Security Warrior by Cyrus Peikari and Anton Chuvakin
ISBN: 9780596005450
This book is an excellent introduction into the world of computer
security. I was a bit surprised at the contents; the book features many
more offensive techniques, like reverse engineering binaries, performing
successful stack/heap overflows, attacks on a variety of server/network
platforms, and defeating IDS/forensic technologies. I had initially
expected the book to be more focused on security defense, which is
covered, but certainly not in a typical ratio. I wouldn't complain
though, because as is stated in this book several times, a good offense
is a good defense. For instance, upon introducing stack overflows, the
authors wisely quip how a company could save a great deal of money and
embarrassment if its employees found such vulnerabilities before they
leak into the wild.
If I did have one bad thing to say about Security Warrior, it's that I
happen to know quite a bit about its entire first section already, so I
found parts quite tiresome. Having already read such texts as Chris
Eagle's "The Ida Pro Book", this book's section on disassembly seemed a
paltry introduction in comparison; however, it seems this amount would
be about right to gently introduce someone to the subject, were they not
already aware of this field of computer security knowledge.
All in all, Security Warrior is a good introductory text to a wide
variety of computer security related topics, and hopefully the reader
will leave interested in implementing at least a few of the defensive
strategies listed, or want to become more familiar with some of the more
interesting attack vectors. Further reading/knowledge will be needed
other than the information found here in order to do useful security
work, but, Security Warrior certainly at least gets the ball rolling and
the interest piqued.
Categories: Book Reviews
ISBN: 9781886411951
How Not to Program in C++: 111 Broken Programs and 3 Working Ones, or
Why Does 2+2=5986
Do you enjoy puzzles? Do you enjoy debugging other people's code? If so,
you'll enjoy this book.
If reference materials or traditional educational coding books were like
newspapers, then this book would be the crossword puzzle page. Just like
any crossword puzzle, some sections are harder than others, and the
puzzles in this book are no exception. If you can't quite figure out the
subtle differences between pointers, addresses, double pointers, etc,
then this listing of the plethora of ways that you can get yourself into
trouble while programming in C++ will likely prove too difficult to
solve at parts. Without a doubt though, anyone who fully knows C++ (and
C, which is also covered in this book) and all its intricacies will not
find most of the puzzles exceptionally difficult.
That being said, the book still proves a good read for anyone of higher
programming skill; any reader will be scratching his or her head to find
the truly subtle ways that the all-too-simple-looking sample programs
have been broken. Luckily, there are helpful, very optional hints and
answers in the back of the book one can read in order to get thinking on
the right track without spoiling too much of the fun. Additionally,
throughout the book's puzzles, there are amusing programmer-related
debugging horror stories and funny programming quips that provide a
brief smile, even when one is wracking one's brains out to find the
misplaced comma, subtly misspelled keyword, missing semicolon, or
devious memory misallocation that is keeping the answer of the problem
elusive.
Categories: Book Reviews
ISBN: 9780596101510
This epically-titled O'Reilly book is a well-organized collection of
network configuration tips, stories, and common "gotchas", as told by a
self-admitted grouchy old network admin to younger, wet-behind-the-ears
network administrators.
The author, in a move uncommon to most networking manuals, just cuts to
the chase and says what needs to be said. Everything is told from a
Cisco perspective, with Cisco terminology, and the only hint of
variation allowed for is the occasional explanation when something is
radically (or subtly, in some way that would ruin everything when you
least expect it) different between CatOS and IOS. This is undeniably a
good thing; it keeps the book short, and realistically, Cisco is one of
the forefront leaders in the enterprise network market.
A wide range of topics are talked about – possible problems that you
could run into with auto-negotiation on your fast-ethernet network, how
to configure spanning tree or etherchannel, getting QoS to work
properly, and a whole host of topics one should know when creating one's
own medium-to-large sized network. Even for those that already know how
to implement these features, the author explains exactly when someone
would want to use these features and how they evolved, and how they
ought to be properly used.
I would recommend this book to anyone interested in enterprise
networking – ranging from the relatively professionally uninitiated like
myself (I only do networking administration for Computer Science House
at the Rochester Institute of Technology) to those who are just
transitioning from networking classes to actual jobs, who will benefit
perhaps the most from the book's tips and tricks from a person in
industry, or even the average middle-aged network administrator, who may
find a large portion of the book a snooze, but likely still pick up a
trick or two that was previously unknown.
Categories: Book Reviews
