Domain: wilyhacker.com
Stories and comments across the archive that link to wilyhacker.com.
Comments · 8
-
Don't Panic PANIC BUTTON
netr00t's got solid advice for you.
http://slashdot.org/~netr00t
I would add, get a Lawyer, as in, have a Lawyer (anyway).
If you're in the USA, you should know by now, mostly morons make the "rules" of conduct, try not to participate.
Pay the Man:
http://www.forescout.com/index.php?url=products&se ction=activescout
http://www.winternals.com/
Useful:
http://www.sysinternals.com/SecurityUtilities.html
http://www.porcupine.org/forensics/forensic-discov ery/
http://www.fish2.com/tct/help-when-broken-into
Firewalls and Internet Security
http://www.wilyhacker.com/
First Ed. (online)
http://www.wilyhacker.com/1e/
Practical UNIX and Internet Security
http://www.oreilly.com/catalog/puis3/
FWIW
http://exuberant.ms11.net/index.html
http://exuberant.ms11.net/98sesp.html
http://exuberant.ms11.net/links.html
http://www.oldversion.com/ -
Don't Panic PANIC BUTTON
netr00t's got solid advice for you.
http://slashdot.org/~netr00t
I would add, get a Lawyer, as in, have a Lawyer (anyway).
If you're in the USA, you should know by now, mostly morons make the "rules" of conduct, try not to participate.
Pay the Man:
http://www.forescout.com/index.php?url=products&se ction=activescout
http://www.winternals.com/
Useful:
http://www.sysinternals.com/SecurityUtilities.html
http://www.porcupine.org/forensics/forensic-discov ery/
http://www.fish2.com/tct/help-when-broken-into
Firewalls and Internet Security
http://www.wilyhacker.com/
First Ed. (online)
http://www.wilyhacker.com/1e/
Practical UNIX and Internet Security
http://www.oreilly.com/catalog/puis3/
FWIW
http://exuberant.ms11.net/index.html
http://exuberant.ms11.net/98sesp.html
http://exuberant.ms11.net/links.html
http://www.oldversion.com/ -
some tech/science books
- The first edition of the classic Cheswick and Bellovin book Firewalls and Internet Security: Repelling the Wily Hacker is available in its entirety for free online.
- Black Box Voting - Chapter 01 Chapter 02 Chapter 03 Chapter 04 Chapter 05 Chapter 06 Chapter 07 Chapter 08 Chapter 09 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 Chapter 16 d - Appendix Footnotes Index
- http://www.physicsforfree.com/
- http://www.dctech.com/physics/textbooks.php
- http://www.nap.edu/books/NX005722/html/related.ht
m l - High Energy Physics - Fields
- Also, the National Academies Press says it has over 2,500 books on many different academic topics online for free.
- Open Source Development with CVS
-
Re:A total rewrite?On a side note, i've been toying around with the new
.NET stuff and it seems that their hope is to make the system more secure by basically having all the programs emulated by the framework, therefore nothing actually changes the OS, you guys think that's a good way to do things?The authors of Stopping the Wily Hacker certainly made their view concerning the
.NET security framework known. To paraphrase from memory : While the security features of .NET are many, the framework is complex, which is not an advantage in security. In fact, the book describing the security features are over 900 pages long, with many "Don't do this!" interspersed on the pages. In the authors view, quite alot of rope is handed out for you to hang yourself with. -
Re:Firewalls and Internet Security
The entire First Edition of this book is available online for free.
-
Mindset, Language, and Procedure
IMHO any information security professional needs to develop a professional paranoia, being thoughtful of potential risks and failures, and understand what might go wrong.
Reading Bruce Schneier's Secrets and Lies is a really good start in this area. It is a not very technical book, written at the level suitable for an IT manager. This is also useful to help explains risks, vulnerabilities, and failures to IT Management.
The ever so ugly covered Hacking Exposed, which explains the basics of what criminals (or attackers) do commonly to gain unauthorized access to (networked) computer systems. This is so you a) know how easy it is, and b) are familiar with an overview of the basic steps and techniques to gain illicit access.
For online resources, RISKS digest (not focused on malicious activities, but how systems fail - very insightful and low volume), and Bugtraq a full disclosure mailing list will show you recent exploits, and vuln notices, but it is fairly lacking in actual educational content, and there are several other mailing lists at SecurityFocus that could also be useful to developing professional paranoia.
Next you need the language and basics of information/computer security. For this textbooks like Computer Security by Dieter Gollmann, Information Security Management Handbook by Tipton and Krause, Practical Unix & Internet Security by Simson Garfinkel, Gene Spafford, Alan Schwartz, and Security in Computing by Pfleeger and Pfleeger.
For procedures look at CISSP study material, BS 7799 / ISO 17799, and security auditing and incident handling materials. Some knowledge of risk management can also be useful.
From these basics, of the right mindset, the common language of infosec, and procedures and policy you can get into the low-level details of firewalls, VPNs, IDS, and network design. For this you should have a good network/internetworking basics, a very detailed understanding of TCP/IP, and understand firewalls, VPNs, and IPsec.
Firewalls and Internet Security: Repelling the Wily Hacker, 2nd ed. by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin is a great place to start, and Building Internet Firewalls by Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman is a great follow-up. An alternative book on firewalls and VPNs is Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems by Stephen Northcutt, Karen Frederick, Scott Winters, Lenny Zeltser, Ronald W. Ritchey (crowd from SANS).
For networking basics, a Cisco certification like CCNA could useful in providing knowledge about internetworking and Cisco router's IOS. For the gory details of TCP/IP either TCP/IP Illustrated: Volume 1: The Protocols by Richard Stevens or Internetworking With TCP/IP Volume 1: Principles Protocols, and Architecture, 4th edition by Douglas Comer.
For IDS - Network Intrusion Detection: An Analyst's Handbook by Stephen Northcutt and Intrusion Signatures and Analysis by Matt Fearnow, Stephen Northcutt, Karen Frederick, Mark Cooper are the best IMHO.
I am not sure what to recommend for VPNs, other than you need to know about IPsec.
-
only 1st Ed available in full
Only the first edition of the book is available on the web in full at http://www.wilyhacker.com/1e/
The second edition appears to be only available in hard copy, for the full purchase price, although there are some chapter excerpts available for download.
-
It's on the web . . .
"Perhaps the greatest aspect of this book is its availability: it's on the web here." That should put that in the article.