Well, I said I'd do it, and I have. Here are some of the books and topics I
pass on to people I meet wanting to know what I recommend by way of security
reading. With the exception of the Northcutt books, I have done extensive
reading with all of the books I list before recommending them. There are
plenty more books worth getting, and if people are interested in my comments
on these books, or want more books for a given topic, let me know and I'll
work on expanding the list. There are certainly more books worth listing,
but I have used this list as a general starting point when people ask my
advice. I'll wait for comments/response before going any further with this.
Note that I am by no means a security expert. I am, however, an avid
reader, and have picked up a fair bit of knowledge from reading that ended
up being very useful when I finally got a job as a security engineer. I
always recommend a similar course for those looking to get into security -
read plenty and try to worm your way into a job once you know a bit.
For book purchases, I recommend http://www.bookpool.com/ and
http://www.bestbuybooks.com/ for US purchasers. Outside the states, I don't
know where the best prices are.
========================
Firewalls:
----------
Building Internet Firewalls - Zwicky, et al
IDS:
----
Network Intrusion Detection: An Analysts' Handbook - Northcutt
Intrusion Signatures and Analysis - Northcutt
Networking:
-----------
TCP/IP Illustrated, Volume I- Stevens, Wright
Internetworking with TCP/IP, Volume I - Comer
Computer Networks - Tanenbaum
Vulnerability Testing:
----------------------
Hacking Exposed - Scambray, et al
General Security:
-----------------
Practical Unix and Internet Security - Garfinkel, Spafford
Cryptography:
-------------
Applied Cryptography - Schneier
Forensics:
----------
??? - I have done no reading on Forensics. Suggestions?
Web sites:
----------
http://www.google.com/ -- excellent search engine
http://www.securityfocus.com/ -- security news and education
http://www.sans.org/ -- security training and reading
========================
Randy Graham
--
You're kind of trying to pick between "horible disaster" and "attrocious
disaster" -- Paul D. Robertson (on VNC vs. PPTP)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
