Sunday, October 22, 2006

Pre-Review of Four Books

Several publishers were kind enough to send me review copies of four new books. The first, which I requested, is Cisco Press' Storage Networking Protocol Fundamentals by James Long. I requested a copy of this book while starting to read a book on securing storage area networks and network attached storage. Basically, the book I was reading is a disaster. I decided this new Cisco Press book looked promising, so I plan to read it first and then turn to the security-specific SAN/NAS book. I'll review the two as a set later. Next is Syngress' Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of An Insecure Network by Michael Gregg and friends. This book was interesting to me because I am already teaching TCP/IP Weapons School (TWS), which teachers TCP/IP by examining security-related traffic at various OSI model layers. A quick look at this book makes it seem worth reading, but there is definitely room for a future book based on TWS.

Remember I am teaching days one and two of TWS through USENIX LISA and days three and four independently at the same hotel, after USENIX LISA. See the information at the bottom of this post for more details. I am not sure if I will read the next two books. Prentice Hall shipped me Security in Computing, 4th Ed By Charles P. Pfleeger and Shari Lawrence Pfleeger. I've never read anything by either author. This book looks like a university text, so I may read it in tandem with Matt Bishop's Computer Security: Art and Science in preparation for academic study. The last book is Addison Wesley's Telecommunications Essentials, 2nd Ed by Lillian Goleniewski. I read and reviewed the first edition, which I liked as a thorough review of the telecom space. This makes me hesitant to devote reading time to this second edition. might let me review it (unlike some other later edition books) because I do not see my old review (or any reviews) listed with this new edition.

Right now I am in the middle of a massive reading push. I have several "free" hours each night between baby feedings, so I am working my way through a pile of books on software security. I haven't read a lot in this area, because I am not a professional programmer. About two years ago I did read, review, and enjoy Building Secure Software by Gary McGraw and John Viega. Thus far, Gary's latest book (Software Security: Building Security In) is my favorite, particularly for its proper use of terms like "threat" and its criticism of those who abuse it (e.g., Microsoft). I'll have far more to say this in the reviews of these books, probably next week.


Chris_B said...

"8 Layers" eh?

So I guess the joke about layer 8 problems has now become formalized?

Adam said...

Gary told me that he'd traced the "misuse" of threat to a difference in the use of the term between the US and the UK militaries. New Zealand follows UK usage, and the rest is a series of unconnected events.

Anonymous said...

Read Bishop and Anderson's books if you're interested in graduate level study of security. Skip Pfleeger, as it's a mediocre undergraduate textbook.