Wednesday, May 11, 2005

Multiple New Pre-Reviews

I've received many new books in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last two weeks. Here are some pre-reviews. First we have Mastering FreeBSD and OpenBSD Security by Bruce Potter, Paco Hope, and Yanek Korff, published by O'Reilly. I have been looking forward to this book for a while. I use both operating systems to build security appliances, and that sort of work is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 subject of this book. I would have preferred if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 authors avoided discussing Snort and ACID, though. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 umpteenth time I've seen "IDS" boiled down to those two well-worn and not-very-effective "solutions." Snort, yes. ACID, no. I would have been less disturbed if at least BASE, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 replacement for ACID, was profiled. But no. Still, this will be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first book in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pack I plan to read.

Next we have Snort Cookbook by Angela D. Orebaugh, Simon Biles, and Jacob Babbin, published also by O'Reilly. This is O'Reilly's second Snort book in nine months. The last was Mangling Security with Snort & IDS Tools. Ok, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 real title has "Managing," but I explained why I avoided that book in this post.

I'm a little worried about this new Snort book. First, imagine which Snort console is presented? You guessed it -- ACID. Ugh, no Sguil. This is a shame, as one of this book's authors attended cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sguil presentation I gave at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DC Snort Users Group meeting last June. Second, and more worrisome, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 advice on taps is faulty. On p. 21, we read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:

"If your Snort machine has only one network interface, using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 passive tap, run both lines to a small hub. Then from anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r port of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hub, run a cable to your IDS. This will combine and maybe even buffer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IDS and give a full duplex connection."

Wrong -- this is a nice way to never see traffic when full-duplex packets from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two transmit lines collide in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hub. The "maybe even buffer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic" part is funny, too. I wrote about this bad configuration in my first book and in this January 2004 post when I caught Finisar making cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same mistake.

Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r yellow-covered book, but I have higher hopes for this one. It's Network Security Tools: Writing, Hacking, and Modifying Security Tools by Nitesh Dhanjani and Justin Clarke, published by O'Reilly. I worked with Nitesh at Foundstone. This book reminds me of Building Open Source Network Security Tools: Components and Techniques by Mike Schiffman. NST describes how to extend Nessus, Ettercap, Nikto, and Metasploit, as well as write sniffers and packet creators. All cool.

My penultimate O'Reilly book is Apache Security by Ivan Ristic. Ivan wrote cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mod_security Apache module and maintains a Web Security Blog. I would describe mod_security as a policy enforcement system for Apache, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 common market-speak would be host IPS. Ivan sent me a copy of his book specifically to review (thank you), but I will not be able to get to it immediately. It looks like just cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book for anyone wishing to deploy Apache securely, however.

My last O'Reilly book is Windows Server Cookbook For Windows Server 2003 & Windows 2000 by Robbie Allen. This book looks like a good companion to Learning Windows Server 2003. Windows Server 2003 is an OS I need to become more familiar with, since I expect to encounter it more often. O'Reilly Windows books tend to be very good, considering O'Reilly's open source advocacy and its historical ties to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 UNIX community. I hope I can find time for both Windows books.

I'm not sure when I'll get to this book, but I'll mention it anyway: InfoSec Career Hacking by Aaron W. Bayles, Chris Hurley, Johnny Long, and Ed Brindley. I'll read j0hnny's chapter on building a Knoppix-based test lab, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs seem somewhat dubious. I don't see how a whole book could give advice on "landing (and keeping) a job in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 infosec field." For example, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "incident response" chapter (11) looks extremely weak.

And now for something completely different -- Networking and Internetworking with Microcontrollers by Fred Eady, published by Elsevier imprint Newnes. Fred also has Implementing 802.11 with Microcontrollers: Wireless Networking for Embedded Systems Designers due out in September, and he writes articles for Circuit Cellar magazine. Reading this book is anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r opportunity for me to become more familiar with networking hardware.

If anyone has read any of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se books already, please post your thoughts.

No comments: