Information security book excerpts and reviews

Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Written by Niels Provos and Thorsten Holz
Published by Addison-Wesley
Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming and expensive. Now there's a breakthrough solution. In this hands-on book, two leading honeypot pioneers explain exactly how to implement, configure, use and maintain virtual honeypots.
>>READ AN EXCERPT FROM CHAPTER 11
>>LISTEN TO AUTHOR NIELS PROVOS DEMONSTRATE HOW VIRTUAL HONEYPOTS CAN COLLECT MALWARE

Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
Written by Peter Thermos and Ari Takanen
Published by Addison-Wesley
As Voice-over-IP (VoIP) becomes more important to service providers, carriers, commercial organizations and residential users, protecting VoIP communications becomes increasingly urgent. Drawing on case studies from extensive fieldwork, the authors address VoIP security from the perspective of real-world network implementers, managers and security specialists.
>>READ AN EXCERPT FROM CHAPTER 6
>>LISTEN TO AUTHOR PETER THERMOS REVEAL THE ATTACKS RELATED TO TELEPHONY SERVICES

Fuzzing: Brute Force Vulnerability Discovery
Written by Michael Sutton, Adam Greene and Pedram Amini
Published by Addison-Wesley
Fuzzing has evolved into one of today's most effective approaches to test software security, and this book introduces state-of-the-art fuzzing techniques that can find vulnerabilities in network protocols, file formats and Web applications. Throughout each chapter, the three authors also present several insightful case histories that show the bug-finding technique at work.
>>READ AN EXCERPT FROM CHAPTER 21
>>LISTEN TO AUTHOR MICHAEL SUTTON DEFINE THE PHASES OF FUZZING

Security Metrics: Replacing Fear, Uncertainty, and Doubt
Written by Andrew Jaquith
Published by Addison-Wesley
Using sample charts, graphics, case studies and war stories, Yankee Group security expert Andrew Jaquith demonstrates how to establish effective metrics that fit your organization's unique requirements. Jaquith explains how to quantify hard-to-measure security activities, compile and analyze all relevant data, set cost-effective priorities for improvement, and craft compelling messages for senior management.
>>READ AN EXCERPT FROM CHAPTER 6
>>LISTEN TO AUTHOR ANDREW JAQUITH EXPLAIN THE FEATURES OF A SECURITY SCORECARD

The Art of Software Security Testing: Identifying Software Security Flaws
Written by Chris Wysopal, Lucas Nelson, Dino Dai Zovi and Elfriede Dustin
Published by Addison-Wesley
The deck is stacked heavily against the software developer, and malicious hackers are ready to exploit today's many coding and design vulnerabilities. In this book, authors Chris Wysopal, Lucas Nelson, Dino Dai Zovi and Elfriede Dustin deliver in-depth, up-to-date, battle-tested techniques that can identify software security problems before the bad guys do.
>>READ AN EXCERPT FROM CHAPTER 11
>>HEAR CO-AUTHOR CHRIS WYSOPAL IDENTIFY COMMON SOFTWARE FLAWS

Endpoint Security
Written by Mark S. Kadrich
Published by Addison-Wesley
Despite massive investments in security technology and training, hackers are increasingly succeeding in attacking networks at their weakest links: their endpoints. Now, leading security expert Mark Kadrich introduces a breakthrough, "one-size-does-not-fit-all" approach to protecting all of your endpoint devices, from desktops and notebooks to PDAs and cell phones.

>>READ AN EXCERPT FROM CHAPTER 3
>>HEAR AUTHOR MARK S. KADRICH EXPLAIN HOW TO ENABLE NETWORK ACCESS

The Shortcut Guide to Protecting Business Internet Usage
Written by Dan Sullivan
Published by Realtimepublishers
The complexity of today's Internet threats demands that information security pros not only understand how they occur, but also how to combat them while avoiding costly countermeasures that provide more protection than an organization needs. In this eBook, author Dan Sullivan examines the critical business drivers enterprise security professionals must address to keep their corporations' information assets and its infrastructure secure.
>>READ EXCERPTS FROM CHAPTER 3

How to Cheat at Managing Information Security
Written by Mark Osborne
Published by Syngress Publishing
For information security managers, having a solid understanding of all major security issues is integral to effectively managing their departments and keeping privileged information safe. From designing remote access options to implementing security policies, author Mark Osborne provides in-depth information required to become a successful security manager.
>>READ AN EXCERPT AND DOWNLOAD CHAPTER 7

Business Continuity and Disaster Recovery for InfoSec Managers
Written by John W. Rittinghouse and James F. Ransome
Published by Digital Press, a division of Elsevier
Every information security officer would like to avoid a disaster, however its best to be prepared should the unforeseeable happen. In this book, authors John W. Rittinghouse and James F. Ransome provide operational security management techniques information security managers can use to establish and maintain an effective business continuity plan.
>>READ AN EXCERPT AND DOWNLOAD CHAPTER 1



Implementing Database Security and Auditing
Written by Ron Ben Natan
Published by Digital Press, a division of Elsevier
Because the database stores an enterprise's most valuable asset, its security should be a priority. From encryption to access controls, author Ron Ben Natan examines a wide variety of database security topics to protect databases and avoid a security breach.
>>READ AN EXCERPT AND DOWNLOAD CHAPTER 9



Securing Storage: A Practical Guide to SAN and NAS Security
Written by Himanshu Dwivedi
Published by Addison-Wesley Professional
Storage security is a crucial to protecting sensitive information and complying with regulations, yet it's often overlooked by security pros. In this book, author Himanshu Dwivedi explains the dangers of unsecured SAN and NAS systems and offers practical solutions for locking them down and keeping attackers from gaining access.
>>READ AN EXCERPT AND DOWNLOAD CHAPTER 2



Preventing Web Attacks with Apache
Written by Ryan C. Barnett
Published by Addison-Wesley Professional
Considered mandatory reading for anyone running Apache, this book provides step-by-step guidance on the exploits that target Apache servers and Web applications and how to defend against them.
>>READ AN EXCERPT AND DOWNLOAD CHAPTER 7




How to Break Web Software: Functional and Security Testing of Web Applications and Web Services
Written by Mike Andrews and James A. Whittaker
Published by Addison-Wesley
If your Web sites, applications and services are vulnerable to attack, you need to find out before a hacker does. In this hands-on guide, Mike Andrews and James A. Whittaker explain where to look for potential threats and how to conduct tests to prevent attacks.
>>READ AN EXCERPT AND DOWNLOAD CHAPTER 4



Software Security: Building Security In
Written by Gary McGraw
Published by Addison-Wesley Professional
In this book, author Gary McGraw begins where he left off in his best-selling book, "Building Secure Software," and teaches you methods for adding security to your development processes. He provides detailed explanations of risk management frameworks and processes, code review, architectural risk analysis, pen testing, security testing and abuse case development, and explains how to make them work for you.
>>READ AN EXCERPT AND DOWNLOAD CHAPTER 5



Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition
Written by Ed Skoudis and Tom Liston
Published by Prentice Hall
In the updated version of this best-selling network security guide, security expert Ed Skoudis teams up with Tom Liston to provide the latest information on hacker tools and techniques, and arm you with tactics for recognizing and preventing them.
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 7




The Little Black Book of Computer Security
Written by Joel Dubin
Published by 29th Street Press
This book is a concise guide to network security for IT managers and security practitioners. Topics are presented in an easy-to-read checklist format, making it a quick reference guide on a variety of strategies for securing enterprise networks and systems.
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 5, TAKING CARE OF PHYSICAL SECURITY
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 6, MANAGING HUMAN RESOURCES




Rootkits: Subverting the Windows Kernel
Written by Greg Hoglund & James Butler
Published by Addison-Wesley
Considered a "must read" for all security professionals, this book provides a detailed guide to understanding, detecting and preventing Rootkit attacks.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> SHARE YOUR OPINION OF THIS BOOK




Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day
Written by Ira Winkler
Published by Wiley
Using personal examples, Ira Winkler explains how easy it can be for anyone to infiltrate any company's confidential information and he offers advice on how to protect your organization.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> SHARE YOUR OPINION OF THIS BOOK



Information Nation Warrior: Information Compliance Management Boot Camp
Written by Randolph A. Kahn, Esq. & Barclay T. Blair
Published by AIIM Publishing
This book uses real-life stories to address the compliance needs of executives in the four key areas – IT, legal, business and records management. It offers handy checklists and tips to arms readers with tools for battling the compliance challenge.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> SHARE YOUR OPINION OF THIS BOOK



Information Security Policies Made Easy, Version 10
Written by Charles Cresson Wood
Published by Information Shield
Often touted as the definitive guide to information security policies, this book provides more than 1,360 pre-written policies organized in ISO 17799 format.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> SHARE YOUR OPINION OF THIS BOOK



Cryptography for Dummies
Written by Chey Cobb
Published by John Wiley & Sons
Learn the ins-and-outs of cryptography, from crypto basics to deciding what you really need.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> SHARE YOUR OPINION OF THIS BOOK

The Black Book on Corporate Security
Published by Larstan Publishing
This collection of essays focuses on security management topics ranging from intellectual property protection to identity theft. Each essay is written by a different author -- many of them vendors -- whose contact information is also included.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> READ A REVIEW OF THIS BOOK
>> SHARE YOUR OPINION OF THIS BOOK



The Art of Computer Virus Research and Defense
Written by Peter Szor
Published by Symantec Press
This book provides the computer science and mathematical theories underlying computer viruses as well as their history, starting with the "Creeper" virus in the early 1970s.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> READ A REVIEW OF THIS BOOK



The Executive Guide to Information Security: Threats, Challenges and Solutions
Written by Mark Egan with Tim Mather
Published by Symantec Press
Written for C-level executives, this summary of security challenges and practices provides concise, nontechnical, business-driven explanations of what information security really is and how it should be managed in the enterprise.
>> READ AN EXCERPT FROM THE BOOK
>> READ A REVIEW OF THIS BOOK
>> SHARE YOUR OPINION OF THIS BOOK



Outsourcing Information Security
Written by C. Warren Axelrod
Published by Artech House
This book provides an overview of outsourcing and the associated information security risks. In addition to discussions regarding the justification, risks, costs, benefits and evaluation of outsourcing, the author addresses the business decision process.
>> READ AN EXCERPT FROM THE BOOK
>> READ A REVIEW OF THIS BOOK
>> SHARE YOUR OPINION OF THIS BOOK



Information Protection Made Easy: A guide for employees and contractors
Written by David J. Lineman
Published by Information Shield Inc.
In this excerpt of Chapter 3: Security rules to live by from Information Protection Made Easy: A guide for employees and contractors, author David J. Lineman examines how complying with enterprise and federal laws and regulations affects information security and provides guidelines practitioners can use to protect themselves and their organization.
>> READ AN EXCERPT FROM THE BOOK

More chapters and reviews Information Security: Design, Implementation, Measurement, and Compliance PGP & GPG: Email for the Practical Paranoid Hacker's Challenge 3 The Case for ISO 27001 The Shortcut Guide to Automating Network Management and Compliance Nine Steps to Success: An ISO 27001 Implementation Overview Network Security: A Practical Approach Sarbanes-Oxley for Dummies Intrusion Prevention Fundamentals A Business Guide to Information Security Web Security Privacy and Commerce, Second Edition InfoSec Career Hacking: Sell Your Skillz, Not Your Soul Curing the Patch Management Headache Silence on the Wire Mergers and Acquisitions Security The Art of Deception: Controlling the Human Element of Security Cybercrime: Incident Respose and Digital Forensics High-Tech Crimes Revealed Hacking Exposed, Fifth Edition: Network Security Secrets & Solutions Phishing: Cutting the Identity Theft Line sendmail Milters: A Guide for Fighting Spam Exploiting Software: How to Break Code Hacking for Dummies Intrusion Detection & Prevention Know Your Enemy -- Learning About Security Threats Malware: Fighting Malicious Code Network Security: The Complete Reference