Anton Chuvakin, Ph.D., GCIA, GCIH and Dr. Cyrus Peikari
"Security Warrior" book page

Download book's table of contents and sample chapters:

Links to the book materials and code:

Links to the book errata:

Links to selected book reviews:

About authors:

Here is some information about us, the authors. Anton Chuvakin is a Senior Security Analyst with a major security information management company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time he maintains his security portal http://www.info-secure.org. Cyrus Peikari is a founder of Airscanner.com and author of many security books and articles. If you have a question or a comment about the book, feel free to email us!

Anton Chuvakin also has a security weblog @ O'Reilly . Cyrus Peikari has a blog on InformIT (here is the link to the blog [XML].

Other book related information:

(01/12/2004) We are featured on SecurityBooks.org. Book description there is really cool.

(03/01/2004) Here is a fun interview with me about "Security Warrior". I talk about Linux security.

(03/08/2004)The book is featured on Slashdot!

(03/08/2004)We beat "Hacking Exposed" in the Amazon's Security bestseller list!

(04/14/2004)More great reviews are posted!

(04/28/2004)We are the #8 best-selling O'Reilly book this week!!!

(04/28/2004)Check out this neat press-release about our book!

(07/01/2004)I am amazed about how many great reviews the book has received!!!

(07/07/2004)Our book is being translated into German and Japanese! Really cool!!!

Buy the book at Amazon:

Authors' Other Security Publications

Here is some other material Anton Chuvakin wrote on security. A part of it was actually used for book research. Look for Cyrus Peikari publications here.
UNIX/Linux Security
Vulnerability Analysis

Hack-of-the-Week series  takes a recent vulnerability in some popular operating system or other software and studies it. Realistic exploit scenarios are developed, and suggested ways of mitigating risks are considered and new ones proposed [published at SecurityWatch]

Other vulnerability and penetration testing articles 
  • (05/01/2002) "Standardizing Penetration Testing" Gives an outlines of popular penetration testing methodology (OSSPTMM) and challenges with standartizing penetration testing. [published at SC Magazine web portal] 
  • (04/22/2003) "Covert Channels" A modern review of network covert channeling methods which compares them with classic "Rainbow Series" covert channles on secure operating systems [submitted for publication] 
Application security
VPN, IPSec and encryption
  • (08/2001) "Future IP Security" outlines the future of IP addressing (IPv6) and focuses on the security components of next generation IP services (IPsec) [published at SecurityWatch] 
Malicious hacker attacks
Policy and people issues of information security
  • (03/20/2001) "NLP-powered Social Engineering Attacks" describes a scary way of performing Social Engineering attacks based on powerful NLP persuasion technology [published at SecurityFocus] 
  • (08/2001) "Internal attacks: Doom of Information Security" Research report on internal security breaches, attacker motivations, various countermeasures and their relative efficiency [published in the Journal of Information Security (CRC)] 
Security Tools and Intrusion Detection
Honeypots and honeynets
Security Data Analysis
Enterprise Security Management
Security Basics and FAQs
  • (09/2001) "Secure Shell (SSH): a brief guide" Brief guide to many of the Secure Shell features with command samples and Linux/Windows configuration tips [local copy] 
  • (11/05/2001) "Basic Security Checklist for Home and Office Users" A concise checklist of many important things that company and home computer users should be convinced to do. It will drastically increase the level of security at very low cost (can be used for enterprise basic security awareness program) [published at SecurityFocus] 
Information Security FAQs
Digital risks
  • (09/2001) "Digital risks taxonomy" A diagram that structures digital risks (such as hacking, Do, etc) in the form useful for impact assessment for the purposes of insurance [local copy] 
  • (09/2001) "Impacts of digital risks on enterprise" [under development] 
  • (12/05/2001) "Infrastructure Protection: Infosec Perspective" The paper covers issues in critical infrastructure protection and information security, lists several focus areas that need efforts and summarizes the results of recent meeting in New England on infrastructure protection. [published at SC Magazine web portal] 
  • (11/11/2001) "Protecting New England: A Call to Action" The paper summarizes the results of joint meeting on critical infrastructure protection in New England and infosecurity community role in increasing information sharing [published at ISSA web site in PDF format] 

Updated by Anton Chuvakin
Last updated Tue Jan 27 02:12:04 EST 2004