Sponsored links

Valid XHTML 1.0!
Valid CSS!

Product: Book - Hardcover
Title: The C++ Programming Language (Special 3rd Edition)
Publisher: Addison-Wesley Professional
Authors: Bjarne Stroustrup
Rating: 3/5
Customer opinion - 3 stars out of 5
serial book

My impression from spending months with this book, using it as a guide for more obscure language features that I don't personally use (but others, whose code I support, do), is that it is a serial read. Many of the examples are built upon earlier chapters, and while it usually doesn't matter, I find myself going back again and again to try to figure things out (I don't have time to read it cover-to-cover). Luckily I kept my 2nd edition Stroustrup handy, and I use that instead fairly often. The index initially appears sparse and next-to-useless, but if it's not in the index, it's in the table of contents. I bought the first printing, which was my mistake; luckily the errata sheet is online. And to top it all off, the cover is really floppy, making it hard to hold anywhere but on a desk. But it looks good on my bookshelf.

Product: Book - Hardcover
Title: CCA Citrix MetaFrame XP for Windows Administrator Study Guide (Exam 70-220)
Publisher: Osborne/McGraw-Hill
Authors: Inc. Syngress Media, Melissa Craft
Rating: 1/5
Customer opinion - 1 stars out of 5

I've never come across a study-book so crammed with mistakes and contradictions. Check out the Admin Guide for Citrix XP, and Citrix' own Skills Update book, but not this piece of junk!Buy this book if you want to be confused.

Product: Book - Paperback
Title: Learning the vi Editor (6th Edition)
Publisher: O'Reilly
Authors: Linda Lamb, Arnold Robbins
Rating: 5/5
Customer opinion - 5 stars out of 5
Helped me to grok vi

This book is a great intro to vi for beginners and is an excellent desktop reference for people to keep handy. I keep it handy because I cannot always remember that obscure command that will rearrange my document with little effort.

Product: Book - Paperback
Title: The Tao of Network Security Monitoring : Beyond Intrusion Detection
Publisher: Addison-Wesley Professional
Authors: Richard Bejtlich
Rating: 5/5
Customer opinion - 5 stars out of 5
An excellent and comprehensive security book

Richard Bejtlich hits one out of the park with this terrific book. In one stroke, he moves the art and science of intrusion detection out of the little leagues and into the majors. If you've already run through articles and books with advice like "just load SNORT and start tuning", this book will shift you to an all-star level in which thousands of machines across enterprise networks can be monitored and protected.

Network security monitoring (NSM) is the discipline of collecting and interpreting detailed network traffic to find and foil attackers. Although it may seem like Intrusion Detection (and IDSs), the relationship between IDSs and NSM is like that between Bonzo the chimp and King Kong. Almost anybody could handle a chimp for a few hours - or you'd think so from watching the movies - but bringing King Kong into your neighborhood means you really have to know what you're doing. He'll take a lot of feeding and special care. On the other hand, he does much more than Bonzo can to protect your assets. Network security monitoring is the King Kong of intrusion detection techniques.

The author presents detailed information on a large variety of network traffic capture and analysis tools, techniques, and topologies. Nearly all are public domain and open source. The few exceptions are tools specialized for industry-dominating Cisco and its proprietary formats and protocols. A few hours on the Internet with this book in hand can give you just about all the tools needed to follow his examples and to build your own network security monitoring environment.

Basic network activity capture is addressed through packages like the fundamental libpcap libraries, and the tools Tcpdump, Tethereal, Ethereal, and Snort (in its packet-capture mode). Tools for converting, combining, and subsetting captured data receive equal attention, with working examples based on editcap, mergecap, tcpslice, the Berkeley packet filter (BPF) language, tcpflow, ngrep and others. GUI tools are touched on as well, including EtherApe and NetDude. For the more advanced topic of session data or "flow" capture (using the Cisco NetFlow data format), there are equally-detailed discussions of the Flow-Tools package, the Argus analysis tools, tcptrace, and others.

Statistical reporting and analysis gets a chapter, while alert processing (the classic IDS functions of Snort) get two, covering Bro, Prelude, and Sguil. (Although the book mentions Snort briefly, it assumes you have access to sufficient information to load and use Snort without assistance.) Much of the remainder of the book addresses the practical issues of installing, operating, and administering network security monitoring in the environment of an enterprise or Internet service provider.

It's refreshing that the software tools are not just mentioned, they are shown in operation in several scenarios each. The reader can see why they are important to the craft of network security monitoring, and can follow the examples on their own computer once the tools are installed. The author's style is not quite a tutorial, but it's easy to learn from him.

Most striking, perhaps, is the author's focus on completely professional installation and operation of this sensitive security function. He talks about network topologies and their effect on sensor placement. He provides alternative designs for the collection of data and for its analysis, usually on separate workstations. His stated experience is on large and very busy networks, so he addresses some difficult techniques (such as merging data from separate sensors to simulate a real-time data flow on a single machine) that are valuable and often mandatory in distributed enterprises. At the same time, his advice supports smaller networks and more limited security goals - you just have to pick and choose the items you need from the very large smorgasbord he presents.

So impressive is the technical detail, you could forgive it for being less than polished. But the writer is not just competent, he is entertaining and enjoyable to read. Between Bejtlich's skills and those of the editors, this book has no bizarre jumps of topic, no dead space, none of the clanging infelicities and groaners that haunt most of the technical books we read each month.

We should be clear about this book's audience: it is not an executive overview or a manager's guide. This is a manual for practitioners. It is pitched toward those who are comfortable purging a desktop machine and converting it into a single-purpose network sensor, those who can download source code and compile tools in multiple operating systems, those who will find it worthwhile to put their hands on and their hearts into a challenging and open-ended endeavor. But for those whom it suits, this will be an indispensable guide, the complete play-book of a fascinating new security specialty.