May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Best Unix Security Books

News See also Introductory Intrusion detection Solaris Linux  
Network security Firewalls WWW Security Tools TCP/IP Random Findings Etc

There are very few decent Unix security books. The reason is easy to explain: security is a dumping ground for professionals and few if any of those authors have in depth understanding of the system they are writing about comparable with the level of understanding of the author of an advanced book on the subject. There are a lot of snake oil salesmen in security that try to propagate FUD about hackers and comprovises.

So the task of finding one is pretty difficult and it might be that one can probably be better off  buying a decent Unix system administration book and TCP/IP networking book with security chapters, than a book specialized in security and written by a clueless author. After all a good defense is always based on real knowledge and in the case of Unix/Internet security on the knowledge of Internet protocols and Unix internals (or at least Unix system administration). Junk books like Harking Exposed are making money by pring to provide a popular (and extremely superficial) view on a very complex topic. IMHO a good Unix security book presuppose deep knowledge of OS and networking.

In case of security books it's probably unreasonable to expect them to cover recent trends. They should concentrate on fundamental principles of security. Essentially the best source of  the most recent information on Unix and Internet  security is Internet itself. The field is too dynamic and it's difficult to write books that cover recent trends. With typical year or more writing/editing/publishing cycle they will be outdated before they will be finished. But for the fundamental, core issues and introductory material books are a better deal that Internet materials and can help you save time and effort in mastering this large and difficult field. Unix security consists of two interconnected parts:

Some books concentrate on tools, some on principles. The main principle of security is famous KISS principle, and that can serve as a litmus test during book evaluation. If they do not stress the importance of stripping the system down to minimum number of components it's quite possible that other areas are covered weakly as well.

For security books one should be especially beware about "lemming effect" reviews, when a lot of newcomers to the field praise a very weak book with an attractive title. The word "Hacking" is a real cash cow in the security book title.  I recommend you to be very skeptical about  any security book with this particular word in the title; real professionals are seldom so greedy, snake oil salesmen usually are  ;-)

Among semi-decent Unix security books I would like to mention  Linux System Security: The Administrator's Guide to Open Source Security Tools  by Scott Mann. Contrary to the title it's not a Linux specific book: it covers generic free Unix tools. Although tools themselves are covered rather superficially, this book can help understanding your tools needs and might be instrumental in installing and using of some of recommended tools.

A rare good book is Mastering Network Security by Chris Brenton.

So far a decent (but outdated) introductory book on Unix security is still Practical Unix and Internet Security. I am not big fun of this book, but still I would like to admit that it's a decent book. The major drawback is that it's not tools oriented and large part of it is quite outdated. See my review of the book. But the biggest advantage of this book is that it's available in HTML. I feel that it should be used with Linux System Security: The Administrator's Guide to Open Source Security Tools  -- a better and more modern book, but not introductory in nature.

For TCP/IP-related security in addition to Mastering Network Security you can find 50% discounted Actually Useful Internet Security Techniques Larry J. Hughes / Published 1995. It's not bad, but outdated... See my list of booksellers.

See also: Peter Gavlin Security book review the good the bad and...the worst - SunWorld - October 1998  -- preferences IMHO are questionable, though ;-)

Dr. Nikolai Bezroukov

Search Amazon by keywords:

 You can use Honor System to make a contribution, supporting this site


Old News ;-)

**** Mastering FreeBSD and OpenBSD Security

by Paco Hope, Yanek Korff, Bruce Potter

If you are looking at implementing one of the BSD distributions of Linux and want to secure your installation this book is an excellent choice. The authors cover the basic security that applies to all Linux distributions such as filesystem security and creating a sandbox, and then follows up with security options specific to BSD. The chapters cover installation, secure administration, creating a secure DNS server, secure mail servers (including Sendmail, Postfix, and qmail), secure web server, firewalls, intrusion detection, system auditing and incident response, and some forensics. However, the forensics information provides a decent overview without being detailed enough to be very useful.

The authors do a really good job of explaining not only how to do various tasks but also the reasoning behind it and how it works to resolve specific problems. I like the fact that the authors don't do this in a piecemeal approach but provide a pathway to get to the system hardened before heading off into the specifics of harding particular services link DNS and Sendmail. They actually have a step by step procedure starting from a fresh install. This alone makes this one of the better books on hardening FreeBSD and OpenBSD. Mastering FreeBSD and OpenBSD Security is highly recommended.

Real World Linux Security (2nd Edition)

Hardening part (Ch 02) is weak. The author does not understand the compromises involved. The only useful chapter is Ch04. Common break-ins by subsystem. But it's not in depth (DNS part is extremely weak). But used book can be bought for $5 or less and at this price might make sense.

??? Network Security Assessment

by Chris McNab (Author)

Too generic to be really useful. No more then overview of consepts.

4 out of 5 stars Excellent book to assess your own network security..., May 19, 2004

Reviewer: Thomas Duff (see more about me) from Portland, OR United States

Target Audience
Network administrators or security administrators who want to assess the security of their systems.

This book is a series of assessments that you can do to your systems to determine the level of your system security

The book is divided into the following chapters: Network Security Assessment; The Tools Required; Internet Host And Network Enumeration; IP Network Scanning; Assessing Remote Information Systems; Assessing Web Services; Assessing Remote Maintenance Services; Assessing FTP And Database Services; Assessing Windows Networking Services; Assessing Email Services; Assessing IP VPN Services; Assessing Unix RPC Services; Application-Level Risks; Example Assessment Methodology; TCP, UDP Ports, And ICMP Message Types; Sources Of Vulnerability Information

Every day brings word of new exploits and new security bugs in various operating systems. Some are new and unique, and many are rehashed exploits made possible by the failure to patch and secure your systems. In order to see your system as a cracker would, you need to understand the mindset and toolsets that are used against you. This book, Network Security Assessment, will help you do just that.

Each chapter starts with a brief explanation of the area being discussed, as well as some of the overall security concerns related to that service. The rest of the chapter is then devoted to various exploits and tools that can be launched against the different operating systems. Chris McNab uses extensive illustrations and output listings to show the reader how the tools work and what type of information can be exposed to an attacker. Since many of the tools are Unix-based or are expected to be used against Unix-type systems, the author does assume familiarity with administration of Unix variants.

There are a lot of things to like about this book. The assessment methodology is organized and well thought out. It's not just a random scattering of exploits. The author also takes great pains to provide the sites where you can download the tools. In addition to that, the tools are also mirrored at the O'Reilly site so that you are protected against websites that may move around. The argument could be made that this provides a fledging cracker with all the information they need to break into your system. True, but the information already exists, and they will find it with or without this book. This book levels the playing field by making security information available to corporate administrators so that they have a chance against attackers.

A worthy addition to the bookshelf of network and security administrators. By following the exploits and processes outlined, you'll be able to sleep well knowing that you've covered as many bases as you can.

Network Security Hacks
by Andrew Lockhart (Author)

*** Practical Unix & Internet Security, 3rd Edition
by Gene Spafford (Author), Simson Garfinkel (Author), Alan Schwartz (Author)

Rare OK book. Outdated and partially spoiled by adding Alan Schwartz to the team: he did not manage to do a complete updating of the text: some chapters are still old with a lot of irrelevant material.

Building Open Source Network Security Tools Components and Techniques

by Mike Schiffman

1 out of 5 stars Man Page Reprint, February 19, 2003

Reviewer: A reader from Atlanta, GA United States

If you don't read the man pages then this book is for you. After reading the glowing reviews I went out to purchase this book. I am extremely disappointed. The lion-share of the book is merely API description. There are some neat examples in every chapter, but they are available on the internet... The end chapters of the book are well written concise summaries of known techniques and concepts (possibly the only redeeming component of the book)
After using libnet I was expecting something great from the man who wrote such an awesome library. Experienced programmers should use the man pages. If you're new to information security topics then you might find this book useful.
A newbie would be well served by this book.

Reviewer: jose_monkey_org (see more about me) from ann arbor, mi

this is pretty much the book I've been looking to add to my library for a while. schiffman covers the major libraries in security (libnet, libdnet, libpcap, openssl, libsf, and libnids) in a smooth and excellent way, and then brings them together in several small apps and then firewalk 5.0. in this book we learn techniques to complement the tools we learn how to craft.

i was a bit let down in some of the details being left out of the libraries schiffman didn't write, such as pcap and ssl. these are really difficult to master libraries, some more attention could have been given here.

another reviewer noted that the book really ignores the windows developer, which is true to an extent. however, what schiffman doesn't say (and the reviewer doesn't state) is that several of the libraries (pcap, libnet, libdnet, openssl) work just fine on windows. it would have been helpful to have seen that covered more, but perhaps in the next edition.

all in all, a recommended book. now infosec people will have no reason to say they can't write their own network attack apps. and hopefully it will inspire someone to write a better mousetrap, too. i'm still surprised it took so long to appear on the shelves!

5 out of 5 stars Refreshing Networking Security material!, October 31, 2002

Reviewer: [email protected] (see more about me) from Baltimore, Maryland

There are many security books on the shelves today. Most of them describe the same hacker tools and methods. They don't get very technical and once you've read one, you've read them all. Building Open Source Network Security Tools is a different breed of security book.

Building Open Source Network Security Tools , just as the name suggests, is about how to build network security tools. This is a technical book, so you are going to have a little knowledge of C and your networking principles. This is definitely not a managers book.

First the book describes some basic principles in developing security software. This is a quick primer in case you have never been involved in software development. Next the book goes on to describe several commonly used libraries like libnet and libpcap. For each library, the structures and functions are explained, then there is sample code. I have written programs using libpcap and libnet before and I still learned something. There is even a section on OpenSSL programming. OpenSSL is a rather large and cryptic, no pun intended, library (in my experience anyways). This book sheds some light on it! These chapters are a great reference to have when making a new security tool.

The author then goes on to explain the several techniques like attack and penetration and active reconnaissance. Not only does the author tell you how they would in a technical sense, he provides code that does it, and explains each piece. This is very useful since most tools in the wild aren't very well commented ;) There is also a chapter on buffer overflows and format string vulnerabilities. These chapters are very well done and do a good job in explaining how they work and how to write code to use them. It may sound like this is an offensive hacker book, but it also gives examples on how to write defensive programs, like a port scan detection tool. At the end of the book the author ties it all together with a large program that utilizes many of the techniques mention in the book.

I found this book to be very refreshing. I had been waiting for a good security programming reference, and this is it. As a part of the Honeynet Project, I have seen a large number of compromises and tools, and one thing I've found is that in order to truly know who your enemy is, and how they operate, you need to know how their tools work. I wish this book had been released years ago when I first became interested in network security. It would have saved me from stumbling around old web pages and dead links. If you're an information security professional, this book is a must have for your library.

??? Solaris 9 Security
by Ashish Daniel Wilfred
Price: $49.99
**+ Solaris 8 Security
by Edgar Danielyan
Our Price: $39.99

Paperback - 296 pages 1st edition (October 24, 2001)
New Riders Publishing; ISBN: 1578702704 ; Dimensions (in inches): 0.65 x 9.01 x 7.05

Very weak: as close to junk as you can get. Definitely not recommended even as an intro.

??? Hack Proofing Sun Solaris 8

Randy Cook (Editor), Ido Dubrawsky (Contributor), F. Williams Lynch (Contributor), Ed Mitchell, Wyman Miles, F. William Lynch

Paperback - 407 pages (October 2001)
Syngress Media Inc; ISBN: 192899444X Sales Rank: 69,292

Table of Contents

Chapter 1: Are You at Risk for a Hacker Attack?
Chapter 2: Introduction to "Hardening" Your Solaris Operating System
Chapter 3: Hacker Tools & Techniques
Chapter 4: Securing Your Users Accounts and Environments
Chapter 5: Securing Your Independent System
Chapter 6: Protecting Permissions and Filesystems
Chapter 7: Types of Attacks
Chapter 8: Cron: What it is and How It Protects You
Chapter 9: Planning: The Best Defense Against Disaster
Chapter 10: Commercial Solaris Security Tools
Chapter 11: Solaris Security Freeware and Shareware
Chapter 12: You've Been Attacked � Now What?: Triage & Recovery Guide
Appendix A: Secrets
Appendix B: Additional Resources

The TOC looks pretty reasonable, but 400 pages for twelve chapters (30 pages per chapter) are definitely not enough for in-depth coverage.

4 out of 5 stars Well-organized approach to securing Solaris systems, January 9, 2002
Reviewer: Richard Bejtlich (see more about me) from Texas, USA

I am a senior engineer for network security operations. I am not a Solaris system administrator, but I read "Hack Proofing Sun Solaris 8" (HPSS8) to learn more about securing Solaris systems. HPSS8 addresses a wide variety of Solaris security issues, and is suitable for beginning and intermediate system administrators.

HPSS8 is not a Solaris version of "Hack Proofing Linux" (HPL), which I reviewed in October. While HPL seems more like a catalog of open source security tools, HPSS8 focuses on explaining the features and configuration of Solaris hosts. The authors provide useful explanations of Trusted Solaris, with enhancements like Role Based Access Control and Mandatory Access Control. Admins unwilling to deploy Trusted Solaris can experiment with the SunSCREEN Basic Security Module (BSM), which raises a default Solaris 8 installation to the C2 security level. HPSS8 describes how to deploy Sun's Kerberos implementation, called Sun Enterprise Authentication Mechanism (SEAM). The book also introduced me to Sun's implementation of file-based access control lists to protect SUID files.

As a casual reader, not responsible for implementing these tools, I found HPSS8's coverage adequate. I learned about enterprise-grade security features I never knew existed. I'm not sure if admins needing in-depth explanations will find what they need in HPSS8.

HPSS8 appears to be written by authors who know their material. I found no errors, although I admit I am not a Solaris expert. The network security discussions, with which I am more familiar, seemed error-free as well. I appreciated the heavily technical buffer overflow explanation in ch. 10, and was surprised to learn in ch. 8 that Solaris by default routes packets between multiple interfaces. The only slip in editing appeared to be unnecessary "double coverage" of Snort (in ch. 3 and ch. 8), probably written by different authors.

If you're a junior Solaris admin and you need to lock down your machines, securely operate web, email, caching, routing, firewalling, and related services, HPSS8 will definitely help you. Senior Solaris admins will probably not learn new tricks. Security professionals who want to familiarize themselves with Solaris features will enjoy reading HPSS8, as I did.

(Disclaimer: I received a free review copy from the publisher.)

Linux Security (Craig Hunt Linux Library)
by Ramon J. Hontanon, Ramon J. Hontaanon, Craig Hunt
Our Price: $34.99
Paperback - 496 pages 1ST edition (June 14, 2001)
Sybex; ISBN: 078212741X ; Dimensions (in inches): 1.20 x 9.00 x 7.56 Sales Rank: 33,503

4 of 5 stars Very useful addition to your Linux (Unix) security library, September 10, 2001
Reviewer: Halvard Halvorsen (see more about me) from United Kingdom

This is the first book I have bought from the Craig Hunt Linux library and judging by this volume I will be buying more.

It's an excellent book covering all aspects of Linux security
from physical site security to VPN's. It's up to date: a good section with clear examples on iptables is included.

For each section the author selects a few (or as in the case of file integrity just one product like tripwire) products and explains with good examples how to install and configure from scratch (including installing the rpm's). The language is clear and the author explains both why and how. There is an excellent section on nessus and the tripwire part really shows what a cumbersome beast tripwire now has become ... The focus is almost 100% on freely available tools in true Linux spirit.

It's not without minor faults however - but so far I have only found one major one. The section on "Starting Network Services from /etc/rc.d" is weak: it messes up the runlevels (1 is single user and 5 is X11), it does not mention the fact that Kill scripts are run before the Start script when _entering_ a new run level and there is no mention of ntsysv (or chkconfig).

I do like the fact that Hontanon is not at all afraid of giving strong recommendations - i.e. "Among the password auditing tools ... John the Ripper stands out as the clear winner because of its performance and ease of use".

This is not a beginners book - it assumes general Linux and networking knowledge.

If you are looking for a source for overall Linux security, Unix security tools and how to use these tools look no further. This book should be on your bookshelf along with the 2nd edition of "Maximum Linux Security" and (the now slightly out of date) "Practical Unix&Internet Security".


???+ Hacking Linux Exposed
by Brian Hatch, James B. Lee, George Kurtz
Our Price: $27.99
Paperback - 566 pages 1st edition (March 27, 2001)
McGraw-Hill Professional Publishing; ISBN: 0072127732 ;

5 of 5 stars Buy two of these, May 30, 2001
Reviewer: A reader from Atlanta, GA, USA

I wasn't a fan of Hacking Exposed, largely because its Unix section was a mere 50 pages of superficial, outdated, and obvious fluff. Hacking Linux Exposed makes up for that lack by digging into Unix in much more depth. Though it is modeled after the attack/countermeasure style of the original HE, this book includes a whole chapter of security measures at the beginning that you can implement instantly to get your machine locked down before getting into the nitty-gritty detail about other things in the hacker's arsenal.I was particularly enthralled with chapter 10, which talks about what the hacker will do after they have gained root access, from simple things like adding accounts to complicated issues like kernel modules, complete with source code. Chapter 7 includes some really wonderful examples of how the hacker can abuse networking protocols themselves, something I haven't seen covered in such depth before.The book is logically organized. The first part covers the way the hackers find and probe your machine. The second talks about getting in from the outside, be it network or physical. The third part talks about gaining additional priveleges, and the last part of the book is dedicated to mail, ftp, web, and firewalls. The appendicies are actually useful. They seem to have dropped the small 1-page case studies from the original book and replaced them with longer hacker-eye-views of real attacks which are an interesting read, and really tie the book together.This book is Linux specific in it's countermeasures, but I'd recommend this to any unix user. They do a good job of discussing differences between Linux variants as well, they don't just assume everyone has a RedHat box on their desk. Very refreshing.This book is great for both the theory and practical uses. I could spend weeks implementing all the suggestions they have, but they seem to have thought of this because their risk ratings let you know where you should concentrate as you secure your systems.Like Hacking Exposed, this book also has a website, (...) but it seems more up-to-date -- for example when the ptrace bug in older kernels came out, they posted a kernel module you could compile to protect your system until you could upgrade -- and includes all the source code contained in the book.I bought two of these, one for home and one for the office, and I suggest you do the same.

???? Hack Proofing Sun Solaris 8

Randy Cook (Editor), Ido Dubrawsky (Contributor), F. Williams Lynch (Contributor), Ed Mitchell, Wyman Miles, F. William Lynch

Paperback - 407 pages (October 2001)
Syngress Media Inc; ISBN: 192899444X Sales Rank: 69,292
Here is some info about Ido Dubrawsky from his paper Freeware Intrusion Detection Tools:
... has been working in UNIX and network administration field for nine years. When not working on security, he spends his free time with his wife, Diana, their two children, and their dog, Reidy. He is currently employed by Cisco Systems in the Cisco Secure Consulting Service as a Network Security Engineer.

Table of Contents

Chapter 1: Are You at Risk for a Hacker Attack?
Chapter 2: Introduction to "Hardening" Your Solaris Operating System
Chapter 3: Hacker Tools & Techniques
Chapter 4: Securing Your Users Accounts and Environments
Chapter 5: Securing Your Independent System
Chapter 6: Protecting Permissions and Filesystems
Chapter 7: Types of Attacks
Chapter 8: Cron: What it is and How It Protects You
Chapter 9: Planning: The Best Defense Against Disaster
Chapter 10: Commercial Solaris Security Tools
Chapter 11: Solaris Security Freeware and Shareware
Chapter 12: You've Been Attacked � Now What?: Triage & Recovery Guide
Appendix A: Secrets
Appendix B: Additional Resources

TOC looks pretty reasonable, but 400 pages are definitely not enough for in-depth coverage.

**+ Solaris 8 Security
by Edgar Danielyan
Our Price: $39.99

Paperback - 296 pages 1st edition (October 24, 2001)
New Riders Publishing; ISBN: 1578702704 ; Dimensions (in inches): 0.65 x 9.01 x 7.05
**** HP-UX 11i Security
by Chris Wong

Our Price: $39.99

Paperback - 480 pages 1st edition (September 26, 2001)
Prentice Hall PTR; ISBN: 0130330620 ; Dimensions (in inches): 1.28 x 9.24 x 7.04
table of contents

Real World Linux Security Intrusion Prevention, Detection and Recovery

by Bob Toxen
Our Price: $35.99

Paperback - 400 pages 1st edition (December 15, 2000)
Prentice Hall PTR/Sun Microsystems Press; ISBN: 0130281875 ; Dimensions (in inches): 1.56 x 9.24 x 7.05
Table of contents Sales Rank: 10,746
Avg. Customer Rating: 5 out of 5 stars

This is only 400 pages books about pretty complex subject, but the book got several very positive reviews. First four are so positives that I suspect some of them might be "friends and family" type of reviews. Judging from the Table of contents the book covers (or at least mention) several important areas including using Snort (mentioned in the ch. 15), Hardening (Ch 12). The latter is a definite plus, although the items listed in this chapter has nothing to do with tightening system setting and stripping the system to bones.

At the same time the chapter 13 title looks misleading (contents has nothing to do with hardware)

13. Preparing Your Hardware.
Timing Is Everything. Advanced Preparation. Switch to Auxiliary Control (Hot Backups). TCP Wrappers. Adaptive TCP Wrappers: Raising the Drawbridge. Cracker Trap. Ending Cracker Servers with a Kernel Mod. Fire Drills. Break Into Your Own System with Tiger Teams.

And the content of chapter 9 "Gutsy Break-Ins" (Mission Impossible Techniques. Spies. Fanatics and Suicide Attacks.) looks like an indication of snail-oil salesmen style.

***** A useful book, December 11, 2000
Reviewer: Jonathan Low from Sunnyvale, CA USA

This book is written in clear prose and is easily understood. His description of attacks and how to defend against them is fascinating and extensive. He has a section titled "Obscure but Deadly Problems". I fear they are not as obscure as one would hope, as I have encountered such problems. The historical notes, such as that of the Symlink Attack (section 6.8.3 in the grey box on page 298), allow the reader a deeper level of understanding. The resources and instructions for finding the attacker's system given in chapter 20 are very useful.

?? E-mail Virus Protection Handbook: Protect Your E-Mail from
by Syngress Media. Paperback (October 30, 2000)
Amazon price:$31.96
You Save: $7.99 (20%)
Managing Cisco Network Security
by Syngress Media(Editor), Inc Staff Syngress Media. Paperback (October 30, 2000)
Amazon price:$47.96
Mission Critical Interworking Security (Mission Critical Series)
by Syngress Media(Editor), Inc Staff Syngress Media. Paperback (December 30, 2000)
Amazon price:$47.96

Red Hat Linux Security Toolkit
by David A. Bandel
Paperback - 500 pages Bk&Cd Rom edition (May 2000)
IDG Books Worldwide; ISBN: 0764546902 ; Dimensions (in inches): 1.17 x 9.16 x 7.30 Sales Rank: 78,536
Avg. Customer Review: 5 out of 5 stars
Number of Reviews: 1
BONUS CD-ROM INCLUDES: Caldera OpenLinux 2.3 Security Tools ;-)
???? Managing TCP/IP Networks: Techniques, Tools and Security
Gilbert Held / Hardcover / Published 2000
Amazon price: $89.95
SSL and TLS Essentials: Securing the Web ~ Usually ships in 24 hours
Stephen Thomas / Paperback / Published 2000
Amazon price: $27.99 ~ You Save: $7.00 (20%)
Web Security ~ Usually ships in 24 hours
Amrit Tiwana / Paperback / Published 1999
Amazon price: $29.71 ~ You Save: $5.24 (15%)
Designing Secure Database Driven Web Sites
Jimmy Nasr, Roger Mahler / Textbook Binding / Published 2000
Amazon price: $38.24 ~ You Save: $6.75 (15%) (Not Yet Published -- On Order)

Linux Security Toolkit
David A. Bandel / Paperback / Published 2000
Amazon price: $31.99 ~ You Save: $8.00 (20%) (Not Yet Published -- On Order)
Network Intrusion Detection - An Analysis Handbook
Paperback - 267 pages (July 1999)
New Riders Publishing; ISBN: 0735708681 ; Dimensions (in inches): 0.63 x 9.03 x 7.05 Sales Rank: 2,319
Avg. Customer Review: ***** Number of Reviews: 6

Building Linux and OpenBSD Firewalls
Wes Sonnenreich, Tom Yates / Paperback / Published 2000
Amazon price: $35.99 ~ You Save: $9.00 (20%)

**** Linux System Security: The Administrator's Guide to Open Source Security Tools
Scott Mann / Textbook Binding / Published 1999
Amazon price: $48.99
A decent book !!! See review below
** Checkpoint Firewall-1 : Administration Guide
Marcus Goncalves, Steven Brown / Paperback / Published 1999
Amazon price: $55.00
Average Customer Review: 3 out of 5 stars
Junk. The author written several other junk books on the subject including:
Firewalls : A Complete Guide ~ Usually ships in 24 hours
Marcus Goncalves(Editor) / Paperback / Published 1999
Amazon price: $43.99 ~ You Save: $11.00 (20%)
Read more about this title...
Firewalls Complete (Complete Series) ~ Usually ships in 24 hours
Marcus Goncalves / Paperback / Published 1998
Amazon price: $54.99
Average Customer Review: 4 out of 5 stars
Read more about this title...
1 out of 5 stars This book is an insult.
Reviewer: Kevin Tsai from Oakland, CA December 29, 1999

I'm a systems consultant and have worked with a number of different firewall products including FireWall-1. FireWall-1's network address translation feature is very powerful if you manually set up network objects and the local.arp file and configure the NAT rule. This book does even touch on these aspects; the Arch&Admin (that comes with the Firewall-1 CD) explains this in detail in 65 pages. *Copied from the CD documentation: for example, the discussion on SYN Flooding Attack (pages 138-143) is mostly taken WORD-FOR-WORD from Arch&Admin (pages 329-333). Many examples are copied verbatim. *PPTP is not secure relative to alternatives - why recommend it? I thought the authors were veterans. *Checkpoint's OPSEC makes FireWall-1 extensible, and a couple of the add-ons such as RealSecure (attack recognition) and StoneBeat (high availability) are very complementary products. I'd expect professionals who'd write a book on FireWall-1 to have experience in these add-ons. *Of the 450 pages, only the first 306 pages are FireWall-1 related; the next 100 pages (Chapter 13) are on generic Internet attacks √ which many books cover more in content and detail. Balance is glossary and index (that's over 10% of the book). *Stripping down NT: the first thing you should do before installing FireWall-1 on NT is strip all the services from the network control panel applet. I guess the authors didn't even bother to copy Joe DiPietro.

This book does not cover anything on FireWall-1 that the software documentation from Checkpoint does not cover. As a matter of fact, Checkpoint's documentation covers much more depth AND breadth than this book. From what I understand, the only documentation on FireWall-1 that is better than Checkpoint's is Checkpoint's Hebrew version of the documentation.

For the price of this book, I'd expect more in-depth coverage on the technical deployment of the product (for the technical implementer), on the strategic deployment of the product (for the CIO), or both. This book provides neither. Stick with the CD's documentation.

Asp/Mts/Adsi Web Security (Prentice Hall Series on Microsoft Technologies) ~ Usually ships in 2-3 days
Richard Harrison / Paperback, 450 pp with CD/ Published March, 1999 by Prentice Hall PTR (ECS Professional)/ISBN 0-13-084465-9
Amazon price: $44.99
RICHARD HARRISON is a Microsoft Certified Solution Developer (MCSD) and a senior consultant for a major global IT services company. He is also the coauthor of Professional Active Server Pages 2.0

Table of content. The accompanying CD-ROM contains source code for examples.

Protecting Networks With Satan ~ Usually ships in 24 hours
Martin Freiss, Robert Bach (Translator)
Paperback / Published 1998
Amazon price: $15.96
Maximum Internet Security: A Hackers Guide ISBN: 1575212684 -> -- very weak


Unix System Security : A Guide for Users and System Administrators (Addison-Wesley Professional Computing Series)
David A. Curry / Hardcover / Published 1992 -- old classic

Outdated but still useful.

Recommended Introductory Unix Security Books

**** Practical Unix and Internet Security HTML version is available from the O'Reilly Networking CD
Simson Garfinkel, Gene Spafford / Paperback / O'Reilly, 1996 - 2nd edition/ 971 pages, no CD
Table of content -- 27 chapters, 7 supplements

Recommended with reservations

The great advantage of the book is that it is available in HTML. That's really make it better than it was before and added an additional star in my evaluation ;-).

It's a good introduction to the subject. Somewhat outdated -- four years old in a very dynamic field, Rootkit is not even mentioned, Bugtraq mentioned only in supplement, etc. Far from being practical and can be used only as a general introductory text in Unix security. Not recommended for Internet security (superficial and incomplete). Good style -- Simson Garfinkel of The UNIX-Haters Handbook fame is a really talented journalist (but now only a journalist, see his interview with

The main problem with the book is that instead of relying on tools as any Unix author should, the authors use a cookbook/reference approach giving recipes about improving security. References to important RFCs, FAQ and CERT advisories are absent. For example RFC1244 (now superseded by RTC2196) is not mentioned in index (and probably in the text as well) although Ch.2 and Ch.24 mirror its content.

No attempts were made to explain what tools can be used for checking/fixing particular class of problems or to present a bigger picture in which the flaw exists. Typesetting is very primitive. Although one of the authors is a (former) programmer judging by just the book content it is difficult to believe that he is able to spell PERL :-).

The book is not updated enough to compete with newer books on Internet Security. For corporate users possible alternatives are combinations of one book on Unix security (for example, one book on tools like Linux System Security: The Administrator's Guide to Open Source Security Tools and one book on Internet security (for example Actually Useful Internet Security Techniques by Larry J. Hughes or some more recent book on network security).

Often non-security books written by a specialist in particular area can be a better deal than books from security folks. For example TCP/IP Network Administration by Craig Hunt contains a lot more information about how properly configure TCP/IP than this book and in Ch.12 has a very decent overview of security in just 40 pages.

See my review of the book
Here are some Amazon readers reviews:
5 out of 5 stars Excellent General Introduction

Mark R. Lindsey ([email protected]) from Valdosta, Georgia, USA April 25, 1999

This is a superb discussion of networked-system security, in general. It doesn't pretend to be an up-to-the-minute shopping list of security flaws: that job is better left to web sites. Instead, the text educates readers with a conceptual idea of Computer Security that can be applied successfully to existing systems, and to systems not yet built. It's exactly the sort of educational value that we'd expect from simsong and spaf.

But it does go beyond theoretical education, to explain with great clarity fundamental issues in system security. Covering everything from physical security to filesystem quirks, this tome is fascinating in its scope. I have found the special section on writing solid network applications (CGI programs, and the like) to be of great value.

In short, this book provides the Common Body of Knowledge in computer security. Start here, and you'll have the basis for a comprehensive understanding of related issues -- one that transcends the individual bugs to see the bigger picture.

[email protected] from CA, USA , May 12, 1998 **
outdated and light on internet security
I should have paid more attention when I bought this book in a series of security books and I regret this buy. Its "best seller" position is IMO unjustified because the networking/internet sections (10 total lines on SSL!, mentions of Netscape 2.0b2, nothing on ICMPs attacks, 3 lines about spoofing...) are completly outdated and/or pretty useless.

A reader , July 21, 1997 **
Had this book cost me $5, I would've been perfectly happy with it, but for over $30... These people have written a lot, but said little. They did mention a few things to watch out for, but this could've been fit in under 50 pages. The rest is reiteration of trivial. Some topics, like cryptography, were a bait, but haven't been covered in depth. And, boy, about a third of the book talks about stuff from intro UNIX texts. I tend to think that people concerned with UNIX security know how to move between directories. Also worth knowing that Garfinkel co-authored so called "UNIX haters notebook". His prejudice shows.
*** Linux System Security: The Administrator's Guide to Open Source Security Tools
Scott Mann / Textbook Binding / Published 1999, 512 pages, CD
Amazon price: $48.99
Table of contents
[Sample Chapter]
Semi-decent book on open source security tools. It's not Linux specific. The book that beats a lot of mediocre books like Maximum Security (by anonymous) or Solaris Security( by Peter Gregory) to name a few, but still is not without significant flaws: the author does not understand half of the tools he is writing about.

Actually all tools described are not Linux specific and can be used for any Unix including FreeBSD and Solaris. First several chapters (2-4) are pretty superficial (for example huge and non-trivial problem of assigning and maintaining user groups on a production server is covered in half-page) and contain almost no useful information, but tools chapters are better and some of them are really useful.

The authors seems really used tools that they are writing about although they never go into fine details that is typical for real experts. For several popular tools the book provides some useful info that is difficult to find elsewhere. Pretty decent typography, although it's a little bit too academic and does not use icons on margins that IMHO simplify reading.

As for the classic open security tools, the book covers PAM(36 pages), Sudo(20 pages), TCP Wrappers(24 pages), SSH(55 pages), Tripwire(24 pages), CFS and TCFS (30 pages), and ipchains.

From the first reading it looks like at least some "tools" chapters are *not* a rehash of existing online documentation. In addition to the chapters about classic open source security tools I like chapters about logs: a chapter on syslog (Ch.8) and a chapter on log file management (Ch.17).

Now about weaknesses. The chapter on Tiger is extremly weak. The second author of the book ELLEN L. MITCHELL is a network analyst at Texas A&M University, responsible for campus network security, development, and administration. She currently maintains the Tiger UNIX security package, but is unable to maintain a pretty simple set of hardening scripts :-(. That's due her efforts, Tiger is now a legacy tool :-). Actually information is not completely useless -- it's not difficult to switch to another tool after one understands how Tiger works. Titan can be considered for Solaris. Perl is superior for writing Unix vulnerability scanners in comparison with shell, but Bastille is no way a better set of scripts than outdated Tiger. From the point of view of architectural solutions Tiger is much stronger (that the polite way to way that Bastille is junk).

There are several serious omissions. Book is incomplete in a sense that neither Snort (or any similar intrusion detection tool), nor open source network scanners (Saint, Sara, etc.) are covered. Nmap is not covered as well.

Of course there are some typos, but generally not that many. But what is really bad is that the Prentice Hall book page currently is pretty basic with no errata or additional links. The authors do not provide a WEB site for the book. That is a really bad sign :-(.

This book can probably be used for studying Unix security at universities along with somewhat outdated Practical Unix and Internet Security and this combination can somewhat compensate deficiencies of the latter (non tool oriented descriptive approach).

**+ Hacking Exposed Network Security Secrets and Solutions
by Joel Scambray, Stuart McClure, George Kurtz
Paperback - 703 pages 2nd edition (January 15, 2000)
McGraw-Hill Professional Publishing; ISBN: 0072127481 ; Dimensions (in inches): 1.72 x 9.11 x 7.27
The main purpose of the book is to serve as an advertisement of the authors hacking courses. The main strength of the book is that it contains a useful tips about networking utilities and security tools as well as a basic assortment of networking attacks. From other point of view there is a difference between openness and provoking people to do something wrong. There is a very fine line here. I wondered at times whether some parts of the book were written with the "Anarchist's Cookbook." in mind :-). Still, there is some good content here. For example as for tools the book does contain some relevant information. You can probably can save some time that otherwise will be spent browsing the Internet starting from the set of tools outlined in the book.

The authors did not produce the coherent picture of what is what and the book is fragmentary. It's more like a collection of notes or a reference of useful tools. Paradoxically Unix part of the book is extremely weak. Looks like neither of the authors understand Unix well.

** Bloated...with little substance, July 21, 2000
Reviewer: neptoona (see more about me) from Wilmington, DE USA

This book is really nothing more than a guide. If you don't have time to search the internet (and the stuff is not hard to find) then this book may be of some help. It's amazing how they managed to fill up so many pages and tell you very little. They tell you about all of the tools and where to get them, but they give you nothing on how to use them, with the exception of nmap and ncat. If you can get this book used for a few bucks, then it may be a good buy as a reference, but don't buy it at the retail price.

*** Been There, Done That., January 20, 2000

Reviewer: A reader from Moscow, Russia
I didn't find anything in this book that I hadn't found after doing a few days worth of research on the web. Many parts of the text seem to have been directly lifted from the Read Me files of the tools that the author is trying to describe. A real cut-n-paste job.

*** the book is good but its not good enough, November 9, 1999
Reviewer: A reader from Cairo,Egypt

the book-as i said before in the summary- is good but its not good enough.....its not written for a certain class of readers......its not high enough for the experts and its ont simple enough for the beginners

***** Easy to Read and Very Informative, August 6, 2000
Reviewer: Samuel C. Adams (see more about me) from San Antonio, TX USA

I manage a crew of about 20 people who do intrusion detection analysis. The stellar achivement of the authors of Hacking Exposed is packing their book with useful information AND making it easy to read. The only thing wrong with this book is that in attempting to cover everything, the authors talk about some things that aren't really worth knowing and skimp on topics where most readers would want more depth.

There are many topics that received excellent coverage in this book. Among them are: DNS records and zone transfers, the ins and outs of nmap, Unix log files, the NT null session or Red Button vulnerability, the SAM database and NT password guessing. This book does an excellent job covering Netbios and NT vulnerabilities which I found exteremly useful since most of my background involves Unix.

Topics that could have been left out of this book or that received undue attention include Windows 95/98 and Novell. In the last section of the book the Authors seemed to want to cover as many tools and vulnerabilities as possible. I would have preferred a more informative treatment of a smaller number of issues.

An important topic I thought the authors didn't do justice was buffer overflow vulnerabilities. The reader is referred to papers done by Dr. Mudge and AlephOne.

All in all I found this book very useful and look forward to the second edition.

**** Good security read, summarizing well known exploits., May 3, 2000
Reviewer: A reader from Baltimore, MD

Hacking Exposed offers a good overview of many well-known, and some lesser known, secuirty vulnerabilities. A fairly quick read, strikes a good balance between superficiality and going too deeply into code. Very good on NT and router security (often overlooked), but could be better on UNIX (not much Linux-specific advice here). As a part-time admin for a small network, I'm glad I picked this book up. Would have like to see more on security tips for small business security -- ex. review/advice re: SonicWall /Watchguard type boxes.

Here is a couple of reviews of a specific category of readers that I would called "a wanna-be hackers":

5 of 5 stars About time someone knew what they were writing about, September 14, 2000
Reviewer: rhelic (see more about me) from Canastota, NY USA

I've read about 4 security books and this book was far better than the rest. Instead of simply telling you not to run a certain service cuz it might have a hole, it actually tells you what the hole is, how to exploit it, and where to get the tools you need to exploit it. This isn't a list of programs and their holes though, it starts at the begining teaching you how to enumarate (get info) from a computer from all kinds of different methods, such as trying to find out OSs, their versions, services that are running and who is currently on the system. It talks about scanning groups of computers to find the few that are exploitable. It then goes on to explain specific Windows9X holes, then NT, to Novell, and then to Unix. Spending upto 60 pages on each operating system (very in depth and all of it usefull). There are also chapters just on dialup and VPNs (virtual private networks), firewalls, network hardware (routers) and an entire chapter just about DoS's (Denial of Services). It then goes into Advance Techniques, problems with PHP and ASP, and then onto a chapter on Windows2000 (talk about being up to date). As far as my book collection goes, this definetly gets my Top5 rating of the 100+ books I've read. Theres alot of meat to eat in this book.

5 of 5 stars WHAT A BOOK!, July 24, 2000
Reviewer: Nectron from California
i am really interested in computing, networks, and security, i bought this book from, when i was looking for a book that TEACHES me how to hack, and teaches me how to block hackers attacks, i know that a lot of bigenner hackers like me, are looking for a mentor or for a guide, to learn hacking or to be a security expert, this book is really really scaring, and reallly shows you how vulnerable your network or computer is... the last word i say is: ( IF YOU'RE LOOKING FOR A TECHNICAL BOOK, IF YOU WANT TO BE A HACKER, BUY THIS BOOK NOW! )

5 of 5 stars i g07 7his b00k n0w i'm 7h3 m4s70r h4X0r, June 2, 2000
Reviewer: A reader from USA
this book is totally amazing! i used to know how to code in QBasic, but now i am a master hacker! thank you very much mr smartay hacker man for writing this book for me. if it weren't for you i wouldn't be as good of a hacker that i am today.

*** Hack Proofing your Network : Internet Tradecraft
by Ryan Russell(Editor), et all.
Amazon price:$39.96
Paperback - 450 pages 1st edition (January 15, 2000)
Syngress Media Inc; ISBN: 1928994156 ; Dimensions (in inches): 1.17 x 9.25 x 7.41 Sales Rank: 1,861
Avg. Customer Review: ****
Number of Reviews: 11
Table of contents

A controversial introductory "cash cow" (450 pages for $40) book from Syngress -- a new kid on the block. In best cases such books are 80% junk and 20% useful and this book is no exception. If you consider penetrations into other companies computers as an electronic terrorism this is a terrorist handbook ;-) Among contributors I noticed Mudge (who run L0pht) and Rain Forest Puppy (the author of whisker CGI scanner written in Perl, he authored one paper: A look at whisker's anti-IDS tactics).

Again this not a security tutorial. This is a textbook for a hacker/cracker wanna-be with chapters of very uneven quality written by different authors. A book on general network security gives a better introduction, and I am convinced that the view of a hacker/cracker does not help very much in securing a network.

Chapter 8 is not bad (but a good knowledge of assembler is a lost art nowadays) but that's probably it.

All-in-all it's slightly better than Maximum security junk, but still it has the same distinctive style of "I want to make tons of $$ from all this hacker wannabe idiots". Funny, but Maximum security has much more positive (Amazon lemmings effect) reviews.

The contents is hampered by the superficial understanding of TCP/IP The mentioned exploits and attacks are now mostly fixed and thus outdated, so many of the URLs are of limited value. Denial of service attacks are not discussed at all. Although the attack part descriptions in some chapters(7-10) are more or less decent and might help to understand the spectrum of possible threats, countermeasures treatment is so superficial that I would classify this book as a wanna-be hackers textbook. that is not much here for qualified corporate security personeel. But even in rare cases when there is some useful content in the book documents available freely from the Net often are equal or better.

Some chapters are really horrible (Chapter 6(Cryptograghy) is very amateurish, the complete lack of understanding of virus security is pretty evident in the Chapter 14).

The principal author Ryan Russell is MIS Manager at (a pretty weak security portal that tries to compete with and this management position naturally predispose him to speculate on security. He has (probably bachelor) degree in computer science from San Francisco State University. Another contributor is Stace Cunningham, a security consultant with some casino experience.

Here is pretty revealing quote in the best "Give us your money stupid Pinocchio" style from Ryan Russel :-)

When you're through reading Hack Proofing Your Network, you'll understand terms like "smashing the stack," "blind spoofing," "building a backward bridge," "steganography," "buffer overflow" and you'll see why you need to worry about them. You will learn how to protect your servers from attacks by using a 5-step approach:
1. Planning
2. Network/Machine Recon
3. Research/Develop
4. Execute Attack and Achieve Goal
5. Cleanup
And you'll understand the theory of hacking, how to fend off local and remote attacks, and how to report and evaluate security problems.
The Only Way to Stop a Hacker Is to Think Like One.

I especially like steps 4 and 5 in protecting servers ;-). Here is a couple of Amazon Review that I like:

2 out of 5 stars Incomplete, shallow and too diverse, October 19, 2000
Reviewer: R. van den Berg from Netherlands

If you know nothing about hacking, this book might be a good start. However, there are plenty of web sites that will do a better job (and they are free).

The reputation of the authors made me hope for a much more in depth look at hacking techniques. Instead, they touch on most subjects way too lightly, and making several failed attempts in explaining some basic networking concepts.
What I thought to be the most value when reading, was the promise of a website with all the links mentioned in the book. As of today, this site is "under construction" without any useful information at all! (
In short, if you want to get a basic feel for what hacking is about, and want to get it without using a web browser, read this book. If you're looking to expand your knowledge or get definite answers, look elsewhere.

2 out of 5 stars YAUHB. Yet Another Useless Hackers Book., August 25, 2000
Reviewer: Marco de Vivo (see more about me) from Cracas, Venezuela

OK, I did it again, I bought another useless 'hackers book'. As before, it is basically my fault, since I chose to (by my own free will). Unlike before, however, the disappointment is a lot higher, since the authors (I know their works) are capable of a far better product. It can be the diversity of styles, or some kind of auto censure, or whatever, but the book looks basically naive, and the content is very weak. It seems to me as if while trying to be formal, the authors banalized and/or obscured the issues under discussion. The bottom line is a mosaic of generic topics that you can easily find (better treated) following common security links. As for the claims of Mr. Russell (back cover), besides being truly OPTIMISTICS, they seem like referring to a different book! I am still amazed by a the fact that he can really believe that after reading the book, the term 'blind spoof' will be correctly understood! Half page of obscure information (using a non-representative example) with at least a misplaced term, doesn't seem the way to explain this kind of spoof (you can find better information in Morris original document). Besides, the 'explanation' aims to describe some scanning possibilities instead of real blind attacks. Not a mention to modern forms of prevention (e.g., Syn-Cookies, Firewalling, etc.).

Still a good idea, I hope it will eventually produce the serious book we all were expecting

1 out of 5 stars Disappointing !!!, August 19, 2000
Reviewer: A reader from US

Sadly the content looked really good, as did the hype. But when you read the content it is really weak. Nothing new here at all ! It is written by a bunch of respected guys on the so called underground. I can only describe them as a bunch of bare knuckle street fighters; I wanted a book by prize fighters.

They dont get the fact that sure you can break things but the underlying technology or Math (in the case of crypto chapter) is often sound, it is usually just a matter of bad implementations.

The book was also written by multiple authors and that shows. It is disjointed to say the least.

Oh and the patronizing "Tips for IT Pros"...

** Unix System Security Tools (Unix Tools)
Seth Ross / Paperback / Published 1999
Amazon price: $31.96 ~ You Save: $7.99 (20%) (Not Yet Published -- On Order)
Paperback - 512 pages Bk&Cd Rom edition (September 1999)
McGraw-Hill; ISBN: 0079137881 ; Dimensions (in inches): 1.33 x 9.01 x 6.04 Sales Rank: 76,042

This is a weak and a very short book -- much shorter that you would expect from a regular book that contains 512 pages. This fact is partially due to very narrow (6 inches wide) pages with wide margins. Such pages contain approximately half of usual page content -- so the volume of the book is equal to 256 pages of "regular" book.

It does contain a CD with tools, but that's it.

Look at the table of content. Aha! 16 chapters, so its less than 16 normal pages for a chapter.

For example the Chapter 6 "Filesystem Security" is really extremely superficial and does not cover even the main concepts.

The book describes Tiger and Cops -- definitely outdated legacy scanners that are not that useful nowadays, but still remain classic of the field.

Generally the book creates an unfavorable impression of hasty and superficial compilation. I think that Linux System Security: The Administrator's Guide to Open Source Security Tools is a much better book.

See also the author resume It's not clear why the author decided to write about security:

Seth T. Ross is a San Francisco-based Internet author and entrepreneur who's been working on Internet projects since 1990. He's currently conducting independent research on computer security topics and developing a suite of UNIX and network security tools.


  • Author - UNIX System Security Tools, McGraw-Hill, forthcoming
  • Author - Netdictionary (, 1997
  • Editor/Publisher - The Newbie's Guide to the Microsoft Network, by Michael Lehman, Albion Books, 1995
  • Editor/Publisher - Netiquette, by Virginia Shea, Albion Books, 1994
  • Author - Taking the Next Step: The Buyer's Guide to NeXTSTEP Computing, Albion Books, 1993
** Unix Security (Sys Admin-Essential Reference Series)
Paperback / Published 1997
This "book" is really a collection of (magazine?) articles by different authors and thus suffers from a lack of focus and cohesion -- from the online review in The book does contains several useful scripts, but generally it is weak.

Intrusion Detection

**** Network Intrusion Detection: An Analysis Handbook
Stephen Northcutt
Amazon price: $31.99
Textbook Binding - 267 pages (July 1999)
New Riders Publishing; ISBN: 0735708681 ; Dimensions (in inches): 0.63 x 9.03 x 7.05 Sales Rank: 3,530
Avg. Customer Review: ****+
Number of Reviews: 10
***** Best IDS book for hands-on implementors January 29, 2000
Reviewer: Jay Heiser (see more about me) from Vienna, VA
Of the 3 available intrusion detection texts, this is by far the best for someone who actually wants to do intrusion detection. It is breezy & chatty--like sitting down with a good friend (unfortunately, one who doesn't organize his thoughts very well and whose editor was apparently in a hurry).

This is a bits & bytes book; it assumes some knowledge of TCP/IP and security concepts, but it accomodates non-specialists. It is useful for readers of varying levels of familiarity with Internet protocols. Northcutt provides an excellent introduction to the specific mechanisms of the most common network attacks, and offers the most cogent description I've seen of the [purported] Mitnick attack on Shimomura.

I especially enjoyed his efforts at providing neophyte intrusion analysts with political advice. His insight that host-based IDS is technically superior to network-based, but politically impractical is a gem of organizational wisdom.

***** Readable, intelligent, down-to-earth. October 1, 1999
Reviewer: Greg Broiles (see more about me) from Oakland, CA
Network Intrusion Detection is rare among technical books - it's comprehensive, accurate, interesting, and intelligent; it's got none of the "filler" chapters which seem to be prevalent in the genre. It's well worth the relatively small investment of time and money required to read and understand it.

The author has "been there, done that" which gives him a perspective unavailable to professional technical authors who write about Java one month, CORBA the next, will be assigned a firewall book next.

This book will be useful to people responsible for intrusion detection, people who manage them, and to people who need to understand attack techniques and the forensic tools needed to detect and document them. Highly recommended; it's in the same class as Cheswick & Bellovin's classic _Firewalls and Internet Security_.

***** Northcutt hits the ball out of the park! August 25, 1999
Reviewer: Richard Bejtlich ([email protected]) from Texas
I am the chief of a 15 person intrusion detection team, with responsibility for centralized, around-the-clock monitoring of a global network. I believe I have enough experience to claim Steven's book is first rate and sorely needed. His reconstruction of a Christmas Eve system compromise and his analysis of Kevin Mitnick's TCP hijack of Tsutomu Shimomura's host are excellent case studies. His coverage of reset scans and other non-standard reconnaissance techniques prompted me to scour my traffic for the same events and write a paper on my findings. I do not agree with some of his conclusions on SYN ACK and reset scans, but his work made me investigate those topics. While I would have preferred slightly more explanation and examples of network traces (who wouldn't?), I hope this book begins a trend of sharing (sanitized) packet-level incident details within the IDS community. I recommended Steven's book to every analyst on my flight and every person in my unit, and I plan to build in-house training around it. I guarantee every person with a technical leaning and a position on the front line of intrusion detection will appreciate Steven's book. See you at SANS Network Security 99
*** Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response
Edward G. Amoroso(Preface) / Paperback / Published 1999
Amazon price: $40.99 ~ You Save: $8.96 (18%)
Average Customer Review: ****
Dr. Amoroso teaches security course at Stevens Institute of Technology. The book looks like average college textbook written by professional educator with no strong contacts with practical side of the subject. The author wrote two other security books. None was significant.
*** Intrusion Detection (Macmillan Technology Series)
by Rebecca Gurley Bace
Amazon price: $50.00
Textbook Binding - 350 pages 1 edition (December 21, 1999)
New Riders Publishing; ISBN: 1578701856 ; Dimensions (in inches): 1.07 x 9.42 x 7.57 Sales Rank: 11,172
Avg. Customer Review: ***
Number of Reviews: 2
This book is a marginal book. Not very technical but not very management oriented either. It's akin to below average college CS textbooks. Or law books. It's designed for CIO smacking....
Slashdot Intrusion Detection [Book Review]
** Intrusion Detection : Network Security Beyond the Firewall ~ Usually ships in 24 hours
Terry Escamilla / Paperback / Published 1998
Amazon price: $31.99 ~ You Save: $8.00 (20%)
Paperback - 416 pages (October 1998)
John Wiley & Sons; ISBN: 0471290009 ; Dimensions (in inches): 0.88 x 9.28 x 7.55 Sales Rank: 58,575
Avg. Customer Review:
Number of Reviews: 10
** Jarringly unfocussed and inaccurate... August 13, 1999
Reviewer: A reader from San Francisco, CA
I wanted to like this book, seeing as how I've made intrusion detection an important part of my career (the book spends a few pages discussing a paper I wrote), and there are no good offline resources on the subject. Unfortunately, I found little to appreciate in this book, which could have benefited greatly from better technical editing, a sharper concept of what its audience is, and (unfortunately) a better grounding in the subject matter.

The most important problem with this book will be obvious to most readers. Escamilla doesn't address the subject of intrusion detection until midway through the book, opting instead to fill the first half of the book with background information about computer security. This information is presented poorly (and with glaring inaccuracies). Almost all of it is covered better in other books, which readers unfamiliar with network security will need to buy anyways to make the intrusion detection concepts discussed in the latter half of the book accessible.

Unfortunately, the relevant half of the book isn't much better. A confused mish-mash of technologies are presented under the banner of I-D (I know of very few people in the security industry who consider security scanners to be I-D systems), and the most widely used forms of I-D are given scant coverage.

Worse still, the author profiles real commercial I-D systems (towards the end of the book). Apart from the fact that this information was unsalvageably outdated before the book made it to the press, it's also biased. Descriptions of one system span 3 pages, while another merits a single paragraph. Many important systems (which were widely known at the time of this book's release) are not covered at all. And, predictably, most of the details about the commercial systems covered read like marketing material, with almost no comparisons to the other systems covered.

Although this book is a mess, it's not an unrecoverable one. The authors descriptions of Do-It-Yourself intrusion detection on Unix systems is competant, if not revolutionary, and is almost reminiscent of Cheswick and Bellovin's work in _Firewalls_and_Internet_Security_. A better informed, more coherent second revision of this book would be worth looking at.

Unfortunately, there's very little to recommend this book. A critical and informed reader might get some value out of it, but nothing that couldn't be obtained more easily from the Internet. At its worst, however, this book can be misleading, and is thus an inappropriate introduction to its subject. Overall, a deeply flawed book. Steer clear.


** Solaris Security ~ Usually ships in 24 hours
Peter H. Gregory / Paperback / Published 1999
Amazon price: $39.99
Average Customer Review: ** Number of Reviews: 1

When the book title is "Solaris security" and not "Hacking exposed" one can probably expect a decent level. Not true.

The book can probably be partially useful for beginning Unix administrators, but in no way it can be considered a Solaris Security book.

First of all the useful content is almost absent. If you skip first 23 pages and appendixes you might find that you have bought less than 150 horribly typeset pages of general information useful only for beginning Solaris sysadmins, if any.

The quality of the book can be illustrated by the folowing quote (preface, page XLI):

This archive was compromised more than two years ago and is now defunct so putting such URL in the book looks unprofessional. And the value of this recommendation is pretty obvious.

Now about important tools: Aset is covered in just one page. COPS in one-half, Tiger -- one half, Tripwire in one. None of the modern tools are covered at all. After that statistic one might wonder why the book is called Solaris security. Well, that's probably gives you an idea.

I agree completely with the following review of the reader from New Hampshire, but I would give one stars instead of two.

** A reader from New Hampshire, US , October 13, 1999
Very basic, riddled with errors and typos
They should have named this book "Beginning Solaris Administration with a touch of Security". This book presents basic system administration techniques, many of them extremely obvious or simple common sense. Security is glossed over very quickly with little to no 'meat'. "We recommend running COPS or Tiger to audit this weakness, see Chapter 4." Chapter 4 includes a one paragraph note on COPS.

In addition to the lack of any real content, like all recent computer books, this one is rife with errors and typos. Example: The chapter on DNS--the author continually comments on blocking port 43 at the firewall to prevent DNS queries and zone transfers. Everyone knows that DNS uses port 53--in fact, the author notes that in a table 10 pages earlier. I would just attribute this to a typo, but he mentions port 43 at least 5 times on one page.

I expected better of SUN and Prentice-Hall, but I guess I should have known better based on the Janice Winsor books.

Linux specific books

Building Linux and OpenBSD Firewalls
Wes Sonnenreich, Tom Yates / Paperback / Published 1999
Amazon price: $44.99
Paperback - 512 pages (October 1999)
John Wiley & Sons; ISBN: 0471353663
Linux Security (The Landmark Series)

John S. Flowers / Paperback / Published 1999
Amazon price: $23.99 ~ You Save: $6.00 (20%) (Not Yet Published -- On Order)

Paperback - 400 pages (October 1999)
MacMillan Publishing Company; ISBN: 0735700354

Linux Speakers' Bureau Speaker Listing

Welcome To Inquisit!

WEB security

**** Web Security : A Step-By-Step Reference Guide
Lincoln D. Stein / Paperback / Published 1998

See also: Publisher web-site page

Interviews: Lincoln Stein on Web Security

Reviews: ERCB Short Review

About the Author: Lincoln D. Stein is a freelance writer and Director of Information Systems at the Curagen Corporation, a biotechnology company. He is the the keeper of the World Wide Web's Security FAQ. And one can read the FAQ first as the book is based on it. Author's Home Page:

Other books authored by Lincoln Stein

*** Web Security & Commerce (Nutshell Handbook) ~ Usually ships in 24 hours
Simson Garfinkel, Gene Spafford / Paperback / Published 1997
Amazon price: $26.36 ~ You Save: $6.59 (20%)
Superficial and incomplete. Can be used as a decent overview, that that's probably it. Lack practical recommendations.
????? Administrating Web Servers, Security and Maintenance ~ Usually ships in 24 hours
Eric Larson, Brian Stephens / Textbook Binding / Published 1999
Amazon price: $40.00
Average Customer Review: ***** Number of Reviews: 1
Textbook Binding - 567 pages 1 edition (December 15, 1999)
Prentice Hall; ISBN: 0130225347 ; Dimensions (in inches): 1.60 x 9.21 x 7.03 Sales Rank: 12,674
Table of contents

1. What is a Web Server?
2. Planning Your Server.
3. Users and Documents.
4. Server Configuration.
5. Server-Side Programming.
6. Log Files.
7. Search Engines, Robots, and Automation.

8. Introduction to Security.
9. Network Security.
10. Web Server Security.
11. CGI Security.
12. Web Client Security.
13. Secure Online Transactions.
14. Intrusion Detection and Recovery.

SSL and TLS Essentials: Securing the Web ~ Usually ships in 24 hours
Stephen Thomas / Paperback / Published 2000
Amazon price: $27.99 ~ You Save: $7.00 (20%)
Web Security ~ Usually ships in 24 hours
Amrit Tiwana / Paperback / Published 1999
Amazon price: $29.71 ~ You Save: $5.24 (15%)
Designing Secure Database Driven Web Sites
Jimmy Nasr, Roger Mahler / Textbook Binding / Published 2000
Amazon price: $38.24 ~ You Save: $6.75 (15%) (Not Yet Published -- On Order)
???? Web Security Sourcebook
Aviel D. Rubin, et al / Paperback / Published 1997

Copyright 1996-2004 by Dr. Nikolai Bezroukov

Standard disclaimer: The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SNDP or any other organization the author may be associated with.

We do not warrant the correctness of the information provided or its fitness for any purpose.

Links and bibliographical information about the books are prepared in association with You can buy any book listed here from simply by following the link for the book.

This document is an industrial compilation created for educational purposes only and is placed under the copyright of the Open Content License(OPL). Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Please read, understand, acknowledge, and abide by this license before copying, translating, quoting, or distributing this document. was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. 

Click here to submit your comments!


See also Linux System Security: The Administrator's Guide to Open Source Security Tools by Scott Mann. -- probably the best book on the subject.

** Unix System Security Tools (Unix Tools) -- weak see review above

Seth Ross / Paperback / Published 1999
Amazon price: $31.96 ~ You Save: $7.99 (20%)

Paperback - 512 pages Bk&Cd Rom edition (September 1999)
McGraw-Hill; ISBN: 0079137881 ; Dimensions (in inches): 1.33 x 9.01 x 6.04 Sales Rank: 76,042

Protecting Networks With Satan ~ Usually ships in 24 hours
Martin Freiss, Robert Bach (Translator) / Paperback / Published 1998
Amazon price: $15.96 ~ You Save: $3.99 (20%)

Random Findings

???? Unix Installation Security and Integrity - 2nd edition (the first was in 1992 and was authored by David Ferbrache alone see Unix Installation Security and Integrity )
David Ferbrache, Gavin Shearer / Paperback / Published 1993
???? Secure Unix
Samuel Samalin / Paperback / Published 1996 by McGraw Hill
???? Unix System Security Handbook
David S. Bauer / Paperback / Published 1991 by Addison-Wesley Pub
???? Unix Security : A Practical Tutorial (Unix/C)
N. Derek Arnold / Published 1993
???? Unix System Security
David Fiedler, Bruce Hunter / Published 1986
???? Unix System Security : How to Protect Your Data and Prevent Intruders
Rik Farrow / Published 1991
???? Halting the Hacker : A Practical Guide to Computer Security (Hewlett-Packard Professional Books) ~
Donald L. Pipkin / Paperback / Published 1997
???? Unix System Security Essentials
Christoph Braun, Siemens Nixdorf / Paperback / Published 1995
???? Audit Trail Administration, Unix Svr 4.2
Unix Systems Lab / Paperback / Published 1993



Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy


War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes


Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law


Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater�s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

Copyright � 1996-2021 by Softpanorama Society. was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site


The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019