Wednesday, November 22, 2006

Pre-reviews and Comments

Several publishers have sent me new books recently, and I have one comment to make about an older book. I'll start with books that look good, but which I don't plan to read. The first is Linux Administration Handbook, 2nd Ed by Evi Nemeth, Garth Snyder, Trent R. Hein. There's no doubt this is a great general-purpose system administration book for Linux. I gave the 3rd edition of the Unix version three stars almost five years ago (and I'm hoping this 4th edition comes to fruition).

The Linux book describes Red Hat Enterprise, Fedora Core, SuSE, Debian, and Ubuntu. If the book covered Slackware and Gentoo instead of SuSE, I think it would have been perfect. I'm guessing RHEL is close enough to Fedora, and Debian to Ubuntu, to allow extra coverage of more diverging distros like Slackware and Gentoo? I plan to use this book as a reference, but I don't plan to read and review it. I suggest you buy it if you're looking for a comprehensive Linux reference that doesn't waste time with installation screenshots or descriptions of how to use KDE and Gnome. Another book I like but which I don't plan to read is Network Security Tools by Nitesh Dhanjani and Justin Clarke. This is an older book (April 2005), but I only recently rediscovered it. This book reminds me of
Building Open Source Network Security Tools
by Mike Schiffman, which I liked. NST describes how to write Nessus and Nikto plug-ins, dissectors and plug-ins for Ettercap, and how to extend Hydra and Nmap. There's a chapter on Metasploit, but it is somewhat overtaken by events because the 3.x framework uses Ruby instead of Perl. NST also explains how to extend PMD, how to build your own Web, SQL, and exploit scanner, and how to write tools with Libpcap (0.8.3) and Libnet (1.1.2.1).

NST is a great book, but it requires a good knowledge of C and a desire to work with these tools in a development capability. I don't possess the requisite coding skills, but I may turn to this book in the future if I want to learn more about extending these tools. Next is Network Security Hacks, 2nd Ed by Andrew Lockhart. I liked the 1st Ed which I read and reviewed in June 2004. Since I see my review of the 1st Ed on the Amazon.com page for the 2nd Ed, I won't be able to submit a review for this book. The 2nd Ed looks about 50% longer than the 1st Ed.

I was also pleased to see the discussion of Sguil had been updated for Sguil 0.6.1. However, Sguil's integration of SANCP for session data collection was ignored. After being a Sguil advocate for almost four years, writing books and articles (some of which are freely available), I am puzzled that some people who choose to write about Sguil still don't grasp the significance of the data we collect. This recent Daily Dave thread was depressing. People really collect full content data in production on busy networks? Shocking! The first book in this post that I plan to read and review is The Art of Software Security Testing: Identifying Software Security Flaws by Chris Wysopal, Lucas Nelson, Dino Dai Zovi, and Elfriede Dustin. This book is less than 300 pages but it looks very interesting. I plan to review it with a set of books on finding bugs and vulnerabilities. It's encouraging to see these sorts of titles appearing, written for software developers and not for hacker wanna-bees. The next book is WarDriving and Wireless Penetration Testing by Chris Hurley and friends. This is another team-written book, which tend to scare me when published by Syngress. I wasn't too impressed by the earlier WarDriving book (reviewed here), but I plan to give this new one a try. I'm really looking forward to Wi-Foo II next year. The last book is Network Security Assessment by Steve Manzuik and friends. This is another "team book," but it looks good. I'm surprised anyone is talking about vulnerability management these days. That's so 2002! (Please recognize I'm joking.)

Remember, you can see books that I'm waiting to acquire by checking my Amazon.com Wish List. If you're a publisher, please keep in mind I restrict my reading to books on that list. Under extraordinary circumstances I might read something else, but I generally focus on books that address a specific interest. Thank you.

5 comments:

Anonymous said...

The Network Security Assessment book is pretty good and believe it or not the content is pretty up to date with todays issues and concerns.

dre said...

NSH2E by Lockhart et al is fantastic. I read this on Safari several hundred times upon its release. It's the best O'Reilly Hacks book out of all of them - IMO. I was shocked to see some of the material in there, having just found out about some of the tools months before the book was published (e.g. crypto.stanford.edu/antiphishing, rpcapd, cassandra)...

Syngress' new titles are fair. Sure, the NSA book made "vulnerability management" my new buzzword and VA my new favorite acronym for probably a year or two. Some parts were really well written and I must give credit to that. The coverage of tools was poor as this wasn't really a tool-book in the first place... but it did introduce me to a handful of commercial software that I had not heard about. Again, I was very impressed with the sections on vulnerability management, especially the references to advchk and SIGVI.

Being a fan of Wysopal/Dai Zovi/et al, I am very much looking forward to their book as well as the securitymetrics.org title from Jaquith (also Symantec Press / AWL) - isbn 0321349989.

There is a third book that seems to be in this series - The Art of Software Security Assessment (Dowd, et al - isbn 0321444426). I've read it on Safari last week and been following up on it a bit even this week. I highly recommend this book - buy it before the others on security/risk assessment, read it first, and read it often.

There is a New Riders title, Inside Network Security Assessment (isbn 0672328097) - that's about a year old, but it is nearly as good as these 2 new titles and fits well, holding on its own with fresh and exciting material.

I also finally picked up Professional Pen Testing for Web Applications (Wrox Press) and the latest issue of hackin9. Hopefully that will be enough reading material tomorrow while waiting for the turkey to cook (and ignoring people I only get to see once a year).

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.