Wednesday, February 17, 2010

Books on the Desk...

I thought I would post up some reference materials that I always have on my desk.

Snort IDS/IPS ToolKit: ISBN-10: 1-59749-099-7

This book is very well written and provide some basic and even more advanced understanding on the workings of Snort. Some of the highlights for me was learning about the pre-processors and how they handle traffic that thy receive. The author did an excellent job with the examples and his explanations of the subjects. Every thing from replaying a tcpdump-formatted Files, to suppressing events in the thresholds.conf file.

Guide to Computer Forensics and Investigations (4th Edition): ISBN-10: 1-4354-2819-6

This text covers nearly everything about forensics and the investigation process. While the author admits that it is not intended to be a manual, it is designed with all of the basics needed for a beginner to enter into this field. You will learn how to use various tools such as ProDiscover and FTK along with other tools such as linux LiveCD's. The exercises in the book are realistic and easy to follow. If you want something more challenging you can always take a USB drive and have your kids or your friends download some information and removed it, format the drive, and use the tools to practice.

Gray Hat Python: ISBN-13: 978-1-59327-192-3

This is a great book for learning how to get python to work for you while you are having some fun. Even experienced python coders will learn something from this book as the author covers the uses and inner workings of code fuzzers, debuggers, and exploit code. The text also covers some other topics that do warrant additional study, but the author covers enough of the topics to get you started within the scope of this books topics. Again, excellent read and recommended to any one who is looking into vulnerability identification and testing.

OSSEC HIDS Guide ISBN-13: 978-1-59749-240-9

This is a Host Intrusion Detection (HIDS) Guide for Open Source Security (OSSEC). The book covers all the aspects of installation and deploying the system in your environment. One of the big benefits and recommendations that come with this book, is getting exposure to an Open Source HIDS. There is greater flexibility with this product than with some of its competitors, such as Cisco, and provides compatibility with a wider range of platforms such as 64-bit Operating systems that are widely used today.

No comments:

Post a Comment