"Special Ops" is one of the most useful security books I've read -- and my library includes 92 titles acquired since 2000. "Special Ops" is not "Hacking Exposed" with a white-and-camouflage cover. While the "Hacking Exposed" series is more assessment- and enumeration-centric, "Special Ops" spends more time on proper installation and deployment of services and applications. Most usefully, "Special Ops" succinctly and powerfully addresses topics neglected by other security books.
Friday, March 28, 2003
Wednesday, March 26, 2003
Four years ago today the Melissa virus caused lots of headaches and early morning calls. My then-fiance and I were getting photos taken when I received an "all officers" call. I spent the rest of the weekend at the AFCERT dealing with the virus. That event prompted our unit to establish a full-time anti-virus crew.
Tuesday, March 25, 2003
CerbNG is a kernel module for FreeBSD version 4.x (5.x version soon to come). Our main purpose is providing the administrator with tools for enforcing fine grained control for critical system applications/processes/environments, i.e. privileged daemons (not only those running with uid 0), and setuid programs.
It appears TrustedBSD is already working on these sorts of topics, so we'll have to see how the community uses these tools.
Tuesday, March 18, 2003
I wish I could give "Firewalls and Internet Security, 2nd Edition" (FAIS:2E) more stars. I eagerly awaited the next edition of this security classic with the rest of the community. However, like many sequels, it fails to live up to expectations. Nine years ago the first edition was revolutionary. In 2003, despite the addition of skilled practitioner Avi Rubin, the authors make few original contributions to the security scene.
Monday, March 17, 2003
Thursday, March 13, 2003
I'm a big fan of the Hacking Exposed style of writing. All offensive theory is backed up by command line examples, followed by defensive countermeasures. Hacking Exposed: Linux, 2nd Ed (HE:L2E) follows this tradition, updating the content of the first edition and adding 200 pages of new content. Although I reviewed the first edition in Sep 01, reading the second edition reminded me of the challenges posed by securely configuring and deploying Linux systems.