Two Pre-reviews

I'm going to spend more time hanging in the sky over the coming weeks, so I plan to read and review many books. Publishers were kind enough to send two which I look forward to reading. The first is Designing BSD Rootkits by Joseph Kong. I mentioned this book last year. Publisher No Starch quotes me as saying

"If you understand C and want to learn how to manipulate the FreeBSD kernel, Designing BSD Rootkits is for you. Peer into the depths of a powerful operating system and bend it to your will!" The second book I plan to read is
IT Auditing: Using Controls to Protect Information Assets by Chris Davis, Mike Schiller, and Kevin Wheeler. Contrary to what you might think, I am not instinctively at odds with auditors. In fact, I believe working with them is more productive than working against them. I hope this book, published by McGraw-Hill/Osborne, helps me understand their world.

Comments

Unknown said…
Don't give in to the auditors, Richard! They'll lure you in with that oh-so-friendly "we're from [the government|big 4|internal audit] and we're here to help" and before you know it, you're teaching them how IDS tuning works.

Not to make an overly-simple generalization, and auditing is hard because you're coming into a system environment that you have no familiarity with, but auditors know what they know and what they know are checklists.
11:17 AM
Unknown said…
Hanging in the sky? Skydiving or plane? :)
1:13 PM
Thomas Ptacek said…
Can I be impolitic and ask why you wrote (paraphrase) "... this is the book for you" for a book you hadn't read?
4:59 PM
Richard Bejtlich said…
Bjarte -- flying, not skydiving.

Thomas -- I looked at a pre-publication draft before making my comment.
6:50 PM
Gabe Chomic said…
Switched from IT sec to (internal) auditing as of Jan this year. Can't say I like the hands-off nature, but it gives me much needed business understanding, and a view of a picture from the birds-eye.

That, to my check-list biased friend up there, is astoundingly high-level. How risky something is matters more than anything else. For this reason, we may seem far too checklist based - when looking at minor aspects, I'm sure many of us default to checklists to make sure we remembered everything. For major things, it is our judgment that is needed to analyze the processes.

Of course, I've met auditors who wouldn't know a switch from a Mac mini, so YMMW. I hope to get back into ops one day, in some fashion, but I wouldn't forgo the experience I'm gaining for the world.
11:08 PM
Gabe Chomic said…
YMMV, even.

Sorry bout that.
11:09 PM
Thomas Ptacek said…
It wasn't the fact that the book was unreleased that made me ask; it's that you said you looked forward to reading it.
1:01 AM
Richard Bejtlich said…
Thomas,

I didn't read the entire draft. I plan to read the entire book now that it's published.
7:32 AM
H. Carvey said…
Richard,

My book is now out from the printer and on its way to the bookshelves! My publisher told me that it's number 8 or so on your Amazon wishlist, and we're going to send you a copy for review.

Hope you like it...

Harlan
http://windowsir.blogspot.com
8:45 AM
Richard Bejtlich said…
Let me clarify what I mean by "reading and reviewing." When I read and review a book, I sit down with the printed copy, a pen, and a pad of paper. I read, underline, add notes in the margins, follow URLs, do research, etc. It's beyond what you might consider "reading," especially as it pertains to a .pdf. I don't consider a book "read" until I've digested it in this manner.
10:59 AM
H. Carvey said…
Richard,

So what're you saying?

Harlan
12:24 PM
Thomas Ptacek said…
Wokay. That makes sense.
12:43 PM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technical or pol
Read more