This year has seen a steady increase in the number of new books being published on security-related topics. Since the year is about to end, I thought I’d round up a few of the best I’ve read, seen, or heard about, and comment briefly on each one!
Apache Security
O’Reilly
Published March 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0596007248/
This book covers installing a secure Apache web server, discusses a variety of attack techniques, and looks at securing a multi-user hosting environment. All round, an excellent book for webhosts or anyone running Apache on an Internet-accessible system! You can also rent textbooks to save money.
SSH, The Secure Shell: The Definitive Guide, Second Edition
O’Reilly
Published May 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0596008953/
This book takes a look at the SSH program, a replacement for telnet or rsh, providing an encrypted link over which programs can be run. SSH also contains programs for file copy, replacing rcp and perhaps even FTP! The book looks at the latest developments in OpenSSH and other SSH implementations, and includes some powerful examples including setting up SSH tunnels and forwarding systems.
Security And Usability
O’Reilly
Published February 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0596008279/
This book reaches a compromise between the two design goals of security and usability. I haven’t actually read this one, but everyone I speak to that has thinks its worthwhile!
Extrusion Detection
Addison-Wesley
Published June 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0321349962/
One of the few books in publication which covers the important topic of internal attacks! Again, I haven’t read this, but it is an important topic, and its nice to see books finally starting to appear to bridge the gap between the generic security books and the knowledge that network administrators need!
Cryptography In The Database
Addison-Wesley
Published May 2006
http://www.amazon.co.uk/exec/obidos/ASIN/0321320735/
This book approaches security from the opposite end to many; from the innermost structure in many applications. Databases are often left open to attack because it is assumed that the outer layers of a program protect any database access against exploitation. Using cryptography in the database helps to prevent attacks which take advantage of most peoples false sense of local security! Once again, this book is a much-needed addition to the stores!
If I’ve left out your favourite security book of the year, or, if you’re one of the lucky few, the book you wrote this year, don’t be offended! I just chose a few of the ones that stood out most to me. There were, as I said, a large number of books dealing specifically with security this year, from VPNs to SSH, rootkits to software vulnerabilities, Apache to IIS, and PHP to SQL. In each case, the books have contributed new and fresh ideas, shown the latest attack patterns, and offered advice for prevention, or, failing that, cure.
As the threat from malware, malicious hackers and even corporate software with unintentional (or intentional) security issues grows, books like these serve not only to educate the developer and system administrator in prevention, but also to alert the user to the threat. Most technical users cannot fail to notice the distinct rise in security related books this year, and should easily be able to correlate this to the ever-increasing threat as our world becomes ever more connected!