|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix |
News | See also | Introductory | Intrusion detection | Solaris | Linux | |
Network security | Firewalls | WWW | Security Tools | TCP/IP | Random Findings | Etc |
|
There are very few decent Unix security books. The reason is easy to explain: security is a dumping ground for professionals and few if any of those authors have in depth understanding of the system they are writing about comparable with the level of understanding of the author of an advanced book on the subject. There are a lot of snake oil salesmen in security that try to propagate FUD about hackers and comprovises.
|
So the task of finding one is pretty difficult and it might be that one can probably be better off buying a decent Unix system administration book and TCP/IP networking book with security chapters, than a book specialized in security and written by a clueless author. After all a good defense is always based on real knowledge and in the case of Unix/Internet security on the knowledge of Internet protocols and Unix internals (or at least Unix system administration). Junk books like Harking Exposed are making money by pring to provide a popular (and extremely superficial) view on a very complex topic. IMHO a good Unix security book presuppose deep knowledge of OS and networking.
In case of security books it's probably unreasonable to expect them to cover recent trends. They should concentrate on fundamental principles of security. Essentially the best source of the most recent information on Unix and Internet security is Internet itself. The field is too dynamic and it's difficult to write books that cover recent trends. With typical year or more writing/editing/publishing cycle they will be outdated before they will be finished. But for the fundamental, core issues and introductory material books are a better deal that Internet materials and can help you save time and effort in mastering this large and difficult field. Unix security consists of two interconnected parts:
Some books concentrate on tools, some on principles. The main principle of security is famous KISS principle, and that can serve as a litmus test during book evaluation. If they do not stress the importance of stripping the system down to minimum number of components it's quite possible that other areas are covered weakly as well.
For security books one should be especially beware about "lemming effect" reviews, when a lot of newcomers to the field praise a very weak book with an attractive title. The word "Hacking" is a real cash cow in the security book title. I recommend you to be very skeptical about any security book with this particular word in the title; real professionals are seldom so greedy, snake oil salesmen usually are ;-)
Among semi-decent Unix security books I would like to mention Linux System Security: The Administrator's Guide to Open Source Security Tools by Scott Mann. Contrary to the title it's not a Linux specific book: it covers generic free Unix tools. Although tools themselves are covered rather superficially, this book can help understanding your tools needs and might be instrumental in installing and using of some of recommended tools.
A rare good book is Mastering Network Security by Chris Brenton.
So far a decent (but outdated) introductory book on Unix security is still Practical Unix and Internet Security. I am not big fun of this book, but still I would like to admit that it's a decent book. The major drawback is that it's not tools oriented and large part of it is quite outdated. See my review of the book. But the biggest advantage of this book is that it's available in HTML. I feel that it should be used with Linux System Security: The Administrator's Guide to Open Source Security Tools -- a better and more modern book, but not introductory in nature.
For TCP/IP-related security in addition to Mastering Network Security you can find 50% discounted Actually Useful Internet Security Techniques Larry J. Hughes / Published 1995. It's not bad, but outdated... See my list of booksellers.
See also: Peter Gavlin Security book review the good the bad and...the worst - SunWorld - October 1998 -- preferences IMHO are questionable, though ;-)
Dr. Nikolai Bezroukov
You can use Honor System to make a contribution, supporting this site |
**** Mastering FreeBSD and OpenBSD Security
by Paco Hope, Yanek Korff, Bruce Potter
If you are looking at implementing one of the BSD distributions of Linux and want to secure your installation this book is an excellent choice. The authors cover the basic security that applies to all Linux distributions such as filesystem security and creating a sandbox, and then follows up with security options specific to BSD. The chapters cover installation, secure administration, creating a secure DNS server, secure mail servers (including Sendmail, Postfix, and qmail), secure web server, firewalls, intrusion detection, system auditing and incident response, and some forensics. However, the forensics information provides a decent overview without being detailed enough to be very useful.
The authors do a really good job of explaining not only how to do various tasks but also the reasoning behind it and how it works to resolve specific problems. I like the fact that the authors don't do this in a piecemeal approach but provide a pathway to get to the system hardened before heading off into the specifics of harding particular services link DNS and Sendmail. They actually have a step by step procedure starting from a fresh install. This alone makes this one of the better books on hardening FreeBSD and OpenBSD. Mastering FreeBSD and OpenBSD Security is highly recommended.
Real World Linux Security (2nd Edition)
Hardening part (Ch 02) is weak. The author does not understand the compromises involved. The only useful chapter is Ch04. Common break-ins by subsystem. But it's not in depth (DNS part is extremely weak). But used book can be bought for $5 or less and at this price might make sense.
??? Network Security Assessment
by Chris McNab (Author)
Too generic to be really useful. No more then overview of consepts.
Excellent book to assess your own network security..., May 19, 2004
Reviewer: Thomas Duff (see more about me) from Portland, OR United States |
Target Audience
Network administrators or security administrators who want to assess the security of their systems.Contents
This book is a series of assessments that you can do to your systems to determine the level of your system securityThe book is divided into the following chapters: Network Security Assessment; The Tools Required; Internet Host And Network Enumeration; IP Network Scanning; Assessing Remote Information Systems; Assessing Web Services; Assessing Remote Maintenance Services; Assessing FTP And Database Services; Assessing Windows Networking Services; Assessing Email Services; Assessing IP VPN Services; Assessing Unix RPC Services; Application-Level Risks; Example Assessment Methodology; TCP, UDP Ports, And ICMP Message Types; Sources Of Vulnerability Information
Review
Every day brings word of new exploits and new security bugs in various operating systems. Some are new and unique, and many are rehashed exploits made possible by the failure to patch and secure your systems. In order to see your system as a cracker would, you need to understand the mindset and toolsets that are used against you. This book, Network Security Assessment, will help you do just that.Each chapter starts with a brief explanation of the area being discussed, as well as some of the overall security concerns related to that service. The rest of the chapter is then devoted to various exploits and tools that can be launched against the different operating systems. Chris McNab uses extensive illustrations and output listings to show the reader how the tools work and what type of information can be exposed to an attacker. Since many of the tools are Unix-based or are expected to be used against Unix-type systems, the author does assume familiarity with administration of Unix variants.
There are a lot of things to like about this book. The assessment methodology is organized and well thought out. It's not just a random scattering of exploits. The author also takes great pains to provide the sites where you can download the tools. In addition to that, the tools are also mirrored at the O'Reilly site so that you are protected against websites that may move around. The argument could be made that this provides a fledging cracker with all the information they need to break into your system. True, but the information already exists, and they will find it with or without this book. This book levels the playing field by making security information available to corporate administrators so that they have a chance against attackers.
Conclusion
A worthy addition to the bookshelf of network and security administrators. By following the exploits and processes outlined, you'll be able to sleep well knowing that you've covered as many bases as you can.
Network Security Hacks
by
Andrew Lockhart (Author)
***
Practical Unix & Internet Security, 3rd Edition
by
Gene Spafford (Author),
Simson Garfinkel (Author),
Alan Schwartz (Author)
Rare OK book. Outdated and partially spoiled by adding Alan Schwartz to the team: he did not manage to do a complete updating of the text: some chapters are still old with a lot of irrelevant material.
Building Open Source Network Security Tools Components and Techniques
Man Page Reprint, February 19, 2003Reviewer: A reader from Atlanta, GA United States
If you don't read the man pages then this book is for you. After reading the glowing reviews I went out to purchase this book. I am extremely disappointed. The lion-share of the book is merely API description. There are some neat examples in every chapter, but they are available on the internet... The end chapters of the book are well written concise summaries of known techniques and concepts (possibly the only redeeming component of the book)
After using libnet I was expecting something great from the man who wrote such an awesome library. Experienced programmers should use the man pages. If you're new to information security topics then you might find this book useful.
A newbie would be well served by this book.Reviewer: jose_monkey_org (see more about me) from ann arbor, mi
this is pretty much the book I've been looking to add to my library for a while. schiffman covers the major libraries in security (libnet, libdnet, libpcap, openssl, libsf, and libnids) in a smooth and excellent way, and then brings them together in several small apps and then firewalk 5.0. in this book we learn techniques to complement the tools we learn how to craft.
i was a bit let down in some of the details being left out of the libraries schiffman didn't write, such as pcap and ssl. these are really difficult to master libraries, some more attention could have been given here.
another reviewer noted that the book really ignores the windows developer, which is true to an extent. however, what schiffman doesn't say (and the reviewer doesn't state) is that several of the libraries (pcap, libnet, libdnet, openssl) work just fine on windows. it would have been helpful to have seen that covered more, but perhaps in the next edition.
all in all, a recommended book. now infosec people will have no reason to say they can't write their own network attack apps. and hopefully it will inspire someone to write a better mousetrap, too. i'm still surprised it took so long to appear on the shelves!
Refreshing Networking Security material!, October 31, 2002
Reviewer: [email protected] (see more about me) from Baltimore, Maryland There are many security books on the shelves today. Most of them describe the same hacker tools and methods. They don't get very technical and once you've read one, you've read them all. Building Open Source Network Security Tools is a different breed of security book.
Building Open Source Network Security Tools , just as the name suggests, is about how to build network security tools. This is a technical book, so you are going to have a little knowledge of C and your networking principles. This is definitely not a managers book.
First the book describes some basic principles in developing security software. This is a quick primer in case you have never been involved in software development. Next the book goes on to describe several commonly used libraries like libnet and libpcap. For each library, the structures and functions are explained, then there is sample code. I have written programs using libpcap and libnet before and I still learned something. There is even a section on OpenSSL programming. OpenSSL is a rather large and cryptic, no pun intended, library (in my experience anyways). This book sheds some light on it! These chapters are a great reference to have when making a new security tool.
The author then goes on to explain the several techniques like attack and penetration and active reconnaissance. Not only does the author tell you how they would in a technical sense, he provides code that does it, and explains each piece. This is very useful since most tools in the wild aren't very well commented ;) There is also a chapter on buffer overflows and format string vulnerabilities. These chapters are very well done and do a good job in explaining how they work and how to write code to use them. It may sound like this is an offensive hacker book, but it also gives examples on how to write defensive programs, like a port scan detection tool. At the end of the book the author ties it all together with a large program that utilizes many of the techniques mention in the book.
I found this book to be very refreshing. I had been waiting for a good security programming reference, and this is it. As a part of the Honeynet Project, I have seen a large number of compromises and tools, and one thing I've found is that in order to truly know who your enemy is, and how they operate, you need to know how their tools work. I wish this book had been released years ago when I first became interested in network security. It would have saved me from stumbling around old web pages and dead links. If you're an information security professional, this book is a must have for your library.
Price: | $49.99 |
Very weak: as close to junk as you can get. Definitely not recommended even as an intro.
Chapter 1: Are You at Risk for a Hacker Attack?
Chapter 2: Introduction to "Hardening" Your Solaris Operating System
Chapter 3: Hacker Tools & Techniques
Chapter 4: Securing Your Users Accounts and Environments
Chapter 5: Securing Your Independent System
Chapter 6: Protecting Permissions and Filesystems
Chapter 7: Types of Attacks
Chapter 8: Cron: What it is and How It Protects You
Chapter 9: Planning: The Best Defense Against Disaster
Chapter 10: Commercial Solaris Security Tools
Chapter 11: Solaris Security Freeware and Shareware
Chapter 12: You've Been Attacked � Now What?: Triage & Recovery Guide
Appendix A: Secrets
Appendix B: Additional Resources
The TOC looks pretty reasonable, but 400 pages for twelve chapters (30 pages
per chapter) are definitely not enough for in-depth coverage.
Well-organized approach to securing Solaris systems, January
9, 2002
I am a senior engineer for network security
operations. I am not a Solaris system administrator, but I read "Hack
Proofing Sun Solaris 8" (HPSS8) to learn more about securing Solaris
systems. HPSS8 addresses a wide variety of Solaris security issues,
and is suitable for beginning and intermediate system administrators.
HPSS8 is not a Solaris version of "Hack Proofing Linux" (HPL), which
I reviewed in October. While HPL seems more like a catalog of open source
security tools, HPSS8 focuses on explaining the features and configuration
of Solaris hosts. The authors provide useful explanations of Trusted
Solaris, with enhancements like Role Based Access Control and Mandatory
Access Control. Admins unwilling to deploy Trusted Solaris can experiment
with the SunSCREEN Basic Security Module (BSM), which raises a default
Solaris 8 installation to the C2 security level. HPSS8 describes how
to deploy Sun's Kerberos implementation, called Sun Enterprise Authentication
Mechanism (SEAM). The book also introduced me to Sun's implementation
of file-based access control lists to protect SUID files.
As a casual reader, not responsible for implementing these tools, I
found HPSS8's coverage adequate. I learned about enterprise-grade security
features I never knew existed. I'm not sure if admins needing in-depth
explanations will find what they need in HPSS8.
HPSS8 appears to be written by authors who know their material. I found
no errors, although I admit I am not a Solaris expert. The network security
discussions, with which I am more familiar, seemed error-free as well.
I appreciated the heavily technical buffer overflow explanation in ch.
10, and was surprised to learn in ch. 8 that Solaris by default routes
packets between multiple interfaces. The only slip in editing appeared
to be unnecessary "double coverage" of Snort (in ch. 3 and ch. 8), probably
written by different authors.
If you're a junior Solaris admin and you need to lock down your machines,
securely operate web, email, caching, routing, firewalling, and related
services, HPSS8 will definitely help you. Senior Solaris admins will
probably not learn new tricks. Security professionals who want to familiarize
themselves with Solaris features will enjoy reading HPSS8, as I did.
(Disclaimer: I received a free review copy from the publisher.)
|
Amazon.com Sales Rank: 33,503
It's an excellent book covering all aspects of
Linux security
from physical site security to VPN's. It's up to date: a good section with clear
examples on iptables is included.
For each section the author selects a few (or as in the case of file integrity just one product like tripwire) products and explains with good examples how to install and configure from scratch (including installing the rpm's). The language is clear and the author explains both why and how. There is an excellent section on nessus and the tripwire part really shows what a cumbersome beast tripwire now has become ... The focus is almost 100% on freely available tools in true Linux spirit.
It's not without minor faults however - but so far I have only found one major one. The section on "Starting Network Services from /etc/rc.d" is weak: it messes up the runlevels (1 is single user and 5 is X11), it does not mention the fact that Kill scripts are run before the Start script when _entering_ a new run level and there is no mention of ntsysv (or chkconfig).
I do like the fact that Hontanon is not at all afraid of giving strong recommendations - i.e. "Among the password auditing tools ... John the Ripper stands out as the clear winner because of its performance and ease of use".
This is not a beginners book - it assumes general Linux and networking knowledge.
If you are looking for a source for overall Linux security, Unix security tools and how to use these tools look no further. This book should be on your bookshelf along with the 2nd edition of "Maximum Linux Security" and (the now slightly out of date) "Practical Unix&Internet Security".
Recommended.
Buy two of these, May 30, 2001
Reviewer: A reader from Atlanta, GA, USA
I wasn't a fan of Hacking Exposed, largely because its Unix section was a mere
50 pages of superficial, outdated, and obvious fluff. Hacking Linux Exposed
makes up for that lack by digging into Unix in much more depth. Though it is
modeled after the attack/countermeasure style of the original HE, this book
includes a whole chapter of security measures at the beginning that you can
implement instantly to get your machine locked down before getting into the
nitty-gritty detail about other things in the hacker's arsenal.I was particularly
enthralled with chapter 10, which talks about what the hacker will do after
they have gained root access, from simple things like adding accounts to complicated
issues like kernel modules, complete with source code. Chapter 7 includes some
really wonderful examples of how the hacker can abuse networking protocols themselves,
something I haven't seen covered in such depth before.The book is logically
organized. The first part covers the way the hackers find and probe your machine.
The second talks about getting in from the outside, be it network or physical.
The third part talks about gaining additional priveleges, and the last part
of the book is dedicated to mail, ftp, web, and firewalls. The appendicies are
actually useful. They seem to have dropped the small 1-page case studies from
the original book and replaced them with longer hacker-eye-views of real attacks
which are an interesting read, and really tie the book together.This book is
Linux specific in it's countermeasures, but I'd recommend this to any unix user.
They do a good job of discussing differences between Linux variants as well,
they don't just assume everyone has a RedHat box on their desk. Very refreshing.This
book is great for both the theory and practical uses. I could spend weeks implementing
all the suggestions they have, but they seem to have thought of this because
their risk ratings let you know where you should concentrate as you secure your
systems.Like Hacking Exposed, this book also has a website, (...) but it seems
more up-to-date -- for example when the ptrace bug in older kernels came out,
they posted a kernel module you could compile to protect your system until you
could upgrade -- and includes all the source code contained in the book.I bought
two of these, one for home and one for the office, and I suggest you do the
same.
Chapter 1: Are You at Risk for a Hacker Attack?
Chapter 2: Introduction to "Hardening" Your Solaris Operating System
Chapter 3: Hacker Tools & Techniques
Chapter 4: Securing Your Users Accounts and Environments
Chapter 5: Securing Your Independent System
Chapter 6: Protecting Permissions and Filesystems
Chapter 7: Types of Attacks
Chapter 8: Cron: What it is and How It Protects You
Chapter 9: Planning: The Best Defense Against Disaster
Chapter 10: Commercial Solaris Security Tools
Chapter 11: Solaris Security Freeware and Shareware
Chapter 12: You've Been Attacked � Now What?: Triage & Recovery Guide
Appendix A: Secrets
Appendix B: Additional Resources
TOC looks pretty reasonable, but 400 pages are definitely not enough for in-depth coverage.
Our Price: $39.99
Paperback - 480 pages 1st edition
(September 26, 2001)
Prentice Hall PTR; ISBN: 0130330620
; Dimensions (in inches): 1.28 x 9.24 x 7.04
table of contents
This is only 400 pages books about pretty complex subject, but the book got several very positive reviews. First four are so positives that I suspect some of them might be "friends and family" type of reviews. Judging from the Table of contents the book covers (or at least mention) several important areas including using Snort (mentioned in the ch. 15), Hardening (Ch 12). The latter is a definite plus, although the items listed in this chapter has nothing to do with tightening system setting and stripping the system to bones.
At the same time the chapter 13 title looks misleading (contents has nothing to do with hardware)
13. Preparing Your Hardware.
Timing Is Everything. Advanced Preparation. Switch to Auxiliary Control (Hot Backups). TCP Wrappers. Adaptive TCP Wrappers: Raising the Drawbridge. Cracker Trap. Ending Cracker Servers with a Kernel Mod. Fire Drills. Break Into Your Own System with Tiger Teams.
And the content of chapter 9 "Gutsy Break-Ins" (Mission Impossible Techniques. Spies. Fanatics and Suicide Attacks.) looks like an indication of snail-oil salesmen style.
***** A useful book,
December 11, 2000
Reviewer: Jonathan Low from Sunnyvale, CA USA
This book is written in clear prose and is easily understood. His description
of attacks and how to defend against them is fascinating and extensive. He has
a section titled "Obscure but Deadly Problems". I fear they are not as obscure
as one would hope, as I have encountered such problems. The historical notes,
such as that of the Symlink Attack (section 6.8.3 in the grey box on page 298),
allow the reader a deeper level of understanding. The resources and instructions
for finding the attacker's system given in chapter 20 are very useful.
- Firewalls : A Complete Guide ~
Usually ships in 24 hours - Marcus Goncalves(Editor) / Paperback / Published 1999
Amazon price: $43.99 ~You Save: $11.00 (20%)
Read more about this title...
- Firewalls Complete (Complete Series) ~
Usually ships in 24 hours - Marcus Goncalves / Paperback / Published 1998
Amazon price: $54.99
Average Customer Review:
Read more about this title...
I'm a systems consultant and have worked with a number of different firewall products including FireWall-1. FireWall-1's network address translation feature is very powerful if you manually set up network objects and the local.arp file and configure the NAT rule. This book does even touch on these aspects; the Arch&Admin (that comes with the Firewall-1 CD) explains this in detail in 65 pages. *Copied from the CD documentation: for example, the discussion on SYN Flooding Attack (pages 138-143) is mostly taken WORD-FOR-WORD from Arch&Admin (pages 329-333). Many examples are copied verbatim. *PPTP is not secure relative to alternatives - why recommend it? I thought the authors were veterans. *Checkpoint's OPSEC makes FireWall-1 extensible, and a couple of the add-ons such as RealSecure (attack recognition) and StoneBeat (high availability) are very complementary products. I'd expect professionals who'd write a book on FireWall-1 to have experience in these add-ons. *Of the 450 pages, only the first 306 pages are FireWall-1 related; the next 100 pages (Chapter 13) are on generic Internet attacks √ which many books cover more in content and detail. Balance is glossary and index (that's over 10% of the book). *Stripping down NT: the first thing you should do before installing FireWall-1 on NT is strip all the services from the network control panel applet. I guess the authors didn't even bother to copy Joe DiPietro.
This book does not cover anything on FireWall-1 that the software documentation from Checkpoint does not cover. As a matter of fact, Checkpoint's documentation covers much more depth AND breadth than this book. From what I understand, the only documentation on FireWall-1 that is better than Checkpoint's is Checkpoint's Hebrew version of the documentation.
For the price of this book, I'd expect more in-depth coverage
on the technical deployment of the product (for the technical implementer),
on the strategic deployment of the product (for the CIO), or both. This book
provides neither. Stick with the CD's documentation.
Table of content. The accompanying CD-ROM contains source code for examples.
Outdated but still useful.
The great advantage of the book is that it is available in HTML. That's really make it better than it was before and added an additional star in my evaluation ;-).
It's a good introduction to the subject. Somewhat outdated -- four years old in a very dynamic field, Rootkit is not even mentioned, Bugtraq mentioned only in supplement, etc. Far from being practical and can be used only as a general introductory text in Unix security. Not recommended for Internet security (superficial and incomplete). Good style -- Simson Garfinkel of The UNIX-Haters Handbook fame is a really talented journalist (but now only a journalist, see his interview with Amazon.com).
The main problem with the book is that instead of relying on tools as any Unix author should, the authors use a cookbook/reference approach giving recipes about improving security. References to important RFCs, FAQ and CERT advisories are absent. For example RFC1244 (now superseded by RTC2196) is not mentioned in index (and probably in the text as well) although Ch.2 and Ch.24 mirror its content.
No attempts were made to explain what tools can be used for checking/fixing particular class of problems or to present a bigger picture in which the flaw exists. Typesetting is very primitive. Although one of the authors is a (former) programmer judging by just the book content it is difficult to believe that he is able to spell PERL :-).
The book is not updated enough to compete with newer books on Internet Security. For corporate users possible alternatives are combinations of one book on Unix security (for example, one book on tools like Linux System Security: The Administrator's Guide to Open Source Security Tools and one book on Internet security (for example Actually Useful Internet Security Techniques by Larry J. Hughes or some more recent book on network security).
Often non-security books written by a specialist in particular area can be a
better deal than books from security folks. For example TCP/IP Network Administration
by Craig Hunt contains a lot more information about how properly configure TCP/IP
than this book and in Ch.12 has a very decent overview of security in just 40
pages.
Mark R. Lindsey ([email protected]) from Valdosta, Georgia, USA April 25, 1999
This is a superb discussion of networked-system security, in general. It doesn't pretend to be an up-to-the-minute shopping list of security flaws: that job is better left to web sites. Instead, the text educates readers with a conceptual idea of Computer Security that can be applied successfully to existing systems, and to systems not yet built. It's exactly the sort of educational value that we'd expect from simsong and spaf.
But it does go beyond theoretical education, to explain with great clarity fundamental issues in system security. Covering everything from physical security to filesystem quirks, this tome is fascinating in its scope. I have found the special section on writing solid network applications (CGI programs, and the like) to be of great value.
In short, this book provides the Common Body of Knowledge in computer security. Start here, and you'll have the basis for a comprehensive understanding of related issues -- one that transcends the individual bugs to see the bigger picture.
[email protected]
from CA, USA , May 12, 1998 **
outdated and light on internet security
I should have paid more attention when I bought this book in a series of security
books and I regret this buy. Its "best seller" position is IMO unjustified because
the networking/internet sections (10 total lines on SSL!, mentions of Netscape
2.0b2, nothing on ICMPs attacks, 3 lines about spoofing...) are completly outdated
and/or pretty useless.
Actually all tools described are not Linux specific and can be used for any Unix including FreeBSD and Solaris. First several chapters (2-4) are pretty superficial (for example huge and non-trivial problem of assigning and maintaining user groups on a production server is covered in half-page) and contain almost no useful information, but tools chapters are better and some of them are really useful.
The authors seems really used tools that they are writing about although they never go into fine details that is typical for real experts. For several popular tools the book provides some useful info that is difficult to find elsewhere. Pretty decent typography, although it's a little bit too academic and does not use icons on margins that IMHO simplify reading.
As for the classic open security tools, the book covers PAM(36 pages), Sudo(20 pages), TCP Wrappers(24 pages), SSH(55 pages), Tripwire(24 pages), CFS and TCFS (30 pages), and ipchains.
From the first reading it looks like at least some "tools" chapters are *not* a rehash of existing online documentation. In addition to the chapters about classic open source security tools I like chapters about logs: a chapter on syslog (Ch.8) and a chapter on log file management (Ch.17).
Now about weaknesses. The chapter on Tiger is extremly weak. The second author of the book ELLEN L. MITCHELL is a network analyst at Texas A&M University, responsible for campus network security, development, and administration. She currently maintains the Tiger UNIX security package, but is unable to maintain a pretty simple set of hardening scripts :-(. That's due her efforts, Tiger is now a legacy tool :-). Actually information is not completely useless -- it's not difficult to switch to another tool after one understands how Tiger works. Titan can be considered for Solaris. Perl is superior for writing Unix vulnerability scanners in comparison with shell, but Bastille is no way a better set of scripts than outdated Tiger. From the point of view of architectural solutions Tiger is much stronger (that the polite way to way that Bastille is junk).
There are several serious omissions. Book is incomplete in a sense that neither Snort (or any similar intrusion detection tool), nor open source network scanners (Saint, Sara, etc.) are covered. Nmap is not covered as well.
Of course there are some typos, but generally not that many. But what is really bad is that the Prentice Hall book page http://www.phptr.com/ptrbooks/ptr_0130158070.html currently is pretty basic with no errata or additional links. The authors do not provide a WEB site for the book. That is a really bad sign :-(.
This book can probably be used for studying Unix security at universities along with somewhat outdated Practical Unix and Internet Security and this combination can somewhat compensate deficiencies of the latter (non tool oriented descriptive approach).
The authors did not produce the coherent picture of what is what and the book is fragmentary. It's more like a collection of notes or a reference of useful tools. Paradoxically Unix part of the book is extremely weak. Looks like neither of the authors understand Unix well.
** Bloated...with little substance, July 21, 2000
Reviewer:
neptoona (see more about me) from Wilmington, DE USA
This book is really nothing more than a guide. If you don't have time to search the internet (and the stuff is not hard to find) then this book may be of some help. It's amazing how they managed to fill up so many pages and tell you very little. They tell you about all of the tools and where to get them, but they give you nothing on how to use them, with the exception of nmap and ncat. If you can get this book used for a few bucks, then it may be a good buy as a reference, but don't buy it at the retail price.
Reviewer: A reader from Moscow, Russia
I didn't find anything in this book that I hadn't found after doing a few days worth of research on the web. Many parts of the text seem to have been directly lifted from the Read Me files of the tools that the author is trying to describe. A real cut-n-paste job.
the book-as i said before in the summary- is good but its not good enough.....its not written for a certain class of readers......its not high enough for the experts and its ont simple enough for the beginners
I manage a crew of about 20 people who do intrusion detection analysis. The stellar achivement of the authors of Hacking Exposed is packing their book with useful information AND making it easy to read. The only thing wrong with this book is that in attempting to cover everything, the authors talk about some things that aren't really worth knowing and skimp on topics where most readers would want more depth.
There are many topics that received excellent coverage in this book. Among them are: DNS records and zone transfers, the ins and outs of nmap, Unix log files, the NT null session or Red Button vulnerability, the SAM database and NT password guessing. This book does an excellent job covering Netbios and NT vulnerabilities which I found exteremly useful since most of my background involves Unix.
Topics that could have been left out of this book or that received undue attention include Windows 95/98 and Novell. In the last section of the book the Authors seemed to want to cover as many tools and vulnerabilities as possible. I would have preferred a more informative treatment of a smaller number of issues.
An important topic I thought the authors didn't do justice was buffer overflow vulnerabilities. The reader is referred to papers done by Dr. Mudge and AlephOne.
All in all I found this book very useful and look forward to the second edition.
Hacking Exposed offers a good overview of many well-known, and some lesser known, secuirty vulnerabilities. A fairly quick read, strikes a good balance between superficiality and going too deeply into code. Very good on NT and router security (often overlooked), but could be better on UNIX (not much Linux-specific advice here). As a part-time admin for a small network, I'm glad I picked this book up. Would have like to see more on security tips for small business security -- ex. review/advice re: SonicWall /Watchguard type boxes.
About time someone knew what they were writing about, September 14, 2000
Reviewer: rhelic (see more about me) from Canastota, NY USA
I've read about 4 security books and this book was far better than the rest. Instead of simply telling you not to run a certain service cuz it might have a hole, it actually tells you what the hole is, how to exploit it, and where to get the tools you need to exploit it. This isn't a list of programs and their holes though, it starts at the begining teaching you how to enumarate (get info) from a computer from all kinds of different methods, such as trying to find out OSs, their versions, services that are running and who is currently on the system. It talks about scanning groups of computers to find the few that are exploitable. It then goes on to explain specific Windows9X holes, then NT, to Novell, and then to Unix. Spending upto 60 pages on each operating system (very in depth and all of it usefull). There are also chapters just on dialup and VPNs (virtual private networks), firewalls, network hardware (routers) and an entire chapter just about DoS's (Denial of Services). It then goes into Advance Techniques, problems with PHP and ASP, and then onto a chapter on Windows2000 (talk about being up to date). As far as my book collection goes, this definetly gets my Top5 rating of the 100+ books I've read. Theres alot of meat to eat in this book.WHAT A BOOK!, July 24, 2000
Reviewer: Nectron from California
i am really interested in computing, networks, and security, i bought this book from amazon.com, when i was looking for a book that TEACHES me how to hack, and teaches me how to block hackers attacks, i know that a lot of bigenner hackers like me, are looking for a mentor or for a guide, to learn hacking or to be a security expert, this book is really really scaring, and reallly shows you how vulnerable your network or computer is... the last word i say is: ( IF YOU'RE LOOKING FOR A TECHNICAL BOOK, IF YOU WANT TO BE A HACKER, BUY THIS BOOK NOW! )
i g07 7his b00k n0w i'm 7h3 m4s70r h4X0r, June 2, 2000
Reviewer: A reader from USA
this book is totally amazing! i used to know how to code in QBasic, but now i am a master hacker! thank you very much mr smartay hacker man for writing this book for me. if it weren't for you i wouldn't be as good of a hacker that i am today.
A controversial introductory "cash cow" (450 pages for $40) book from Syngress -- a new kid on the block. In best cases such books are 80% junk and 20% useful and this book is no exception. If you consider penetrations into other companies computers as an electronic terrorism this is a terrorist handbook ;-) Among contributors I noticed Mudge (who run L0pht) and Rain Forest Puppy (the author of whisker CGI scanner written in Perl, he authored one paper: A look at whisker's anti-IDS tactics).
Again this not a security tutorial. This is a textbook for a hacker/cracker wanna-be with chapters of very uneven quality written by different authors. A book on general network security gives a better introduction, and I am convinced that the view of a hacker/cracker does not help very much in securing a network.
Chapter 8 is not bad (but a good knowledge of assembler is a lost art nowadays) but that's probably it.
All-in-all it's slightly better than Maximum security junk, but still it has the same distinctive style of "I want to make tons of $$ from all this hacker wannabe idiots". Funny, but Maximum security has much more positive (Amazon lemmings effect) reviews.
The contents is hampered by the superficial understanding of TCP/IP The mentioned exploits and attacks are now mostly fixed and thus outdated, so many of the URLs are of limited value. Denial of service attacks are not discussed at all. Although the attack part descriptions in some chapters(7-10) are more or less decent and might help to understand the spectrum of possible threats, countermeasures treatment is so superficial that I would classify this book as a wanna-be hackers textbook. that is not much here for qualified corporate security personeel. But even in rare cases when there is some useful content in the book documents available freely from the Net often are equal or better.
Some chapters are really horrible (Chapter 6(Cryptograghy) is very amateurish, the complete lack of understanding of virus security is pretty evident in the Chapter 14).
Here is pretty revealing quote in the best "Give us your money stupid Pinocchio" style from Ryan Russel :-)
I especially like steps 4 and 5 in protecting servers ;-). Here is a couple of Amazon Review that I like:
Incomplete, shallow and too diverse, October 19, 2000
The reputation of the authors made me hope for a much more in depth look
at hacking techniques. Instead, they touch on most subjects way too
lightly, and making several failed attempts in explaining some basic networking
concepts.
Reviewer: R. van den Berg from Netherlands
If you know nothing about hacking, this book might be a good start. However,
there are plenty of web sites that will do a better job (and they are free).
What I thought to be the most value when reading, was the promise of a website
with all the links mentioned in the book. As of today, this site is "under
construction" without any useful information at all! (www.internettradecraft.com)
In short, if you want to get a basic feel for what hacking is about,
and want to get it without using a web browser, read this book. If you're
looking to expand your knowledge or get definite answers, look elsewhere.
Still a good idea, I hope it will eventually produce the
serious book we all were expecting
Disappointing !!!, August 19, 2000
Reviewer: A reader from
Sadly the content looked really good, as did the hype. But when you read
the content it is really weak. Nothing new here at all ! It is written by
a bunch of respected guys on the so called underground. I can only describe
them as a bunch of bare knuckle street fighters; I wanted a book by prize
fighters.
They dont get the fact that sure you can break things but the underlying technology or Math (in the case of crypto chapter) is often sound, it is usually just a matter of bad implementations.
The book was also written by multiple authors and that shows. It is disjointed to say the least.
Oh and the patronizing "Tips for IT Pros"...
This is a weak and a very short book -- much shorter that you would expect from a regular book that contains 512 pages. This fact is partially due to very narrow (6 inches wide) pages with wide margins. Such pages contain approximately half of usual page content -- so the volume of the book is equal to 256 pages of "regular" book.
It does contain a CD with tools, but that's it.
Look at the table of content. Aha! 16 chapters, so its less than 16 normal pages for a chapter.
For example the Chapter 6 "Filesystem Security" is really extremely superficial and does not cover even the main concepts.
The book describes Tiger and Cops -- definitely outdated legacy scanners that are not that useful nowadays, but still remain classic of the field.
Generally the book creates an unfavorable impression of hasty and superficial compilation. I think that Linux System Security: The Administrator's Guide to Open Source Security Tools is a much better book.
See also the author resume www.albion.com/seth/resume.html. It's not clear why the author decided to write about security:
Seth T. Ross is a San Francisco-based Internet author and entrepreneur who's been working on Internet projects since 1990. He's currently conducting independent research on computer security topics and developing a suite of UNIX and network security tools.
COMPUTER BOOKS
- Author - UNIX System Security Tools, McGraw-Hill, forthcoming
- Author - Netdictionary (www.netdictionary.com), 1997
- Editor/Publisher - The Newbie's Guide to the Microsoft Network, by Michael Lehman, Albion Books, 1995
- Editor/Publisher - Netiquette, by Virginia Shea, Albion Books, 1994
- Author - Taking the Next Step: The Buyer's Guide to NeXTSTEP Computing, Albion Books, 1993
***** | Best IDS book for hands-on implementors |
January 29, 2000 |
Reviewer: Jay Heiser (see more about me) from Vienna, VA | ||
Of the 3 available intrusion detection
texts, this is by far the best for someone who actually wants to do
intrusion detection. It is breezy & chatty--like sitting down with a
good friend (unfortunately, one who doesn't organize his thoughts very
well and whose editor was apparently in a hurry).
This is a bits & bytes book; it assumes some knowledge of TCP/IP and security concepts, but it accomodates non-specialists. It is useful for readers of varying levels of familiarity with Internet protocols. Northcutt provides an excellent introduction to the specific mechanisms of the most common network attacks, and offers the most cogent description I've seen of the [purported] Mitnick attack on Shimomura. I especially enjoyed his efforts at providing neophyte intrusion analysts with political advice. His insight that host-based IDS is technically superior to network-based, but politically impractical is a gem of organizational wisdom. |
||
***** | Readable, intelligent, down-to-earth. |
October 1, 1999 |
Reviewer: Greg Broiles (see more about me) from Oakland, CA | ||
Network Intrusion Detection is rare among
technical books - it's comprehensive, accurate, interesting, and intelligent;
it's got none of the "filler" chapters which seem to be prevalent in
the genre. It's well worth the relatively small investment of time and
money required to read and understand it.
The author has "been there, done that" which gives him a perspective unavailable to professional technical authors who write about Java one month, CORBA the next, will be assigned a firewall book next. This book will be useful to people responsible for intrusion detection, people who manage them, and to people who need to understand attack techniques and the forensic tools needed to detect and document them. Highly recommended; it's in the same class as Cheswick & Bellovin's classic _Firewalls and Internet Security_. |
||
***** | Northcutt hits the ball out of the park! |
August 25, 1999 |
Reviewer: Richard Bejtlich ([email protected]) from Texas | ||
I am the chief of a 15 person intrusion detection team, with responsibility for centralized, around-the-clock monitoring of a global network. I believe I have enough experience to claim Steven's book is first rate and sorely needed. His reconstruction of a Christmas Eve system compromise and his analysis of Kevin Mitnick's TCP hijack of Tsutomu Shimomura's host are excellent case studies. His coverage of reset scans and other non-standard reconnaissance techniques prompted me to scour my traffic for the same events and write a paper on my findings. I do not agree with some of his conclusions on SYN ACK and reset scans, but his work made me investigate those topics. While I would have preferred slightly more explanation and examples of network traces (who wouldn't?), I hope this book begins a trend of sharing (sanitized) packet-level incident details within the IDS community. I recommended Steven's book to every analyst on my flight and every person in my unit, and I plan to build in-house training around it. I guarantee every person with a technical leaning and a position on the front line of intrusion detection will appreciate Steven's book. See you at SANS Network Security 99 |
** | Jarringly unfocussed and inaccurate... |
August 13, 1999 |
Reviewer: A reader from San Francisco, CA | ||
I wanted to like this book, seeing as
how I've made intrusion detection an important part of my career (the
book spends a few pages discussing a paper I wrote), and there are no
good offline resources on the subject. Unfortunately, I found little
to appreciate in this book, which could have benefited greatly from
better technical editing, a sharper concept of what its audience is,
and (unfortunately) a better grounding in the subject matter.
The most important problem with this book will be obvious to most readers. Escamilla doesn't address the subject of intrusion detection until midway through the book, opting instead to fill the first half of the book with background information about computer security. This information is presented poorly (and with glaring inaccuracies). Almost all of it is covered better in other books, which readers unfamiliar with network security will need to buy anyways to make the intrusion detection concepts discussed in the latter half of the book accessible. Unfortunately, the relevant half of the book isn't much better. A confused mish-mash of technologies are presented under the banner of I-D (I know of very few people in the security industry who consider security scanners to be I-D systems), and the most widely used forms of I-D are given scant coverage. Worse still, the author profiles real commercial I-D systems (towards the end of the book). Apart from the fact that this information was unsalvageably outdated before the book made it to the press, it's also biased. Descriptions of one system span 3 pages, while another merits a single paragraph. Many important systems (which were widely known at the time of this book's release) are not covered at all. And, predictably, most of the details about the commercial systems covered read like marketing material, with almost no comparisons to the other systems covered. Although this book is a mess, it's not an unrecoverable one. The authors descriptions of Do-It-Yourself intrusion detection on Unix systems is competant, if not revolutionary, and is almost reminiscent of Cheswick and Bellovin's work in _Firewalls_and_Internet_Security_. A better informed, more coherent second revision of this book would be worth looking at. Unfortunately, there's very little to recommend this book. A critical and informed reader might get some value out of it, but nothing that couldn't be obtained more easily from the Internet. At its worst, however, this book can be misleading, and is thus an inappropriate introduction to its subject. Overall, a deeply flawed book. Steer clear. |
When the book title is "Solaris security" and not "Hacking exposed" one can probably expect a decent level. Not true.
The book can probably be partially useful for beginning Unix administrators, but in no way it can be considered a Solaris Security book.
First of all the useful content is almost absent. If you skip first 23 pages and appendixes you might find that you have bought less than 150 horribly typeset pages of general information useful only for beginning Solaris sysadmins, if any.
The quality of the book can be illustrated by the folowing quote (preface, page
XLI):
ftp://ftp.win.tne.nl/pub/security/tcp_wrappers_7.6tar.gz
This archive was compromised more than two years ago and is now defunct so putting such URL in the book looks unprofessional. And the value of this recommendation is pretty obvious.
Now about important tools: Aset is covered in just one page. COPS in one-half, Tiger -- one half, Tripwire in one. None of the modern tools are covered at all. After that statistic one might wonder why the book is called Solaris security. Well, that's probably gives you an idea.
I agree completely with the following review of the reader from New Hampshire, but I would give one stars instead of two.
** A reader from New Hampshire, US , October 13, 1999
Very basic, riddled with errors and typos
They should have named this book "Beginning Solaris Administration with a touch of Security". This book presents basic system administration techniques, many of them extremely obvious or simple common sense. Security is glossed over very quickly with little to no 'meat'. "We recommend running COPS or Tiger to audit this weakness, see Chapter 4." Chapter 4 includes a one paragraph note on COPS.In addition to the lack of any real content, like all recent computer books, this one is rife with errors and typos. Example: The chapter on DNS--the author continually comments on blocking port 43 at the firewall to prevent DNS queries and zone transfers. Everyone knows that DNS uses port 53--in fact, the author notes that in a table 10 pages earlier. I would just attribute this to a typo, but he mentions port 43 at least 5 times on one page.
I expected better of SUN and Prentice-Hall, but I guess I should have known better based on the Janice Winsor books.
John S. Flowers / Paperback / Published 1999
Amazon price: $23.99 ~ You Save: $6.00 (20%) (Not Yet Published -- On Order)
Paperback - 400 pages (October 1999)
MacMillan Publishing Company; ISBN: 0735700354
.
See also: Publisher web-site page
Interviews: Lincoln Stein on Web Security
Reviews: ERCB Short Review
About the Author: Lincoln D. Stein is a freelance writer and Director of Information Systems at the Curagen Corporation, a biotechnology company. He is the the keeper of the World Wide Web's Security FAQ. And one can read the FAQ first as the book is based on it. Author's Home Page: http://www.genome.wi.mit.edu/WWW/.
Other books authored by Lincoln Stein
- How to Set Up and Maintain a Web Site: Second Edition
- How to Set Up and Maintain a World Wide Web Site : The Guide for Information Providers
I. WEB SERVER ADMINISTRATION.
1. What is a Web Server?
2. Planning Your Server.
3. Users and Documents.
4. Server Configuration.
5. Server-Side Programming.
6. Log Files.
7. Search Engines, Robots, and Automation.
II. WEB SECURITY.
8. Introduction to Security.
9. Network Security.
10. Web Server Security.
11. CGI Security.
12. Web Client Security.
13. Secure Online Transactions.
14. Intrusion Detection and Recovery.
Copyright 1996-2004 by Dr. Nikolai Bezroukov
Standard disclaimer: The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SNDP or any other organization the author may be associated with.
We do not warrant the correctness of the information provided or its fitness for any purpose.
Links and bibliographical information about the books are prepared in association with Amazon.com. You can buy any book listed here from Amazon.com simply by following the link for the book.
This document is an industrial compilation created for educational purposes only and is placed under
the copyright of the Open Content
License(OPL). Original materials copyright belong to respective owners.
Quotes are made for educational purposes only in compliance with the fair use
doctrine.
www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time.
Click here to submit your comments!
See also Linux System Security: The Administrator's Guide to Open Source Security Tools by Scott Mann. -- probably the best book on the subject.
** Unix System Security Tools (Unix Tools) -- weak see review above
Paperback - 512 pages
Bk&Cd Rom edition (September 1999)
McGraw-Hill; ISBN: 0079137881
; Dimensions (in inches): 1.33 x 9.01 x 6.04
Amazon.com Sales Rank:
76,042
Society
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
Quotes
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
Classic books:
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater�s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright � 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|
You can use PayPal to to buy a cup of coffee for authors of this site |
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Last modified: March 12, 2019