Sponsored links


Valid XHTML 1.0!
Valid CSS!



Product: Book - Paperback
Title: Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition
Publisher: Addison-Wesley Professional
Authors: William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin
Rating: 4/5
Customer opinion - 4 stars out of 5
Fun and useful read


This great security book is written by the three famous members of asecurity community "old school". These people supposedly lived whendinosaurs roamed the Earth, when firewalls were a novelty andintrusion detection unheard of and TCP port 80 was referred to as "this new web thing. :-)
The book starts with an unusually exciting section on "securitytruisms", timeless principles that allowed the first edition (1994)to survive until the present time as a useful security book. The
principles will come handy for both hardened security pros (as review)and complete beginners (as a required mindset). "Keep it simple", "there is no absolute security", "defense in depth", "fix theweakest link" and many others still form the philosophical skeletonof modern security. In the same initial section, the ever-presentmystery of a security policy is covered in a clear and comprehensivefashion.
Many other great ideas (some of which are starting to be forgottensuch as "firewall is a gate, not a wall") are found in a book. Forexample, the benefits and pitfalls of crypto are also analyzed.
An interesting argument is provided on how graphical interfaces (GUIs)actually measurably decrease firewall security. While some might thinkthat "easy to use equals more likely to be used right", authors holda different opinion.
While much of the content is timeless, the book is fully up to datewith material on DoS (and DDoS) attacks, VPNs and web security. Eventhe debates on hiring hackers and eternal patching cycles find theirplace in the book insets. Firewalls are present in the book title, thus they get all thedeserved coverage with many examples of practical firewallconfiguration (Linux, BSD). Linux ipchains coverage is a bit dated,but can be used for the most part for the modern iptablesconfiguration as well. IDS are only mentioned, since the authorsapparently don't like them that much.
The book is understandably focused on defense. However, some novel(are they really - surely authors have a reference somewhere to a 1985paper where they were first covered? :-) ) attacks on routing arediscussed. Honeypots (in the form of a classic "An Evening withBerferd" paper updated with more analysis) are also discussed. Acouple more fun incident cases (such as "The Taking of Clark" wherean unknown attacker had a point at getting through to one of theauthors) are also presented.
It does inherit the properties of the first edition (now freelyavailable) and have everything to look forward to the long andsuccessful future. The book is strongly recommended for any securityprofessional.
The book also boasts many amazing references to securityresources. What made some of them surprising is their age. How about apaper on limitation of password authentication - from 1984?
Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a majorinformation security company. His areas of infosec expertise includeintrusion detection, UNIX security, forensics, honeypots, etc. In hisspare time, he maintains his security portal info-secure.org



Product: Book - Paperback
Title: Final Fantasy XI Official Strategy Guide for PS2 & PC
Publisher: Bradygames
Authors: Michael Lummis, Elizabeth M. Hollinger, Edwin Kern, Kathleen Pleet
Rating: 4/5
Customer opinion - 4 stars out of 5
FFXI


There are alot of guides out there that arent worth the money to buy. There are also some that are really worth it. This is one of those special few. This guide is the second of probably many more. It covers even more than the Fall edition. It covers everything from what are good character and job choices to locations and levels of almost all of the monsters. Even at the $20 price tag this is worth it. I give this book a 4 out of 5.



Product: Book - Paperback
Title: ASP.NET Website Programming: Problem - Design - Solution, C# Edition
Publisher: Wrox
Authors: Marco Bellinaso, Kevin Hoffman
Rating: 4/5
Customer opinion - 4 stars out of 5
Excellent book, but some code bugs


There is little here I can say that would not repeat the excellent marks given this book by other reviewers. I found this book to have lots of excellent ideas.
The problems I did have were related with the code examples itself, particularly the code that extends the role-based security. Compiling this code immediately generates tons of errors. Trying to use these code segments in my own custom code generated the same. Mostly due to illegal casting whereby an attempt was made to case the Context.User.Identity object to a custom object. It can be rectified, but it is not without a good deal of head-scratching and a few hours of trial and error. Overall this book is extremely well organized and written and contains some of the best ideas I've seen for making truly scalable sites, even over the MS sample enterprise architectures.



Product: Book - Paperback
Title: C++ Primer (4th Edition)
Publisher: Addison-Wesley Professional
Authors: Stanley B. Lippman, Josée Lajoie, Barbara E. Moo
Rating: 1/5
Customer opinion - 1 stars out of 5
Not the best out there


The content of the book is fair, however the organization is terrible. Some more complicated topics are introduced before simple concepts, or in some areas, complicated topics that were not discussed are used to explain simple ideas(it does get better after chapter 5 or so, but the first five chapters are the very basics that you should know before doing anything remotley complicated). For this reason, you should at least have your feet wet with C or C++ before reading this book.
Next, this is one of the few books I've read that has 'decent' quiz questions. But guess what ? There are no answers!
Some topics are not explained very well, again the author assumes you already know something about it.
The examples in the book are fair, but most of them are not 'real world'. In several places however, there are just fragments of code instead of a full example, which can sometimes confuse the reader.
This book should not be bought alone to learn ANSI C++ if you are just starting with the language, however it can be used in addition to another book.