Security Basics mailing list archives

RE: book for a newbie...?

From: "Ed Spencer" <espencer () usa net>
Date: Tue, 2 Mar 2004 09:34:46 -0900

Murad:

Start with the free stuff and then go from there.  Some of the best security
materials I've ever read have been made available for FREE.  From there,
look for books that are good in specific areas you're interested in pursuing
further.

Below are some links to what I've found to be wonderful information sites:

http://csrc.nist.gov
You'll want to look at the SP 800 series and some of the pubs in SP 500 and
FIPS.  There is a regular wealth of information here and one of the best
'starting' reads is 'An Introduction to Computer Security: The NIST
Handbook'.

http://www.cccure.org
This is a web site for studying for the CISSP and has great study papers.
They cover the 10 domains individually and cover them well.

There are other sites like techrepulic.com and pay sites that offer some
variety and good content.  A little searching on Google will give you some
starting points.

Once you decide to start buying books there is much discussion on what
constitues a good security book.  Is it a 'how to hack' type book showing
exploits and how to patch? or theory books that teach good strong principles
and theory which you're expected to apply.  This only gets more muddy when
you consider how wide the security professionals job can really be (see my
column in Information Security Magazine - LogOff column - August 2001 to see
what I mean).  I'd start with books strong in theory or on specific
technologies you're needing to work with and move on from there.  Some good
starting points:

Practical Unix and Internet Security
Applied Cryptography
Maximum Security (all the books from the series)
Hacking Exposed
Counter Hack
Hack Attacks Revealed
Hack Attacks Denied
Hacker Proof (outdated and likely out of print but a good starting book)
Intrustion Signatures and Analysis
CISSP Study Guide
Linux Security
Information Security Management Handbook (pricy, but worth the price if you
need some good strong theory or are preparing for the CISSP)
Securing Windows NT/2000 Servers for the Internet
Linux Security Toolkit
Steal This Computer Book
Linux System Security

If you get a chance to peruse the books at your local bookstore you will get
a better idea of what's in each book, if not, and you have to buy a book
without seeing it, or without any recommdations from others on what would be
best for your circumstances, I'd start with a book on the subject from
O'Reilly and Associates or look into their safari subscription service that
allows access to a wide selection of books for a monthly fee.

BTW, since you're just starting out, I'd recommend looking in the bargain
section of your local book store chains for discounted editions.  I've
gotten some really great deals on books that were discontinued or back one
edition.  If you're just starting out or if the technology covered in the
edition isn't critical these are good places to start and keep your overall
cost down until you start getting better aquainted with the technology
you're using and the overall theories.  Keep in mind I didn't really make
any recommendations on Business Continuity, Policies, or Physical Security
since your question seems aimed squarely at the technologies and theories in
use.

Hope this information helps you on your way.

Ed Spencer
MCSE/MCT/MCP/CNA/A+/Network+/Security+
Network Technican
Univiersity of Alaska Fairbanks

-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m () subway com]
Sent: Monday, March 01, 2004 5:25 PM
To: security-basics () lists securityfocus com
Subject: book for a newbie...?


Back when you were a security nipper playing with netstat and gurgling =
at the sight of portscans on your fisher price server, which book did =
you use to learn security basics from?
I've inherited a 50 node network and am just getting into learning how =
to secure it.
Any suggestions gratefully accepted.
Murad




---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with
Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost
of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------

Current thread:

book for a newbie...? Murad Talukdar (Mar 02)
- Re: book for a newbie...? Byron Sonne (Mar 02)
- RE: book for a newbie...? Ed Spencer (Mar 02)
  - RE: book for a newbie...? totoalfi (Mar 03)
    - RE: book for a newbie...? Aditya, ALD [Aditya Lalit Deshmukh] (Mar 04)
- Re: book for a newbie...? Marcos D. Marado Torres (Mar 02)
- RE: book for a newbie...? Paul Osterwald (Mar 03)
  - Crypto Book Recommendations? Graydon McKee (Mar 03)
    - Re: Crypto Book Recommendations? Bob Bomar (Mar 04)
    - Re: Crypto Book Recommendations? Erik Tayler (Mar 04)
    - RE: Crypto Book Recommendations? Mark Harris (Mar 04)
    - RE: Crypto Book Recommendations? Aditya, ALD [Aditya Lalit Deshmukh] (Mar 04)
    - RE: Crypto Book Recommendations? Ioannis Kampanellis (Mar 08)

(Thread continues...)