Authors: James Michael Stewart. Ed Tittel. Mike Chapple.
Paperback, 800 pages
Publisher: Sybex
Publication Date: 2005-09-09
Edition: 3

Reviews :

    CISSP Certified Information Systems Security Professional Study Guide

Here's the book you need to prepare for the challenging CISSP exam from (ISC)¯2. This third edition was developed to meet the exacting requirements of today's security certification candidates, and has been thoroughly updated to cover recent technological advances in the field of IT security. In addition to the consistent and accessible instructional approach that readers have come to expect from Sybex, this book provides:

• Clear and concise information on critical security technologies and topics
• Practical examples and insights drawn from real-world experience
• Expanded coverage of key topics such as biometrics, auditing and accountability, and software security testing
• Leading-edge exam preparation software, including a testing engine and electronic flashcards for your PC, Pocket PC, and Palm handheld

You'll find authoritative coverage of key exam topics including:

• Access Control Systems & Methodology
• Applications & Systems Development
• Business Continuity Planning
• Cryptography
• Law, Investigation, & Ethics
• Operations Security & Physical Security
• Security Architecture, Models, and Management Practices
• Telecommunications, Network, & Internet Security

...

Authors: Edward Waltz.
Hardcover, 397 pages
Publisher: Artech House Publishers
Publication Date: 1998-08


Reviews :

   

Here's a systems engineering-level introduction to the growing field of Information Warfare (IW) -- the battlefield where information is both target and weapon. This book provides an overview of rapidly emerging threats to commercial, civil, and military information systems -- and shows how these threats can be identified and systems protected. This is the first book to detail the component principles, technologies, and tactics critical to success in the three key areas of IW: Information Dominance, Information Defense, and Information Offense....

Authors: Ryan C. Barnett.
Paperback, 624 pages
Publisher: Addison-Wesley Professional
Publication Date: 2006-02-06


Reviews :

    "Ryan Barnett has raised the bar in terms of running Apache securely. If you run Apache, stop right now and leaf through this book; you need this information." --Stephen Northcutt, The SANS Institute The only end-to-end guide to securing Apache Web servers and Web applications Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won't protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you'll need to do that: step-by-step guidance, hands-on examples, and tested configuration files. Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and your underlying OS; Apache downloading, installation, and configuration; application hardening; monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured "in the wild." For every sysadmin, Web professional, and security specialist responsible for Apache or Web application security. With this book, you will learn to *Address the OS-related flaws most likely to compromise Web server security *Perform security-related tasks needed to safely download, configure, and install Apache *Lock down your Apache httpd.conf file and install essential Apache security modules *Test security with the CIS Apache Benchmark Scoring Tool *Use the WASC Web Security Threat Classification to identify and mitigate application threats *Test Apache mitigation settings against the Buggy Bank Web application *Analyze an Open Web Proxy Honeypot to gather crucial intelligence about attackers *Master advanced techniques for detecting and preventing intrusions...

Authors: Sean Smith. John Marchesini.
Paperback, 592 pages
Publisher: Addison-Wesley Professional
Publication Date: 2007-12-01
Edition: 1

Reviews :

   

"I believe The Craft of System Security is one of the best software security books on the market today. It has not only breadth, but depth, covering topics ranging from cryptography, networking, and operating systems--to the Web, computer-human interaction, and how to improve the security of software systems by improving hardware. Bottom line, this book should be required reading for all who plan to call themselves security practitioners, and an invaluable part of every university's computer science curriculum."
--Edward Bonver, CISSP, Senior Software QA Engineer, Product Security, Symantec Corporation

"Here's to a fun, exciting read: a unique book chock-full of practical examples of the uses and the misuses of computer security. I expect that it will motivate a good number of college students to want to learn more about the field, at the same time that it will satisfy the more experienced professional."
--L. Felipe Perrone, Department of Computer Science, Bucknell University

Whether you're a security practitioner, developer, manager, or administrator, this book will give you the deep understanding necessary to meet today's security challenges--and anticipate tomorrow's. Unlike most books, The Craft of System Security doesn't just review the modern security practitioner's toolkit: It explains why each tool exists, and discusses how to use it to solve real problems.

After quickly reviewing the history of computer security, the authors move on to discuss the modern landscape, showing how security challenges and responses have evolved, and offering a coherent framework for understanding today's systems and vulnerabilities. Next, they systematically introduce the basic building blocks for securing contemporary systems, apply those building blocks to today's applications, and consider important emerging trends such as hardware-based security.

After reading this book, you will be able to

• Understand the classic Orange Book approach to security, and its limitations
• Use operating system security tools and structures--with examples from Windows, Linux, BSD, and Solaris
• Learn how networking, the Web, and wireless technologies affect security
• Identify software security defects, from buffer overflows to development process flaws
• Understand cryptographic primitives and their use in secure systems
• Use best practice techniques for authenticating people and computer systems in diverse settings
• Use validation, standards, and testing to enhance confidence in a system's security
• Discover the security, privacy, and trust issues arising from desktop productivity tools
• Understand digital rights management, watermarking, information hiding, and policy expression
• Learn principles of human-computer interaction (HCI) design for improved security
• Understand the potential of emerging work in hardware-based security and trusted computing

...

Authors: Cherie Amon. Thomas W. Shinder. Anne Carasik-Henmi.
Paperback, 1360 pages
Publisher: Syngress
Publication Date: 2003-06
Edition: 1

Reviews :

    This book is essential reading for anyone wanting to protect Internet-connected computers from unauthorized access. Coverage includes TCP/IP, setting up firewalls, testing and maintaining firewalls, and much more. All of the major important firewall products are covered including Microsoft Internet Security and Acceleration Server (ISA), ISS BlackICE, Symantec Firewall, Check Point NG, and PIX Firewall. Firewall configuration strategies and techniques are covered in depth.

The book answers questions about firewalls, from How do I make Web/HTTP work through my firewall? To What is a DMZ, and why do I want one? And What are some common attacks, and how can I protect my system against them?

The Internet's explosive growth over the last decade has forced IT professionals to work even harder to secure the private networks connected to it-from erecting firewalls that keep out malicious intruders to building virtual private networks (VPNs) that permit protected, fully encrypted communications over the Internet's vulnerable public infrastructure.

The Best Damn Firewalls Book Period covers the most popular Firewall products, from Cisco's PIX Firewall to Microsoft's ISA Server to CheckPoint NG, and all the components of an effective firewall set up.

Anything needed to protect the perimeter of a network can be found in this book.

- This book is all encompassing, covering general Firewall issues and protocols, as well as specific products.
- Anyone studying for a security specific certification, such as SANS' GIAC Certified Firewall Analyst (GCFW) will find this book an invaluable resource.
- The only book to cover all major firewall products from A to Z: CheckPoint, ISA Server, Symatec, BlackICE, PIX Firewall and Nokia....

Authors: Chris Hurley. Russ Rogers. Frank Thornton. Daniel Connelly. Brian Baker.
Paperback, 504 pages
Publisher: Syngress
Publication Date: 2006-10-31
Edition: 1

Reviews :

    WarDriving and Wireless Penetration Testing brings together the premiere wireless penetration testers to outline how successful penetration testing of wireless networks is accomplished, as well as how to defend against these attacks. As wireless networking continues to spread in corporate and government use, security experts need to become familiar with the methodologies, tools, and tactics used by both penetration testers and attackers to compromise wireless networks and what they can do to both accomplish their jobs as penetration testers and how to protect networks from sophisticated attackers. WarDriving and Wireless Penetration Testing brings together the premiere wireless penetration testers to outline how successful penetration testing of wireless networks is accomplished, as well as how to defend against these attacks....

Authors: Larry Chaffin.
Paperback, 552 pages
Publisher: Syngress
Publication Date: 2006-08-18


Reviews :

    This is the only book you need if you are tasked with designing, installing, configuring, and troubleshooting a converged network built with Nortel's Multimedia Concentration Server 5100, and Multimedia Communications Portfolio (MCP) products. With this book, you'll be able to design, build, secure, and maintaining a cutting-edge converged network to satisfy all of your business requirements.

This book begins with a discussion of the current protocols used for transmitting converged data over IP as well as an overview of Nortel's hardware and software solutions for converged networks. In this section, readers will learn how H.323 allows dissimilar communication devices to communicate with each other, and how SIP (Session Initiation Protocol) is used to establish, modify, and terminate multimedia sessions including VOIP telephone calls. The next sections introduce the reader to the Multimedia Concentration Server 5100, and Nortel's entire suite of Multimedia Communications Portfolio (MCP) products. The following chapters of the book teach the reader how to design, install, configure, and troubleshoot the entire Nortel product line including coverage of i2004 IP Phones, PC Client, Personal Agent, Call Pilot, and Meet Me. The next section of the book details advanced and configurations and troubleshooting scenarios including wireless deployments. In the final chapter, you will learn to secure your entire multimedia network from malicious attacks.

...

Authors: Arup Nanda. Donald Burleson.
Paperback, 655 pages
Publisher: Rampant Techpress
Publication Date: 2003-12-01


Reviews :

    ...

Authors: Kathy Rockel.
Paperback, 150 pages
Publisher: Lippincott Williams & Wilkins
Publication Date: 2005-08-01


Reviews :

    ...

Authors: Jess Garms. Daniel Somerfield.
Paperback, 521 pages
Publisher: Wrox Press
Publication Date: 2001-05
Edition: 1st

Reviews :

    Security is of huge importance to the computing industry - the growth in e-commerce has brought the topic from the shadows of high-level specialists into the public eye. Nowadays breaches in security for B2C based e-tailers are big news, and damage not only the reputation of the individual organization, but also confidence in the industry as a whole.

Computer security covers a multitude of areas ranging from low-level operating system security to higher-level application security. This book concentrates on the latter, and will show you how to protect your applications with cryptography and the Java security model. Beginning with simple examples and clear descriptions of different cryptography approaches, such as symmetric and asymmetric encryption, the book will build in complexity, through consideration of public key infrastructure and SSL, to provide a comprehensive set of solutions for the enterprise Java developer. ...

    For any developer who needs to understand and use Java's considerable built-in support for encryption and security standards, Professional Java Security delivers a capable guide to both the theoretical and practical aspects of implementing security on the Java platform. With a concise presentation that moves well and covers a wide range of topics, this book fills an extremely valuable niche for any working Java programmer.

Classic titles on encryption and cryptography (such as Bruce Schneier's Applied Cryptography: Protocols, Algorithms, and Source Code in C) look at security from the ground up as if developers needed to write everything themselves. The good news is that with features like the Java Cryptography Architecture (JCA) and the Java Cryptography Extension (JCE), Java security is standard equipment with today's Java 2 platform. This book does a great job at giving a quick overview of the way today's encryption algorithms (including symmetric and asymmetric encryption, hash functions, and digital certificates) work, along with the way to apply them in Java. The authors anchor the theory here with practical explanation and code for using such encryption algorithms as Blowfish and RSA, plus using digital signatures and certificates and tapping SSL for secure communications over the Internet.

While books on cryptography usually describe protocols with anonymous players (with names like Alice, Bob, and the like), the authors here use more imagination, retelling a scene from Shakespeare's Hamlet in which King Claudius sends a message via Rosenkrantz and Guildenstern to do away with Hamlet. No, you don't need to have read the play to understand, but this scenario and its permutations highlight in a more entertaining fashion than other titles the issues in secure communications and the ways things can go wrong.

More advanced material on securing JDBC database connections, and even on how to create custom encryption algorithms and plug them into the JCE, will let the more expert reader do more. (The authors demonstrate this latter process with sample code that implements the well-known RSA encryption algorithm.) For the busy working Java developer, coverage of the basics here will let you implement security in Java without having to reinvent the proverbial wheel. Smart, concise, and extremely useful, Professional Java Security is a truly valuable resource for creating secure Java applications with features that every working Java developer will want to know about and use. --Richard Dragan

Topics covered: Overview of enterprise security issues, defining a security policy, Java security features, support for security in Java code (accessibility, serialization, sealed JAR files, and privileged code), introduction to cryptography and encryption, introduction to symmetric and asymmetric encryption, authentication, the Java Cryptography Architecture (JCA), the Java Cryptography Extension (JCE), symmetric encryption with Java (including password-based encryption, ciphers, and sealed objects), asymmetric encryption in Java (including file encryption with RSA), message digests, digital signatures, digital certificates, signing JAR files (permissions and applets), additional security in Java with servlets and EJB, the Java Authentication and Authorization Service (JAAS), using SSL in Java applications, securing JDBC database connections, case study for a secure online banking application, building a custom JCE provider (using the RSA algorithm), additional security techniques (securing e-mail, timestamping, secure logging, using a nonce), and quick reference for using MySQL with JDBC....