In studying security, it may bebennificial to the administrator to move past the practices that are current at the time and examine the underlying theory that the practices are based upon. For example, to determine what Network Intrustion system would be best suited for a particular enviorment it is usefull to have some understanding of the various types of NIDS systems. I offer the following reading list as a suggestion of items which may fit within the scope of the course:
Secure Computers and Networks, by Fisch and White One of the better introductions to security analysis and design I have seen. The book is written to be a textbook for a security class. Of particular note is the chapter on Risk Assessment. It does a good job at demystifying this nebulous subject and offers some simple metrics by which one can assess their current risk.
Security in Computing, by Charles Pfleeger. Another good textbook introducing security. I would suggest skipping chapter 2 for last, the encryption sections would have fit the end of the book better. There is an updated version out as of April, my reading was of the 1996 version. Dr. Pfleeger presents the various security models used in host, database, and network security in a clear manner. Of intrest to network administrators and sysadmins would be his discussion of covert channels.
Intrusion Detection, Macmillian Technology Serise This one presents a through introduction into the topic of Intrusion Detection systems (both host and network). The histroy part is a bit dry, IMHO, but if you are going to be tasked with deploying or selecting a Network IDS system, this book will allow you to go beyond the glossy paper and understand what that IDS system will really mean for you -- both good and bad.
Network Intrusion Detection: An Analyst's Handbook by Stephen Northcutt. Topics covered by Northcutt include recognizing attacks, weaknessess, and responding to incidents both as and after they occur. No matter how good your security, they will occur.
Information Warfare: Principals and Opperations by Edwand Waltz. Not a network security book, but the new buzz word is Informaiton Warfare. While Dr. Denning has written extensively on this subject, Dr. Waltz takes the military perspective on this topic. and covers the entire spectrum of information warfare in a lively manner. Increasingly our systems and networks will be targeted not by teenagers, but by orginized groups. This book will help you seperate the information on IW from the hype.
Slashdot Mirror
In studying security, it may bebennificial to the administrator to move past the practices that are current at the time and examine the underlying theory that the practices are based upon. For example, to determine what Network Intrustion system would be best suited for a particular enviorment it is usefull to have some understanding of the various types of NIDS systems. I offer the following reading list as a suggestion of items which may fit within the scope of the course:
Secure Computers and Networks, by Fisch and White
One of the better introductions to security analysis and design I have seen. The book is written to be a textbook for a security class. Of particular note is the chapter on Risk Assessment. It does a good job at demystifying this nebulous subject and offers some simple metrics by which one can assess their current risk.
Security in Computing, by Charles Pfleeger.
Another good textbook introducing security. I would suggest skipping chapter 2 for last, the encryption sections would have fit the end of the book better. There is an updated version out as of April, my reading was of the 1996 version. Dr. Pfleeger presents the various security models used in host, database, and network security in a clear manner. Of intrest to network administrators and sysadmins would be his discussion of covert channels.
Intrusion Detection, Macmillian Technology Serise
This one presents a through introduction into the topic of Intrusion Detection systems (both host and network). The histroy part is a bit dry, IMHO, but if you are going to be tasked with deploying or selecting a Network IDS system, this book will allow you to go beyond the glossy paper and understand what that IDS system will really mean for you -- both good and bad.
Network Intrusion Detection: An Analyst's Handbook by Stephen Northcutt.
Topics covered by Northcutt include recognizing attacks, weaknessess, and responding to incidents both as and after they occur. No matter how good your security, they will occur.
Information Warfare: Principals and Opperations by Edwand Waltz.
Not a network security book, but the new buzz word is Informaiton Warfare. While Dr. Denning has written extensively on this subject, Dr. Waltz takes the military perspective on this topic. and covers the entire spectrum of information warfare in a lively manner. Increasingly our systems and networks will be targeted not by teenagers, but by orginized groups. This book will help you seperate the information on IW from the hype.