White-Hat Security Arsenal: Tackling the Threats

This book explained to me how to solve the problems that I deal with all the time in my job. I like the fact that someone took the time to think about the reader and not to focus so much on all of the esoteric aspects of security that you find in most books. I already loaned my copy out to a colleague, and I'm recommending this book for everyone.

+AH4-Every year, tens of thousands of people land a network security management job for the first time - often by accident, as they get promoted to be the senior system administrator or network operations manager. They need to learn about threats and countermeasures, fast, and don't have the time to go into the kind of detail you find in an infosec MSc course or even a CISSP qualification.What book do you recommend to someone in that situation?Until I got a copy of Avi Rubin's `White Hat+AH4-+AH4- Security Arsenal', I'd probably have suggested that they read Cheswick and Bellovin's `Firewalls and Internet Security', or Spafford and Garfinkel's `Practical Unix and Internet Security'. Now, I think Avi's book has edged into the lead. I believe that, like them, it will come to be seen as a classic; unlike them, it was written recently rather than in the early-to-mid 1990s.As well as the basic nuts and bolts of things like access control, firewalls, and cryptography, it looks at the+AH4-+AH4- latest viruses and worms (on which surprisingly little has been written since Word viruses took over the lead from DOS viruses several years ago); remote backup services; popular crypto protocols and products such as SSL and Passport; and anonymity services. It is not so much aimed at the engineer who has to design and build new systems (for that, see my own book `Security Engineering'), but the user or administrator who wants to take commodity products such as web servers, routers and+AH4-+AH4- firewalls, and configure them in an intelligent way. I believe it succeeds in this task; it teaches enough of the underlying cryptography and system science, without getting too bogged down in detail. It also includes a number of case studies that illustrate, motivate, and help the reader develop some feel for the technical aspects of security management.I expect that this book will do well. It deserves to,+AH4-

When I first saw this cover, I thought it was silly. I still think that it is a silly cover, but it is a great book. The first thing I like about it is the idea of chapters covering specific problems. The PGP Disk section that explains how to store data on a computer was great, and I've started using that program. It's not just a product endorsement book, though. The explanations are very detailed, and simple enough to follow even though I do not have a security background. My degree is in general computer science. I've checked out other security books, but this is the one I like the most. The writing style is very entertaining. There is good information, and it is presented in an interesting way. That is rare. I wish that the book covered more problems. For example, there is only a brief section on denial of service, which is something many of my clients are asking about. Also, the virus section is very good, but it is dated. Obviously, it was written before Code Red. I'm not sure what the author could do about that, but maybe a companion web site would be good. I also thought that the chapter about backup systems might get dated quickly. There are companies presented, and many of them are probably already out of business. However, the author covers the philosophy behind these companies and why they are good or bad, so I guess it will not be dated that quickly. All in all, I think this is the best security book I have seen, and for someone who has actual security problems, or in my case, clients with real security problems, it is a great educational tool.

For any IT professional, or any executive management that is supported by or has to manage and collaborate with technology teams, finally a book that addresses "problems" and "solutions" across the tech landscape -- all in one book. The sections deal with how to secure systems across the IT landscape, specifically Threat, Storage, Data Transmission, Network Threats, Privacy & Commerce. Whether you are a non-technical manager needing a primer, or a CTO of a Fortune 500 company, Mr. Rubin lays out the landscape in an accessible format, covering the theory and practice of security. Then he goes farther by helping today's execs and IT professionals accomplish what he does for his hi-tech clients, with actionable strategies and solutions.

This is not your standard how-to security book. This is a well-designed, well-written volume on what the threats are, how they work, and what there is on hand to resist those threats.Viruses, worms, denial of service attacks are just the beginning of this. Rubin dissects the Morris Worm, Melissa, ILove You, and several other malicious invertebrates. His explanations of just how these infiltrative beasties work is just brilliant.The sections on secure transfer, setting up session keys, SSL, and encrypted email are really fine.This is a ``different'' security book: and it's one you need.