- PGP Keys
- Vossen's Law
- Firewall Rules
- Home Net Security
- Snort Books
- Sec Tools
- Honeypot Stats
- Firewall Stats
- IP Calcs
- SME Server
- Backup (DI-30)
- Win Tools
- Win. Shell Scripting
- POSIX Redirection
- SANS -- System Administration, Networking, and
- CERT -- The CMU Computer Emergency
- FIRST -- Forum of Incident Response and Security Teams
- CERIAS -- Center for Education and Research in Information Assurance and Security (was COAST)
- NIST - CSRC -- National Institute of Standards and Technology Computer Security Resource Clearinghouse
- CISecurity -- The Center for Internet Security Security
There are an awful lot of security books out there. This list
covers only books that I own and have read and found useful. Some
may have newer editions than are listed here, so look for those too.
I highly recommend all of them, but if you only read a few, read the first
three. Also, see the links above for various trade magazines and web
Information Security Magazine (for which I am a Technical Editor)
has an excellent piece on starting a career in Information Security called
Breaking into InfoSec." It has many more references
than below, including degree programs in InfoSec, and books (some of which
are on my list too).
- Secrets and Lies, by Bruce Schneier, from Wiley [ISBN
0-471-25311-1]. Excellent read -- accessible and very interesting.
Mostly non-technical, from a business perspective. A must read for any
executive or risk manager from a company that uses the Internet (and who
doesn't). Also very valuable for technical people, to get more of a
sense of the business side of things. Quite entertaining.
- Computer Security Basics, Deborah Russell and G.T. Gangemi Sr, from
O'Reilly [ISBN 0-937175-71-4]. One of the seminal introductory works
on the subject, but there is a lot of material for the experienced InfoSec
person as well.
- Hacking Exposed, N'th Edition, by Joel Scambray, Stuart McClure
and George Kurtz, from Osborne McGraw-Hill. A
very interesting and scary read, this details innumerable exploits or hacks,
and how to protect against them. A must for any system or network
administrator. (Note I have the 1st and 2nd editions, but who knows
what it's up to now.)
- Building Internet Firewalls, Second Edition, by Elizabeth D. Zwicky,
Simon Cooper and D. Brent Chapman, from O'Reilly [ISBN 1-56592-871-7].
The updated version of the classic and seminal work, and a
must for any firewall administrator.
- The NCSA Guide to Enterprise Security: Protecting Information Assets,
by Michel E. Kabay, Ph.D. from McGraw-Hill [ISBN 0-07-033147-2]. This
one reads more like a text-book that the others above. It has a lot to
offer, especially references to other literature and products, though they
are getting quite dated.
- White Hat Security Arsenal: Tackling the Threats, by Aviel D. Rubin,
from Addison-Wesley [ISBN 0201711141]. This is different than most
security books in that it tries to be more practical, presenting "case
studies" and solutions to every day needs. It's a good read.
- Know your Enemy, by The
HoneyNet Project [ISBN 0-201-74613-1] is a really cool book that talks
about how the HoneyNet Project is researching hacking tools and
techniques. See also the "Know
Your Enemy" white papers from Lance Spitzner and the Honeypots: Tracking Hackers
- Handbook of Information Security Management 1999, edited by Micki
Krause and Harold F. Tipton, from Auerbach [0-8493-9974-2]. This is a
typical "handbook" with ten chapters very roughly following the ISC2
ten CBK (Common Body of Knowledge) domains. Each chapter is
written by a recognized expert in the field, so they all have a different
style and perspective.
- Computer Security Handbook: Third Edition, edited by Arthur E. Hutt,
Seymour Bosworth and Douglas B. Hoyt, from Wiley [ISBN 0-471-11854-0].
There is a 1997 supplement to my edition of this as well. This is a
very dense and difficult read. I use it more for lookups and reference
than cover-to-cover. There is a lot of material to covered!
- Essential Check Point Firewall-1(TM): An Installation,
Configuration, and Troubleshooting Guide, by Dameon D.
Welch-Abernathy (AKA Phoneboy), from Addison-Wesley [ISBN
0201699508]. There is also Essential Check Point FireWall-1 NG in
the works, probably available in early 2004.
- Intrusion Detection, by Rebecca (Becky) Gurley Bace
from MacMillan Technical Press [ISBN 1-57870-185-6]. This book should
be required reading for anyone who even thinks about Intrusion
Detection Systems (IDS). I thought I knew quite a bit about IDS until
I read this book.
- Securing Windows NT/2000 Servers for the Internet, by Stefan
Norberg, from O'Reilly [ISBN 1-56592-768-0]. Excellent book on
hardening NT/2000. Does not cover details of IIS that much, but really
focuses on the OS. Under 200 pages, very readable, and it assumes you
already know quite a lot about InfoSec and Windows. Has the best
description of the totally counter-intuitive way Windows "TCP/IP
Security" works (and I use the last term loosely). Also has excellent
info on why IIS is such an amazing security risk.
- Network Intrusion Detection: An Analyst's Handbook, N'th Edition, by Stephen
Northcutt and Judy Novak, from New Riders. A very dense and
technical book, with really great material about decoding various network
traces (a lot of focus on tcpdump and similar
I suggest looking for these books on Bookpool, as they have far cheaper
prices than Amazon or Barnes and Nobel. Fatbrain is also good.
Finally, Sabernet has a large collection of
links for security books, papers,
but I take no responsibility for their quality.
I have only attended CSI and ISC2 classes. I hope to attend
some SANS and MISTI classes soon.
- CSI -- The Computer Security Institute.
Holds a yearly seminar and exposition, with various classes that
"travel" around the country. Usually focused more on
concepts, and less on specific products and/or technology.
- SANS -- System Administration, Networking, and
Security Institute. Holds a yearly seminar and exposition, with
various classes that "travel" around the country. Focused
more on specific products and/or technologies than CSI.
- MISTI -- MIS Training Institute.
A little of everything.
- Information Security Magazine,
October 1, 2001, "Pay
- The Honeynet Project, "
How do I get started in the Security Field?"
- Also see below information about ISC2 and the CISSP
A brochure I received from the International Information Systems
Security Certifications Consortium or (ISC)2 defined the CISSP
(Certified Information Systems Security Professional) designation as
"The CISSP certification is an independent and objective measurement
of professional expertise and knowledge within the information security
I would further add that it denotes an individual who has the following
- Three or more years of direct professional experience in one or more
areas of Information Security.
- Has read, understood and agreed to abide by the ISC2 code of
- Demonstrated a comprehensive
understanding of the common body of knowledge of the Information Security
field. This body of knowledge is divided into ten domains or areas, and understanding of the material is
demonstrated by a rigorous test administered once a quarter all over the world.
- Demonstrates a commitment to stay up-to-date in the field by earning 120
Continuing Professional Education (CPE) credits every three years.
- Was one of a group of only 4,000 individuals world-wide by end of 2000.
(See below for details, but the number of CISSPs has skyrocketed since I wrote this.)
According to an e-mail message I received from James E. Duffy, CISSP
(ISC2 VP) on 9/12/2000, "there are approximately 3000
CISSPs. The number is up from just under 2000 at the end of 1999. Based on
the number of exams scheduled for the rest of the year, on 12/31/00 we
will be very close to the 4000 number. This will mark the 3rd consecutive
year that we have doubled our base." And according to
SECURITY WIRE DIGEST,
VOL. 4, NO.74, OCTOBER 3, 2002, "The (ISC)2 Monday honored
its 10,000th Certified Information Systems Security Professional
(CISSP)... According to (ISC)2, the number of CISSPs, one of the security
industry's most coveted certifications, has grown from 2,000 in 1999 and
is expected to hit 15,000 by the end of the year ."
Formed in mid-1989, the International Information Systems Security
Certification Consortium or (ISC)² was established as a nonprofit
corporation to develop a certification program for information systems
security practitioners. There is a 10 day review class that helps
you understand what material will be covered on the exam. Note this is
simply an outline of the material to be covered -- it does not
teach the material! It is well worth it, just for the discussions
with the other students and instructors. The class materials are also
Here is some other information as well: