Reviews of IT Auditing, Hacking Exposed: VoIP, and Hacking Exposed: Wireless Posted
I am happy to report that I just posted three book reviews to Amazon.com. The first is IT Auditing by Chris Davis, Mike Schiller, and Kevin Wheeler. From the four star review:
I have no experience with auditing in the formal sense described by IT Auditing. I am familiar with the technical aspects of host and network security, but I wanted to know more about the goals and views of those who audit enterprises from a security standpoint. IT Auditing succeeds when it discusses the profession of auditing but I found some of the technical details lacking. Therefore, I recommend focusing on chapters 1-3 and 12-15, while using the technical chapters as indicators for outside research.
The second book is Hacking Exposed: VoIP by David Endler and Mark Collier. This book is so much better than Practical VoIP Security it's not even funny. From my five star review:
Hacking Exposed: VoIP (HE:V) is the sort of HE book I like. It's fashionable to think HE books are only suitable for script kiddies who run tools they don't understand against vulnerable services they don't recognize. I like HE books because the good ones explain a technology from a security standpoint, how to exploit it, and how to defend it. I thought HE:V did well in all three areas, even featuring original research and experiments to document and validate the authors' claims.
The last book is Hacking Exposed: Wireless by Johnny Cache and Vincent Liu. Both are great guys, but I wrote a four star review:
When I read and reviewed Wi-Foo: The Secrets of Wireless Hacking three years ago, I was really impressed. Wi-Foo is obviously showing its age now, but a second edition is in the works. I was excited to see Hacking Exposed: Wireless (HE:W), green cover and all, because I hoped it would be just as good as Wi-Foo but covering newer topics. Overall I think the next Wi-Foo will be better than HE:W, but HE:W is currently the most up-to-date book on wireless security available.
I have more flying in store this and next month, so I expect to read and review many more books soon.
I have no experience with auditing in the formal sense described by IT Auditing. I am familiar with the technical aspects of host and network security, but I wanted to know more about the goals and views of those who audit enterprises from a security standpoint. IT Auditing succeeds when it discusses the profession of auditing but I found some of the technical details lacking. Therefore, I recommend focusing on chapters 1-3 and 12-15, while using the technical chapters as indicators for outside research.
The second book is Hacking Exposed: VoIP by David Endler and Mark Collier. This book is so much better than Practical VoIP Security it's not even funny. From my five star review:
Hacking Exposed: VoIP (HE:V) is the sort of HE book I like. It's fashionable to think HE books are only suitable for script kiddies who run tools they don't understand against vulnerable services they don't recognize. I like HE books because the good ones explain a technology from a security standpoint, how to exploit it, and how to defend it. I thought HE:V did well in all three areas, even featuring original research and experiments to document and validate the authors' claims.
The last book is Hacking Exposed: Wireless by Johnny Cache and Vincent Liu. Both are great guys, but I wrote a four star review:
When I read and reviewed Wi-Foo: The Secrets of Wireless Hacking three years ago, I was really impressed. Wi-Foo is obviously showing its age now, but a second edition is in the works. I was excited to see Hacking Exposed: Wireless (HE:W), green cover and all, because I hoped it would be just as good as Wi-Foo but covering newer topics. Overall I think the next Wi-Foo will be better than HE:W, but HE:W is currently the most up-to-date book on wireless security available.
I have more flying in store this and next month, so I expect to read and review many more books soon.
Comments
I agree, I have high expectations of Wi-Foo II. Wi-Foo came out when you couldn't deal with wireless security without wrestling pretty hardcore with nix support and drivers, making the start very muddy for everyone.
Mark Collier