Eikonal Blog

2010.10.19

Infosec books

Filed under: books, infosec — Tags: , — sandokan65 @ 12:58
  • Book: Enterprise Security For the Executive – https://eikonal.wordpress.com/2010/01/07/book-enterprise-security-for-the-executive/
  • “Strategic Cyber Security” by Kenneth Geers (NATO; 2011) – http://www.ccdcoe.org/278.html [FREE: PDF, ePUB]
      The book argues that computer security has evolved from a technical discipline to a strategic concept. The world’s growing dependence on a powerful but vulnerable Internet – combined with the disruptive capabilities of cyber attackers – now threatens national and international security.

      Strategic challenges require strategic solutions. The author examines four nation-state approaches to cyber attack mitigation:

      • Internet Protocol version 6 (IPv6)
      • Sun Tzu’s Art of War
      • Cyber attack deterrence
      • Cyber arms control

      The four threat mitigation strategies fall into several categories. IPv6 is a technical solution. Art of War is military. The third and fourth strategies are hybrid: deterrence is a mix of military and political considerations; arms control is a political/technical approach.

      The Decision Making Trial and Evaluation Laboratory (DEMATEL) is used to place the key research concepts into an influence matrix. DEMATEL analysis demonstrates that IPv6 is currently the most likely of the four examined strategies to improve a nation’s cyber defence posture.

      There are two primary reasons why IPv6 scores well in this research. First, as a technology, IPv6 is more resistant to outside influence than the other proposed strategies, particularly deterrence and arms control, which should make it a more reliable investment. Second, IPv6 addresses the most significant advantage of cyber attackers today – anonymity.


Misc

This should be titled “some infosec books” – namely the infosec books that I have recently read or used.

SQL Injection Attacks and Defense “SQL Injection Attacks and Defense” by Justin Clarke

Amazon – http://www.amazon.com/gp/product/1597494240/
The Web Application Hacker's Handbook “The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws” by Dafydd Stuttard, Marcus Pinto

Amazon – http://www.amazon.com/gp/product/0470170778/
The Database Hacker's Handbook “The Database Hacker’s Handbook: Defending Database Servers” by David Litchfield, Chris Anley, John Heasman, Bill Grindlay

Amazon – http://www.amazon.com/gp/product/0764578014/ref=cm_li_v_cr_self?tag=linkedin-20
Netcat Power Tools “Netcat Power Tools” by Jan Kanclirz, Brian Baskin, Thomas Wilhelm

Amazon – http://www.amazon.com/gp/product/1597492574/r
Network Security Assessment “Network Security Assessment: Know Your Network” by Chris McNab; O’Reilly 2004.03; ISBN: 0-596-00611-X

Recommended: Very good complement to Horton’s and Mugge’s “HackNotes Network Security Portable Reference”. It would be nice to be able to cross-pollinate these two books into one useful tome.

Network Security Hacks “Network Security Hacks: Tips & Tools for Protecting Your Privacy” by Andrew Lockhart et al.; O’Reilly; 1st ed 2004.04, 2nd ed 2006.11; ISBN 10: 0-596-52763-2, ISBN 13: 978-0-596-52763-1.

Recommended: Very good guide to hardening of common network/server platforms, both the first and the second editions.

HackNotes(tm) Web Security Pocket Reference “HackNotes(tm) Web Security Pocket Reference” by Mike Shema\

Amazon – http://www.amazon.com/gp/product/0072227842/
HackNotes(tm) Windows Security Portable Reference “HackNotes(tm) Windows Security Portable Reference” by Michael O’Dea; McGraw-Hill/Osborne 2004; ISBN 0-07-222785-0.

Recommended

HackNotes(tm) Linux and Unix Security Portable Reference “HackNotes(tm) Linux and Unix Security – Portable Reference” by Nitesh Dhanjani; McGraw-Hill/Osborne 2004; ISBN 0-07-222786-9.

Recommended.

HackNotes(tm) Network Security Portable Reference “HackNotes(tm) Network Security Portable Reference” by Michael Horton, Clinton Mugge; McGraw-Hill/Osborne 2004; ISBN 0-07-222783-4.

Recommended: Most delicious little book of how-to’s for network and host security assessment. I wish I can get the plain text of that book and annotate it with all the notes and new tools that appeared since publication.

Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast “Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast” by Paco Hope, Ben Walther

Amazon – http://www.amazon.com/gp/product/0596514832/

Book has several chapters on interesting tools, but overall it is not going into sufficient depth in any of its subjects.
Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition “Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition” by Stuart McClure, Joel Scambray, George Kurtz

Amazon – http://www.amazon.com/gp/product/0071613749/
The Best of 2600, Collector's Edition: A Hacker Odyssey “The Best of 2600, Collector’s Edition: A Hacker Odyssey” by Emmanuel Goldstein

Amazon – http://www.amazon.com/gp/product/0470458534/ref=cm_li_v_cr_self?tag=linkedin-20

Comment: Being reader of the magazine for last couple of years, I have come to expect more specific information from this compilation. Impressive in volume, book is very informative on the history and the problem solving (aka “hacking”) mindset. However, I have found hard to read majority of included articles – they impressed me as a mixture of Gibson’s cyber-punk and of puerile boasting. I do not recommend this book.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning “Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning” by Gordon Fyodor Lyon

Amazon – http://www.amazon.com/gp/product/0979958717/

There exist many other collections/lists of books in this domain. Some are:


Similar at this blog: Book: Enterprise Security For the Executive – https://eikonal.wordpress.com/2010/01/07/book-enterprise-security-for-the-executive/ | Infosec pages at this blog – https://eikonal.wordpress.com/2011/05/17/information-security-sites/ | Infosec online (= infosec sites) – https://eikonal.wordpress.com/2010/02/01/infosec-online/

3 Comments »

  1. […] – https://eikonal.wordpress.com/2010/03/28/physics-books-online/ | Infosec books – https://eikonal.wordpress.com/2010/10/19/infosec-books/ | Toward a New Alexandria Library – […]

    Like

    Pingback by Books online « Eikonal Blog — 2011.09.21 @ 10:56


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: