Sunday, October 23, 2005

Latest Book Pre-Reviews

During the last two months my work for TaoSecurity has kept me too busy to read and review books. I am trying to get back on track. Here are pre-reviews for books I have received over the last several weeks. First are two books I intend to keep as reference, but which I don't plan to read cover-to-cover. Hence, I won't review them for

First is Cisco IOS in a Nutshell, 2nd Ed by James Boney. I put this book next to my copy of O'Reilly's UNIX in a Nutshell, 3rd Ed. This book looks like an excellent reference for Cisco admins and anyone pursuing an advanced Cisco certification (beyond the CCNA). I may read the first 350 pages, as the chapters in that half of the book each address a topic of interest, like IP routing or QoS. The last half of the book is a command syntax reference.

Windows Server 2003 Network Administration by Craig Hunt and Roberta Bragg is sitting in my reference section next to O'Reilly's Learning Windows Server 2003 and Windows Server Cookbook. The book appears to be a comprehensive overview of networking services from a Microsoft perspective. Next I turn to books I plan to read and review.

Beginning Python by Magnus Lie Hetland is an update of his 2002 book Practical Python. I originally tried to learn Python by reading Learning Python, 2nd Ed in early 2004, but I bailed on that book after a few chapters. I am really excited to try again with Magnus' book. I consider it to be the gateway to a series of other excellent Apress Python books like Dive Into Python and Foundations of Python Network Programming, which I plan to read. (I hope O'Reilly's Python Cookbook, 2nd Ed will be a good addition to this trio.) I plan to read this book as part of my programming education, which will start once I clear the books which follow.

Ben Rothke sent me a copy of his updated book Computer Security 20 Things Every Employee Should Know, 2nd Ed. This is a booklet that would be appropriate as part of digital security awareness campaign in a company of any size. After skimming through it, the advice seems sound and I would have no problem recommending the book to clients.

The Symantec Guide to Home Internet Security by Andrew Conry-Murray and Vincent Weafer is Symantec's latest foray into the security publishing world. This is a fairly short book, which makes sense given the level of interest and expertise of the intended audience. I would be pleased with it if I could imagine sending it to my parents -- maybe with a copy of FreeBSD? (Probably not!)

VMware Workstation 5 Handbook by Steven S. Warren is a new book from Charles River Media. I had this book on my Wish List for months before I bought a copy at a local Borders. A few days later the publisher shipped me one! They must have read my wish list. This book looks like a thorough and easy-to-read overview of Workstation features. With the introduction of Teams, Snapshots, Clones, and other advances over the 3.x and 4.x lines, I look forward to learning how to make the best use of VMware in my classes and in testing scenarios.

I have not abandoned plans for a TaoSecurity Podcast. I hope two books can give me advice on how best to proceed. The first I plan to read is Todd Cochrane's Podcasting: A Do-It-Yourself Guide, published by Wiley. This was one of the first podcasting books to appear that got reasonable reviews. I hope to gain some insights on how best to create podcasts using minimal equipment.

Shortly after I received a copy of the previous book, I learned of Jack Herrington's Podcasting Hacks. The O'Reilly Hacks series usually contain lots of good advice, but the format is seldom read cover-to-cover. It's more an assortment of helpful tips and tools.

Three books from Syngress are next. First is Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools by Christian B. Lahti and Roderick Peterson. I will admit up front that I will bail on this book unless it hooks me. I am not a regulatory compliance person, but I would like to learn a little more about SOX and COBIT. I would like this book to provide the background I need to understand these issues.

Software Piracy Exposed by Paul Craig and Ron Honick will be good if it follows in the footsteps of an earlier Syngress book, Inside the Spam Cartel. I don't know much about modern software piracy, so I thought this book might provide a glimpse into that threat sector.

Nessus, Snort, & Ethereal Power Tools:
Customizing Open Source Security Applications
by Brian Caswell, Gilbert Ramirez, Jay Beale, Noam Rathaus and Neil Archibald looks like a great book. The only existing review on (3 stars) complains "Very in-depth, however, not for someone who is just starting out on Snort, Nessus, or Ethereal. New to Snort, Nessus, or Ethereal - Buy something else." Does every book have to assume a newbie audience? Of course not -- state the prerequisite knowledge up front, and press on!

The Definitive Guide to MySQL 5, 3rd Ed by Michael Kofler looks like a great overview of features found in MySQL 5, which is currently a release candidate at version 5.0.13. The "generally available" version is 4.1.15, which is the one people are most likely encouraged to use in production. Once MySQL 5 leaves RC status, I plan to incorporate it into my Sguil Installation Guide, along with FreeBSD 6.0 and Sguil 0.6.0. All three components should be ready within the next several weeks.

After years of no publications about Debian, this year has seen two books about that Linux distro. First was Wiley's Debian GNU/Linux 3.1 Bible by David B. Harris, Jaldhar Vyas. Now we have No Starch's The Debian System by Martin F. Krafft. I am much more willing to devote time to a new operating system when it is backed by books. Online documentation is fine, but a published book is something I can recommend to others in a physical form. It carries much more weight (literally) than online documentation. I plan to evaluate how I might integrate Debian into my lab, although I already have it running on a PA-RISC box that normally hosts HP-UX.

Finally we arrive at Security and Usability, a collection of essays edited by Lorrie Faith Cranor and Simson Garfinkel. I think this is the sort of book I might read on a cross-US flight. I am not a big fan of collections of essays, but in a captive environment (i.e., stuck on a plane) I might find sanctuary in the ideas contained in this book.

So that's a ton of new books. My personal reading list currently shows 24 non-programming and 24 programming books on my bookshelf. That does not count reference books that I have pre-reviewed but do not plan to read cover-to-cover. My Wish List shows another 21 books on the horizon that appear interesting. Since I do not have any new major writing projects planned for the next year, I would like to make progress on all of this reading. Stay tuned to my Reviews as I read and review the titles seen here and elsewhere. Thank you!


yack said...

wonder how can u read a lot of books at one time..maybe u have special skill of reading that wanna share wif ur reader...:-)

Anonymous said...

Richard, I envy the amount of reading you get done. I'm currently very limited on the amount of security-related reading I can get done because I am trying to finish my Bachelor's. Since a good portion of my remaining credits are not classes within my major, some of the past few semesters I have had no computer-related classes at all.

I can't wait to be done with school and have more time to read books of interest rather than books for school. For any of the youngsters reading this, finish school when you have the chance instead of waiting until you have a full time job and a family. :)

Joe said...

richard, your eyeballs are going to dry out if you don't remember to blink.

Paul Hoffman said...

It would be useful to many of us if you did review the "Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools" book. Lots of security professionals are asked "how does SOX relate to what you do?" and it would be nice to know if there is a good source that covers such topics well.

Anonymous said...

Save the planet and ride Metro. Since I started to ride the DC Metro I have another hour in the day I can devote to reading. Granted you have to get used to reading standing up with a couple hundred of your fellow passengers.

Anonymous said...

Yes, yes - I do the same on Metro and read on the ride - but it does get annoying when trying to highlight something on the bumpy ride. ;-)

Glad I'm not the only bithead reading on the Metro!

Anonymous said...

The "Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools" appears to be one of the ONLY practical books out there for COBIT implementation. Unfortunately, it was written with COBIT 3.2 in mind, and COBIT 4.0 came out just two months after the book was published. (sigh)