Monday, April 09, 2007

Three Pre-Reviews

I'd like to thank several publishers for sending me new books from my Amazon.com Wish List to read and review. The first is Hacking Exposed: Wireless by Johnny Cache and Vincent Liu, published by McGraw-Hill/Osborne. I love the green -- talk about a departure from the old red covers. If you want to sound 31337 you should make fun of any Hacking Exposed book, but I don't care. The great majority of these titles follow a format which I think suits 90% of the security community.

  1. Introduce a technology or service with which the reader may or may not be familiar.

  2. Discuss ways to attack said technology or service.

  3. Provide countermeasures for attacks.


Many books ignore step 1, focus on step 2, and breeze over step 3. A good HE book covers all three phases.< The second book is Backup and Recovery by W. Curtis Preston, published by O'Reilly. This book is more of a reference for me than a read cover-to-cover, so I'm not sure if I will review it. (I strongly tend to review only that which I read throroughly.) The book covers so many useful aspects of backup, however, that I'll probably read a good deal of it. The third book is Building a Monitoring Infrastructure with Nagios, by David Josephsen, published by PHPTR. I've already read and reviewed two other books on Nagios, so I'm wondering what this much shorter book has to say. I don't have a Nagios installation running anywhere, so if I can find the time maybe I'll use this new book as an excuse to finally deploy Nagios. This newest version discussed in the book is 2.5, but Nagios 3 alpha code became available last month. I'll probably try the new version.

4 comments:

JimmytheGeek said...

I have a moderate sized Nagios installation (~ 100 hosts, ~ 400 service checks) and Wolfgang Barth's _Nagios:System and Network Monitoring_.

I still learned some stuff from the second chapter of _Building a Monitoring Infrastructure with Nagios_. I do plan to finish it.

It's got a different approach that made sense of what I considered boilerplate config stuff. For example, I have gone with defaults for all scheduling. If I need to tweak something to make Nagios scale farther, this gives me the fu. It may be in the Barth book, too.

dre said...

vliu and johnnycsh do a wonderful job with HEW... the first part is redundant but worthwhile for new readers... the rest contains many gems... i especially like the part about using older linux kernels written by johnnycsh and at the end about the "fuzz-e" tool in airbase. the only thing this book didn't cover was aircrack-ptw (new technique - as seen on slashdot i believe).

the backup and recovery book is great. the authors have a bunch of the content and extras available at - the articles on rsnapshot and rdiff-backup are great free reads from that site that are included from the book.

the nagios book looks sort of interesting, i think i saw it at the chicago borders on michigan ave. i finally got a chance to preview all the books i haven't seen on shelves there last week. most of them aren't that great, so i'll be buying less books thanks to that visit, but my finances are looking better because of it ;>

have you read securitymetrics by jaquith yet?

LonerVamp said...

I'm still trying to find out why the new HE:W book is green. It certainly caught my eye at the store though!

I'm looking forward to this book and any other upcoming wireless security books mostly because as Linux and wireless (and the combination) mature, we don't have to spend 1/3 of the book just detailing how to get Linux to be happy with wireless gear.

I've worked with Nagios in the past, but never built from the ground up or done so on my own network. I've thumbed through those other Nagios books but they really never picked me up and kept me enthralled. I might thumb through this one as well and see where it takes me. I wouldn't mind putting up Nagios as it has been years since I've touched it.

Chris said...

_UNIX Backup and Recovery_ was one of my favorite O'Reilly books. Preston obviously knew his stuff (assume he still does), and the book was pragmatic and useful from the get-go. Overall, it gave me the same feel that I got when I was a modestly-skilled UNIX admin talking to a seasoned pro. They knew what I was facing, had seen the ways to deal with it, and provided tested advice that scaled, and did so in a non-condescending way. I have been hoping for a 2nd edition for years. I'm looking forward to your review, Rich.