Friday, March 09, 2007

Reviews of FISMA and Wireshark Posted

Yes, you are reading that title correctly. After four months of inactivity I managed to read and review two new books. The first is FISMA by Laura Taylor. From my four star review:

I am no fan of the FISMA law. I've posted several stories on my blog explaining why I think FISMA is a waste of taxpayer money. Laura Taylor's FISMA Certification and Accreditation Handbook, however, is a good book if you are unfortunate enough to be tasked with performing FISMA work.

The second is Wireshark & Ethereal Network Protocol Analyzer Toolkit by Angela Orebaugh. From my four star review:

Despite the new title, Wireshark & Ethereal Protocol Analyzer Toolkit (WEPAT) is a second edition of Ethereal Packet Sniffing (EPS). I reviewed that book almost three years ago, in May 2004. WEPAT has replaced all of the earlier screen captures with Wireshark replacements. Unfortunately, WEPAT is largely a repeat of EPS, really only featuring a new wireless chapter. If you own EPS, you don't need to upgrade. If you don't own EPS but want to learn how to use Wireshark, I recommend buying WEPAT.

I'm still reading and plan to continue posting reviews going forward.

3 comments:

Adam said...

Speaking of reviews, do you plan on reviewing Botnets: The Killer Web Application? 4 of the 12 chapters deal with Ourmon, a statistical anomaly detection system that is great for detecting any compromised computer that scans other hosts. So far I'm pretty impressed by it. Here is one of the main statistic reports for detecting "wormy" hosts.
http://ourmon.cat.pdx.edu/ourmon/info.html#portsig
I figured if you would of mentioned this since it's good at what it does, is open source, and runs on your beloved FreeBSD ;-)

Richard Bejtlich said...

Hi Adam,

I hope to review this book, but I don't have a copy yet. Based on the one Amazon.com review it doesn't look like a good book.

Adam said...

Well I haven't finished reading it so I can't confirm the criticism in that one Amazon review. However, so far most of what I've read deals with Ourmon, which I've found very helpful.