Saturday, March 12, 2005

Latest Pre-Reviews

I received five promising books recently. Here's a quick look at them. Once I read each book, I'll post news of my Amazon.com review here.

First is VoIP Security by James Ransome and John Rittinghouse, published by Elsevier. I'm looking forward to reading this book because it explains Voice over Internet Protocol, and then explores security issues associated with this increasingly popular technology. This protocol is going to be used everywhere, and I don't think security professionals are ready for it.

Next we have the first of two new books from Syngress: Intrusion Prevention and Active Response: Deploying Network And Host IPS, by Michael Rash, et al. Regular blog readers know I see any system which blocks traffic to be an access control device, also known as a firewall. This book will not see the world in the same way, but I think it will be intriguing nonetheless. Several of the authors have written for Syngress before on subjects like Snort and Ethereal.

The second Syngress book is Aggressive Network Self-Defense, by Neil Archibald, et al. This is a follow-on to Tim Mullen's article When Striking Back is The Best Defense. The book is divided into two parts. The first presents eight fictional stories of system administrators striking back at intruders. The second part describes real technologies that could be used to implement "hacking back." I am usually skeptical about security fiction, but Syngress' history with the "Stealing the Network" series has been good.

We now turn to a book from McGraw-Hill/Osborne, called Hardening Network Security, by John Mallery, et al. This is a fairly hefty book that appears to cover a multitude of security disciplines. I liked this publisher's Hardening Windows Systems.

We conclude with another Elsevier book, The Internet and Its Protocols by Adrian Farrel. This is another computer science textbook, but as a protocol junkie I think it will be interesting. A look at the table of contents shows that it presents a variety of protocols, all with headers explained. It's a recent publication, which helps when one wants to learn about a protocol not addressed by Stevens and others.

Keep an eye out for Amazon.com reviews as I plug through these. I'm currently reading Kevin Mitnick's new Art of Intrusion and hope to finish in the next few days.

3 comments:

Lori said...

This is a great blog. Your reviews are insightful. You read a helluva lot of books.

Do you have a strategy for reading technical books? Do you ever read more than one at a time? How do you keep focused when family matters interrupt?

-Lori

Richard Bejtlich said...

Hi Lori,

I generally read one book at a time. Once in a while I may start a programming book, but then turn to a non-programming book "for a break."

My wife is very supportive of my reading habit as she sees it support my professional options. She gives me time and space to read, write, work in my lab, and so on.

Sometimes I read late at night when our baby is asleep. I try to read each morning before work. On the weekends I try to wake at the same time as the weekday -- 0430 or 0500. Since my wife and baby are still sleeping, I can get a few hours of reading in then.

I think employers of technical people should give them time and a budget for reading, if the employee is so inclined. This should especially be true of companies with limited training dollars. How else can people keep up with technology? Unfortunately I don't know of many employers who follow this advice.

Anonymous said...

I hope you enjoy my VoIP book. Should you or any of your friends have questions, feel free to email me (rittingj@hotmail.com) regarding this book.

regards,

John W. Rittinghouse, Ph.D., CISM