Monday, August 27, 2007 2:57 PM/EST
Richard Bejtlich has a great review of a Chris Sanders' Practical Packet Analysis. Rather than look to Sanders' book, here are my recommendations for getting to know Wireshark and for practical protocol analysis. Wireshark & Ethereal: Network Protocol Analyzer Toolkit from Syngress. I use this book about once a month while testing in the lab. You can go just about anywhere for a better basic and reliable explanation of IP than the one given in Sanders' book. Since I think anyone interested in network security should get it, try Virtual Honeypots: From Botnet Tracking to Intrusion Detection, which I reviewed here. The Wireshark also has a good FAQ that provides information about how to use the product and what to look for in a capture....
Monday, August 20, 2007 8:37 PM/EST
"Virtual Honeypots" is a must-read book that should be added to any security professional's bookshelf today. It's my "analyst's choice" for the month of August and well worth going out to your local bookstore to pick up a copy. Niels Provos and Thorsten Holz provide one of the best reference guides to honeypots currently available. The authors--Provos is a staff engineer at Google, and Holz a Ph.D. student at the University of Mannheim--go through the development of the honeypot through the lens of network and system monitoring. By setting up an observation system to see how it is probed, attacked or compromised, IT security pros can get a better idea of how to defend the systems under their care. While the book is easily accessible to any IT person, those with at least some experience with Linux--and with the willingness to use a Linux-based platform--will get the most out of...
Monday, August 13, 2007 6:41 PM/EST
Security consultant Christopher Wells has just written Securing Ajax Applications, $49.99 from O'Reilly. While the book is written for Ajax developers, I think it's more appropriate for business analysts who are specifying Ajax projects. Security Ajax Applications has a lot more to say to technically literate project managers than to hot shot programmers. Don't get me wrong, developers will get a fundamental grounding in creating secure applications. However, until security is specified as a program requirement by the people paying the developers' salary, Ajax apps will be developed as quickly as possible with little regard to security. Over the last two years there has been much heat in the security community about the insecurities of Ajax application development. Case in point was the presentation on Premature Ajax-ulation at Black Hat Las Vegas in August. The presenters, Bryan Sullivan and Billy Hoffman of SPI Dynamics (acquired the same day the presentation,...
