.
Publication date:2001
Opinion: plan to read, review in Win2000 Update list
104
Title: SSH, The Secure Shell: The Definitive Guide
Author: Barrett, Daniel J. and Silverman, Richard E.
Publication date:2001
Opinion: plan to read, review in Win2000 Update list
105
Title: Enterprise Internetworking and Security: The Concise Guide
Author: Cassidy, Kyle and Dries, Joseph F.
Publication date:2001
Opinion: plan to read, review in Win2000 Update list
106
Title: Cryptography and E-Commerce: A Wiley Tech Brief
Author: Graff, Jon C.
Publication date:2000
Opinion: plan to read, review in Win2000 Update list
107
Title: Secure UNIX
Author: Samalin, Samuel
Publication date:1997
Opinion: to be added soon
108
Title: E-commerce security
Author: Gnosh, Anup
Publication date:1998
Opinion: to be added soon
109
Title: Security Engineering: A Guide to Building Dependable Distributed Systems
Author: Anderson, Ross
Publication date:2001
Opinion: plan to read, recommended for CISSP study
110
Title: Hack Attacks Revealed: A Complete Reference With Custom Security Hacking Toolkit
Author: Chirillo , John
Publication date:2001
Opinion: plan to read
111
Title: Surviving Security: How to Integrate People, Process & Technology
Author: Andress, Mandy
Publication date:2001
Opinion: plan to read, about creating a security infrastructure
112
Title: Hacking Exposed: Linux Edition
Author: McClure, Stuart et al
Publication date: 2001
Opinion: plan to read
113
Title: Intrusion Signatures and Analysis
Author: Northcutt, Stephen, Cooper, Mark, Fearow, Matt , and Federick, Karen
Publication date: 2001
Opinion: plan to read
114
Title: Cisco Secure Internet Security Solutions
Author: Mason, Andrew G., Newcomb, Mark J.
Publication date: 2001
Opinion: plan to read
115
Title: Hack Proofing Your E-commerce Site: The Only Way To Stop A Hacker Is To Think Like One
Author: Russell, Ryan and Cunningham, Stace
Publication date: 2001
Opinion: plan to read
116
Title: White-Hat Security Arsenal: Tackling the Threats
Author: Rubin, Aviel D.
Publication date: 2001
Opinion: plan to read
117
Title: CERT© Guide to System and Network Security Practices
Author: Allen, Julia H.
Publication date: 2001
Opinion: plan to read
118
Title: Inside Internet Security: What Hackers Don't Want You to Know
Author: Crume, Jeff
Publication date: 2001
Opinion: plan to read
119
Title: Active Defense: A Comprehensive Guide To Network Security
Author: Chris Brenton, Cameron Hunt
Publication date: 2001
Opinion: plan to read
120
Title: RSA Security's Official Guide To Cryptography
Author: Steve Burnett and Steve Paine
Publication date: 2001
Opinion: plan to read
121
Title: Information Security Architecture: An Integrated Approach to Security in the Organization
Author: Jan Killmeyer Tudor
Publication date: 2001
Opinion: plan to read
122
Title: Cisco Security Architectures
Author: Gilbert Held and Kent Hundley
Publication date: 1999
Opinion: plan to read

123
Title: Tales of Digital Crime from the Shadows of Cyberspace
Author: Richard Power
Publication date: 2000
Opinion: plan to read

124
Title: Cybershock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists and Weapons of Mass Disruption
Author: Winn Schwartau
Publication date: 2001
Opinion: plan to read

125
Title: Secrets and Lies: Digital Security in a Networked World
Author: Bruce Schneier
Publication date: 2000
Opinion: really cool book, reads as easy as fiction - and then you suddenly remember - "it is all true!"

126
Title: Cisco IOS Network Security
Author: Cisco Systems
Publication date: 1998
Opinion: plan to read

127
Title:Rethinking Public Key Infrastructures and Digital Certificates
Author: Stefan A. Brands
Publication date: 2000
Opinion: plan to read

128
Title: Java Cryptography
Author: Jonathan Knudsen
Publication date: 1998
Opinion: plan to read

129
Title: PGP : Pretty Good Privacy
Author: Simson Garfinkel
Publication date: 1994
Opinion: plan to read

130
Title: Internet Cryptography
Author: Richard E. Smith
Publication date: 1997
Opinion: plan to read

131
Title: Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design
Author: Electronic Frontier Foundation, John Gilmore
Publication date: 1998
Opinion: plan to read

132
Title: Stopping Spam
Author: Alan Schwartz, Debby Russell, Simson Garfinkel
Publication date: 1998
Opinion: plan to read

133
Title: E-Mail Security : How to Keep Your Electronic Messages Private
Author: Bruce Schneier
Publication date: 2001
Opinion: plan to read

134
Title: Oracle Security
Author: William Heney, Marlene L. Theriault, Debby Russell
Publication date: 2001
Opinion: plan to read

135
Title: Oracle Security Handbook
Author: Marlene L. Theriault, Aaron Newman
Publication date: 2001
Opinion: plan to read

136
Title: Microsoft Windows Nt 4.0 Security, Audit, and Control
Author: James G. Jumes, Neil F. Cooper, Paula Chamoun, Tood M. Feinman, Todd M. Feinman
Publication date: 1998
Opinion: plan to read

137
Title: Unix Secure Shell
Author: Anne H. Carasik
Publication date: 1999
Opinion: plan to read

138
Title: UNIX System Security Tools
Author: Seth T. Ross
Publication date: 1999
Opinion: plan to read

139
Title: Windows NT Security: A Practical Guide to Securing Windows Nt Servers and Workstations
Author:  Charles B. Rutstein
Publication date: 199x
Opinion: plan to read

140
Title: PKI: A Wiley Tech Brief
Author: Thomas Austin, Tom Austin
Publication date: 2000
Opinion: plan to read

141
Title: Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption
Author: Warwick Ford, Michael S. Baum
Publication date: 2000
Opinion: plan to read

142
Title: Creating and Implementing Virtual Private Networks: The All-encompassing Resource for Implementing VPNs
Author: Casey Wilson, Peter Doak
Publication date: 1999
Opinion: plan to read

143
Title: Virtual Private Networks: Technologies and Solutions
Author: Ruixi Yuan, W. Timothy Strayer
Publication date: 2001
Opinion: plan to read

144
Title: Bigelow's Virus Troubleshooting Pocket Reference
Author: Ken Dunham
Publication date: 2000
Opinion: plan to read

145
Title: Computer Security Handbook
Author: Arthur E. Hutt, Seymour Bosworth, Douglas B. Hoyt
Publication date: 1995
Opinion: plan to read

146
Title: The Internet Security Guidebook
Author: Juanita Ellis, Timothy Speed
Publication date: 2001
Opinion: plan to read

147
Title: Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses
Author: Ed Skoudis
Publication date: 2001
Opinion: very interesting, especialy about covert channels and attack scenario analysis

148
Title: Incident Response: Investigating Computer Crime
Author: Chris Prosise, Kevin Mandia
Publication date: 2001
Opinion: extremely good, see my review
here

149
Title: Security Architecture: Design, Deployment and Operations
Author: Christopher King, Ertem Osmanoglu, Curtis Dalton
Publication date: 2001
Opinion: great book, not very fun, but useful for the infrastructure planning stage, my review to be posted soon

150
Title: Security Transformation: Digital Defense Strategies to Protect your Company's Reputation and Market Share
Author: Mary Pat McCarthy, Stuart Campbell, Rob Brownstein
Publication date: 2001
Opinion: plan to read

151
Title: The CISSP Prep Guide: Mastering the Ten Domains of Computer Security
Author: Ronald Krutz , Russell Dean Vines
Publication date: 2001
Opinion: will buy soon for CISSP prep, review to be posted

152
Title: The CERT Guide to System and Network Security Practices
Author: Julia H. Allen
Publication date: 2001
Opinion: plan to read

153
Title:  Cisco Secure Intrusion Detection System
Author: Earl Carter, Rick Stiffler
Publication date: 2001
Opinion: plan to read

154
Title:  White Hat Security Arsenal
Author: Aviel D. Rubin
Publication date: 2001
Opinion: plan to read

155
Title:  Web Security, Privacy and Commerce
Author: Simson Garfinkel, Gene Spafford, Debby Russell
Publication date: 2001
Opinion: plan to read

156
Title:  Hackers Beware
Author: Eric Cole
Publication date: 2001
Opinion: plan to read

157
Title:  The CISSP® Prep Guide: Mastering the Ten Domains of Computer Security
Author: Ronald L. Krutz, Russell Dean Vines
Publication date: 2001
Opinion: plan to read, reported to be the best book for CISSP exam preparation
Information: 556 pages

158
Title:  Cryptography Decrypted
Author: H.X. Mel & Doris Baker
Publication date: 2001
Opinion: plan to read
Information: 384 pages

159
Title: Information System Security
Author: M. Fites, P. Kratz
Publication date: 2001
Opinion: plan to read, available online for a fee ($15) at
here

160
Title: Hack Proofing Sun Solaris 8
Author: Wyman Miles, Ed Mitchell, F. William Lynch, Randy Cook (Editor) et al
Publication date: 2001
Opinion: plan to read

161
Title:  Building Secure Software: How to Avoid Security Problems the Right Way
Author: John Viega, Gary McGraw
Publication date: 2001
Opinion: plan to read
Information: 528 pages

162
Title:  Electronic Warfare for the Digitized Battlefield
Author: Michael R. Frater, Michael Ryan
Publication date: 2001
Opinion: plan to read
Information: 282 pages

163
Title:  The Fundamentals of Network Security
Author: John E. Canavan
Publication date: 2001
Opinion: plan to read
Information: 350 pages

164
Title:  Security Transformation
Author: Mary McCarthy, Stuart Campbell, Rob Brownstein
Publication date: 2001
Opinion: sounds like a huge eWeek article, not too much fun, but has some insights on security strategy. Probably Ok for pushing security to management

165
Title:  CISSP Exam Cram
Author: Mandy Andress
Publication date: 2001
Opinion: plan to read, recommened for CISSP, critical review
here
Information: 296 pages

166
Title:  ll-in-one: CISSP Certification Exam Guide
Author: Shon Harris
Publication date: 2001
Opinion: plan to read

167
Title: CISSP Examination Textbooks
Author: S. Rao Vallabhaneni
Publication date: 2000
Opinion: do not plan to read, the most criticized CISSP books ever published

168
Title:  Security in Computing
Author: Charles P. Pfleeger
Publication date: 1996
Opinion: plan to read

169
Title:  Effective Physical Security
Author: Lawrence J. Fennelly
Publication date: 2001
Opinion: plan to read, suggested for CISSP exam

170
Title:  Hack Proofing Your Web Applications
Author: Julie Traxler, Jeff Forristal, Ryan Russell
Publication date: 2001
Opinion: plan to read

171
Title: Essential Check Point Firewall-1
Author: Dameon D. Welch-Abernathy
Publication date: 2002
Opinion: plan to read

172
Title:  Access Denied: The Complete Guide to Protecting Your Business Online
Author: Cathy Cronkhite, and Jack McCullough
Publication date: 2001
Opinion: plan to read

173
Title:  Security, Rights, and Liabilities in E-Commerce
Author: Jeffrey H. Matsuura
Publication date: 2001
Opinion: plan to read

174
Title: Internet & Intranet Security
Author: Rolf Oppliger
Publication date: 2001
Opinion: plan to read

175
Title:  De-Mystifying the IPsec Puzzle
Author: Sheila Frankel
Publication date: 2001
Opinion: plan to read

176
Title:  Non-repudiation in Electronic Commerce
Author: Jianying Zhou
Publication date: 2001
Opinion: plan to read

177
Title:  Security Fundamentals for E-Commerce
Author: Vesna Hassler
Publication date: 2001
Opinion: plan to read

178
Title:  Computer Forensics: Computer Crime Scene Investigation
Author: John R. Vacca
Publication date: 2001
Opinion: plan to read

179
Title:  Cyber Crime Investigator's Field Guide
Author: Middleton, Bruce
Publication date: 2001
Opinion: plan to read

180
Title:  Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes
Author: Albert J., Jr Marcella, and Robert S. Greenfield
Publication date: 2001
Opinion: plan to read

181
Title:  Computer Forensics and Privacy
Author: Michael Caloyannides
Publication date: 2001
Opinion: plan to read

182
Title:  Computer Forensics : Incident Response Essentials
Author: Jay G. Heiser, Warren G. Kruse II
Publication date: 2001
Opinion: plan to read, must be good due to author's list

183
Title:  Hacker's Challenge
Author: Mike Schiffman
Publication date: 2002
Opinion: Well, what can I say? THE BEST security book I ever read! highly recommended, my review published
here


Visit my infosecurity information portal http://www.info-secure.org

Online guides/books

1
Title: IT Baseline Protection Manual
Author: BSI
Link:http://www.bsi.bund.de/gshb/english/etc/inhalt.htm
Last updated: 6 April 2000
Opinion: to be added soon

2
Title: The IT Security Cookbook
Author: Boran Consulting
Link:http://www.boran.com/security/
Last updated: 4 April 2000
Opinion: to be added soon

3
Title: Linux Administrator's Security Guide
Author: Seifried, Kurt
Link:http://www.securityportal.com/lasg/
Last updated: daily
Opinion: to be added soon

4
Title: Trust and Risk in Internet Commerce
Author: Camp, L. Jean
Link:http://www.ksg.harvard.edu/people/jcamp/trustRisk/index.html
Last updated: 29 Nov 1999
Opinion: to be added soon

5
Title: Cryptographic software solutions and how to use them.
Author: Seifried, Kurt
Link:http://www.securityportal.com/research/cryptodocs/basic-book/
Last updated: October 2000
Opinion: to be added soon

6
Title: A Cryptographic Compendium
Author: Savard, John
Link:http://fn2.freenet.edmonton.ab.ca/~jsavard/crypto/entry.htm/
Last updated: October 2000
Opinion: to be added soon

7
Title: Securing and Optimizing RedHat Linux
Author: Mourani, Gerhard
Link:http://www.openna.com/books/Securing-Optimizing-Linux-RH-Edition-1_3.pdf
Last updated: June 2000
Opinion: to be added soon

8
Title: The Computer Security Handbook of CIT
Author: NIH
Link:http://www.cit.nih.gov/security/handbook.html
Last updated: ???
Opinion: to be added soon

9
Title: Secure Programming for Linux and Unix HOWTO
Author: David A. Wheeler
Link:http://www.dwheeler.com/secure-programs
Last updated: 3 March 2003
Opinion: really nice, easy to read and comprehensive resource on good security programming practices


Visit my infosecurity information portal http://www.info-secure.org
Know a book that is related to the field and is of interest? Share your knowledge and email it to me. I would mention it on this page and maybe read and review it or post your review (or link to it)!
If you got here from the search engine click here to go to my main page!!
Here is another useful resource I created: HOWTO about Linux-based ISP
Visit my infosecurity information portal http://www.info-secure.org
Copyright 1999,2000,2001 Anton A. Chuvakin
The opinions expressed on this page are those of Anton A. Chuvakin and have nothing to do with those of my employer and may have no basis whatsoever in fact.

with the help from Anton Chuvakin

Last modified: Tue Dec 06 22:50:55 Eastern Standard Time 2005