Inside Internet Security: What Hackers Don't Want You to Know

Just go to the e-business website at ibm.com/e-businessand fill in your postal details.This is part of their promotional drive to help entrepreneurs get on the IT gravy train.

Not too technical, but very informative. Allows the reader to peer into the hacker's mindset and gives the Network Administrator the upper hand. Proactive, practical advice you'll need since the future of IT favors the "black-hat hacker".Includes short tutorials on cryptography and VPNs. Very basic, but a good introduction.

Inside Internet Security: What Hacker's Don't Want You To Know is a practical, "user friendly" guide to designing and administering a corporate or e-business computer network so as to avoid or minimize unauthorized access. Jeff Crume draws upon his 18 years of experience as a programmer, software designer and IT security specialist to offer the reader practical hands-on advice on securing networked systems; security checklists for common scenarios, pointers to other detailed information sources, in-depth theoretical background information, real world examples of actual hacker attacks, and informed surmises on the future of IT security. Inside Internet Security is basic, essential, core reading for anyone charged with security responsibilities for databases, computer communications, website development, and e-commerce transactions.

As a new field where speed is essential and getting there first is sometimes more important than following the correct path, computing suffers from more than its share of unsubstantiated claims. However, it is a field of human endeavor like all others we engage in, which means the social laws apply here as well. The recent burst of the "Internet bubble" should have surprised no one, as it is just the basic laws of business finally asserting themselves. Since it involves humans doing things where the consequences can be very visible, it is inevitable that it will attract people who will deface or destroy something just for the attention it generates. Therefore, like all other things we do in life, it is necessary to remain wary when using the Internet, and this book generally delivers help without the hype. When reading this book, it is clear that most of the problems involving computer security involve fundamental oversights or misfeasance on the part of someone. As I read through the examples in this book, I was reminded of the biography I read of the Nobel prize winning physicist Richard Feynman. He managed to obtain a reputation among his fellow workers as an expert safe cracker. However, as he makes quite clear when describing his life, most of this was just simple logic and luck in combination with oversight. The people around him tended to leave their combination locks on the last number, which reduced the possibilities and one time he managed to crack a safe by simply opening it, as it had not been properly latched. Some time ago, there was an announcement of a security flaw in Linux. It turned out that if some defaults were not altered after the install, it would be possible for unauthorized persons to access the system. If there is a flaw here, it is hardly a problem with Linux. Therefore, most of the solutions presented in the book fall under the umbrella of common sense. Use "complex" passwords and don't write them down in obvious places such as in a desk drawer. Furthermore, do not give out sensitive information over the phone, which is something I preach to my young children. The recent hilarious case of Oracle operatives doing some dumpster diving outside the Microsoft offices points out that one of the most efficient security features is to destroy any paper containing sensitive information. While most of the book is good, there was one point where I severely disagreed with the author. On page 45 there is a chart of components with 99.9% confidence of security and a computation concerning the confidence of security for ten such components as well as the hours and days of cumulative vulnerability based on these confidence levels. Granted, the author qualifies this as being merely a theoretical discussion, but it is still very misleading. Probabilities like this are most likely not additive, as following one path means the elimination of another. To say that having a component that is 99.9% secure means that it is "open" 8.8 h

Finally, a book that will show why hackers are doing their work rather than just giving all the tools to do it. "Security" books that shows you all the available tool to run a DoS are coming out at a fast-pace but are they really helping you to get more budget for security? No, they just give a one-stop place to learn how to bring down a networked server. Of course, they have some fixes on how to prevent them but it mainly comes to "install the latest patch" and "install a firewall". Well, we all know this part and most companies now have firewall (that the installation is good or not...).This book will go beyond that point and explains to managers why security is important; Why Firewall & patches will not prevent you from being cracked; Why do you need to understand the hackers in order to catch them; etc. Don't let the size of this book (about 250 pages) put you down since the author judiciously decided to keep to the facts rather than speculate. You will only find good information.The only thing that it still lacks (but it is also hard to have in a book because of on-going product (and hacker tools) development) is to define which firewall applications is good; the pros & cons of each of them; is it helpful to have multiple firewall and if so; how to set it up; etc. I was tired of all those books that will mainly help hackers (could be called Implementing Security Breaches) and this book is finally a book for Managers & IT Personnel that needs "written" proofs rather than just tools. I see it as a step forward and my only hope is that we will soon have a book that fully goes into implementing security.