Open Source Books

Do you know how to manage your security log? If you don't, then this book is for you. Authors Jacob Babbin, Dave Kleiman, Everett F. Carter Jr., Jeremy Faircloth, Mark Burnett and Esteban Gutierrez, have done an outstanding job of writing a book that shows you how to exactly solve the various problems pertinent to log generation, storage, processing, and reporting.

Babbin, Kleiman, Carter Jr., Faircloth, Burnett and Gutierrez, begin by covering how to get more information out of your passive detection systems. Then, the authors explore how to find key events in the log files of your Web servers and their host systems, and correlating data to give you useful reports. Next, they illustrate the depth and breadth your security logs can cover. They continue by exploring what ESM is, how it works, and when and where it should be used. In addition, the authors go over each of the primary areas of focus, and show you some techniques you can use to best manage your log files. Finally, they show you how to build a toolbox of queries that you will have ready to use if needed.

The ideas and tools shown in this most excellent book will help your organization in several ways. Perhaps more importantly, if you keep all of the solutions shown in this book in mind, your organization should have a flexible, scalable, remotely accessible security reporting infrastructure that can bend to the needs of an organization.

When I received a review copy of Security Log Management (SLM) last month, I was eager to read it. I saw two very powerful but seldom discussed tools -- Argus and Bro -- mentioned in the table of contents. This indicated some original thinking, which I appreciate. Unfortunately, SLM did not live up to my expectations. When you strip out the pages of scripts and code and the three reprinted chapters, you're left with a series of examples of output from the author's deployment of several tools. Aside from a few examples mentioned in this review, I don't think readers will learn much from SLM.

The first problem with SLM is a lack of competent editing. Prior to publication, someone should have read the book from the reader's perspective, asking "what is the reader expected to learn from this section/chapter/book?" In other words, the editor should have asked "how is the reader supposed to implement these recommendations?" For example, Ch 2 mentions using the Bro IDS. Nothing about setting up Bro is included, which would be acceptable if a reference to an online guide or another book was given. That is not the case; the author just assumes readers know about Bro and have it running. The number of Bro users is probably less than 100. If you're one of them, you don't need to read this book!

Bro's DNS and SMTP logging modules are casually demonstrated with no regard for showing the reader how to deploy them. The Web module at least shows a sample mt.bro file, if the reader can figure out what that is or how it fits into the picture. The situation gets worse on p 101 when the author says "the SMTP module can be very powerful in helping to identify several of the 'Marcus Ranum' top mail-related statistics (Chapter 1)." Marcus Ranum is not mentioned at all in Ch 1.

SLM demonstrates two other features that are becoming increasingly common and frustrating in Syngress books, for which I detracted stars from the review. First, the editing is rough. I am perplexed by the inability to standardize on references to tools; e.g., is it bro, Bro, or BRO? Second, and far more worrisome, the last three chapters (7, 8, and 9) of SLM are reprints of chapters 6, 7, and 5 from the Feb 2005 Syngress book Microsoft Log Parser Toolkit. On the positive side, SLM did not have as many fuzzy screen shots as sometimes appear in recent Syngress books. The unexplained small, fuzzy, NetForensics screen shot on p 31 is one unwelcome exception.

In terms of stating a clear purpose and delivering material in a coherent manner, the best chapter in SLM is Ch 6 -- Scalable Enterprise Solutions. I thought the author of this chapter stated his purpose, and then delivered material that readers could use. My only problem with the chapter was reading the definition of ESM 5 times -- on pp 195, 196, 205, 237, and 238!

My favorite part of SLM was the material showing how to put Argus records into a MySQL database. This is not that common, so I was glad to see how the author implements that function.

I'm sorry I can't recommend reading SLM in its current form. Three stars means there is some value, but you could get what you need browsing in the book store. I would like to see a second edition of SLM cut out the reprinted chapters. That cuts the book down to 241 pages. If the 70 or so pages of code are moved online, that reduces the book to 171 pages. That leaves plenty of room to add material that meets readers' needs. An example of a very strong Syngress book on a related (host-based) topic is Host Integrity Monitoring Using Osiris and Samhain by Brian Wotring.

It is not often that I review a genuinely bad book, but this is one such rare occasion. It so happens that log analysis has been my primary area of focus for the last several years and thus I could not have missed a book titled "Security Log Management."

Yuck! The book starts from a hodge-podge of examples, which, if entertaining at times, doesn't lead to any meaningful lessons and thus doesn't deliver the value it could have produced. The same applies to material selection for the book, which, as a result, suffers from a compete lack of logical structure. Even the Ch 1 "Log Analysis: Overall Issues" barely touched on analyzing logs and clearly didn't cover any "overall issues." Also, authors have undoubtedly trademarked the concept of a random irrelevant picture or graph...

In addition, the book reveals many areas where authors are deeply befuddled. ESM chapter (`Enterprise Security Management') is one such example, where such confusion reigns supreme. They can talk about `ESM process' and claim that `ESM is not a tool' in one sentence and then describe `ESM tools' in the next one. On top of that, if you are looking for some arcane security humor, try understanding their ROI calculation in the chapter (`Cost of problem' + `Cost of solution' ...)

One would think that they can get something as (relatively) simple as firewall reporting right (chapter 3). One would think that - and one would be wrong... The reader is still left with no answers to questions such as `what summaries, statistics and reports he/she should collect and how to do it'

As far as style is concerned, the book carries unfortunate signs of being written by a group of authors who didn't talk to each other much. Furthermore, what adds insult to injury is truly excessive amount of quoted source code, which plainly doesn't belong in the book, but on the website, CD, etc (were editors asleep at the wheel?)

To conclude, the book does have some relationship to patterns and chaos: the patterns in your brain will immediately turn into chaos after you are done reading it, provided you would even finish it. My suggestion is to avoid this largely useless title and save the money for better books (such as Bejtlich's or countless others).

Dr Anton Chuvakin, GCIA, GCIH, GCFA (http://www.chuvakin.org) is a
recognized security expert and book author. A frequent conference speaker, he also represents the company at various security meetings and standard organizations. He is an author of a book "Security Warrior" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and the upcoming "Hacker's Challenge 3". Anton also published numerous papers on a broad range of security subjects, such as incident response, intrusion detection, honeypots and log analysis. In his spare time he maintains his security portal http://www.info-secure.org and two blogs.

I frankly expected more from this book. It is short (220 pages), and consists largely of screenshots of IPCop configuration screens interspersed with descriptions of what each page means. If you have no idea how a firewall works, this book will help you get started. If you have any significant networking experience and are looking for a book to assist you with configuring and debugging a network firewall, then it won't be of much help.

I use IPCop at a 30 users network. We also route specific applications through different T1 connections, and have plenty of custom iptables rules.
IPCop per se is a great product.
I can't say the book is bad but it does not add any substantial information to the documentation you can find at IPCop site and download for free.
Buy it only if you want to pay for freely available documentation or if you are a book bluff.

A lot of content but actually very few information. This book is boring. I read 200 pages (out of 320) and then I gave up.

The newest title in this series from Paraglyph Press, Degunking Linux is another winner. What is degunking? Whether you have just installed a system from scratch or inherited an already running system there are always programs, services, and configuration options that can be removed or changed to clean up your system. By cleaning it up you can get it to work more efficiently and leave it less prone to exploitation by others.

The author does a thorough job of examining most of the common program and configuration items that can clutter up a Linux system. Not just the Linux system itself, the book also examines configuration and of common applications like OpenOffice, Mozilla, and Evolution. There are much more detailed books on removing processes and default configuration options on the market, but they are generally under the heading of security and too advanced for the novice user. On the other hand, this book is written for the novice to intermediate user and really stands head and shoulders above other books for this particular group. In addition this book contains a good section on optimizing your X configuration, which can really improve your graphic performance. Degunking Linux is highly recommended for novice to intermediate users.

I am sorry to say this, but this has been one of the worst books I have ever read on Flash and/or other type programs.

I made it to Chapter 5, and was hoping it will get better, but no such luck..it was getting worse.

Particularly, whether you are an advanced or a novice programmer, if you try using the book's examples with the available downloads, it will be a nightmare.

Like the other review, i also was waiting for this book to come out, but found it to be pretty disappointing when it did. The topics covered are useful for real world projects but its the way the book is laid out that had me confused.

For example, in the section for installation of PHP the author describes what to do for Windows, then Linux then on the same page of installation for Linux it says about configuring PHP, does this mean for Linux or Windows or both? There are quite a few cases like this that spoil the book.

The books just seems a bit garbled and not put together as well as it could have been.

This is a solid book, with great examples of PHP and Flash together; however, this isn't ideal for PHP novices .

I've waited for this book for a while, and I put off sharpening my PHP skills until I received it. I wish instead I had more experience building MySQL databases with PHP first. It's odd, there is some introduction to PHP and MySQL, but it doesn't really prep you enough if you're a newbie...

The title "Bible" is misleading; rather, it's more a cookbook. There is a lot of great info in here- lots of code and explanation of it, but the scope of the explanation is only how it pertains to the example given. For example, while explaining an example to output dynamic XML from a database, the author only focuses on the PHP script to retrieve the data, then parsing it into XML. I would have liked to have seen the XML as a file and how the MySQL database was structured. It would be repetitive, but that's what makes a good teaching book- or at least a "Bible" book.

The other drawback for Mac PHP newbs will be: the author does a good job of explaining installation of Apache and PHP on Windows and Unix, but NOT Mac. I contacted the author as he promptly replied:

"The reason for no OS X install notes was due to OS X shipping with a version of PHP which would cause issues without a large amount of editing and modifying.. which I felt was beyond the scope of the book."

He did tho, create a forum on his website for readers to post questions. He quickly replies. On this forum I posted a walkthrough (with pictures) on how to quickly get PHP and MySQL running on your mac.

On the whole, it's full of excellent code and various examples, but the scope is narrow and explanation is right to the point. Experienced users will welcome it, others may feel discouraged and have to look to other sources to fill in the gaps.

I am not sure what book the previous reviewer was reading, but this is a good companion book to Google Hacking if you are trying to squeeze the most out of the Google phenomenon.

I don't use much Google Talk (most of the people I talk to use IRC, SILC, or AIM as real-time chat), but I have had the opportunity to use it some. I was looking forward to this book to see if it would be worthwhile to learn more about Google Talk and how to get more out of it. I have to say that I'm disappointed in the quality of the writing and the organization of the book. The writing tries to be cute and funny, but the clarity suffers dramatically for it (the requirements discussion in Chap 2, plug-ins in Chap 5, etc). Furthermore, the organization of the book jumps around too much, mixing core usage of GTalk and extra uses (ie video or audio chats) too much. If the book had kept a basic theme to it -- put the common stuff up front, then talk about extras slowly and with increasing complexity and rarity -- it would have helped. However, unlike many Syngress books, this one uses screen shots effectively and clearly.

Chapter 1 is sort of what you would expect it to be, an overview of many of the popular, modern chat clients: AIM, MSN Messenger, Yahoo!, ICQ. The author slams the competition and champions Google (Google fanboy-type stuff is pretty common throughout the book) as the savior of chat. Sadly, this overview is incomplete and limited, and sets the tone of the book.

Chapter 2 talks about installing Google Talk for Windows users, and spends a lot of time talking about tangential subject matter. This is where the book's main flaw -- poor organization and a lack of clarity -- really starts to show. The book wastes some space on requirements for video and audio chats (which are not core Google Talk uses), and really skimps on the installation.

Chapter 3 talks about using Google Talk for non-Windows users. This chapter is a bit muddled, and perhaps it's because the author isn't a native OS X or Linux user. A couple of things: really, any Jabber client can work (there are dozens), and Gaim is basically the same for Linux and other supported platforms.

Chapter 4 is perhaps the most poorly organized of them all. The chapter skips around in usage, talking about basic chat usage, contact management, then over to music listings, chatting, voice chats and voice mail, file sharing, and so on. The section on personalizing Gtalk is very poorly presented.

Chapter 5 is a lengthy, mishmash of a chapter on plugins. Had the author organized the plugins better this wouldn't have been so bad, but again, the quality of presentation keeps it unclear. I had to look at a few sections a couple of times to try and figure out what was going on, including the section on theme modification. I wound up more confused about these extensions as I went along. Not a very good thing in a book!

Chapter 6 talks about proxies (as you might find in a corporate environment, in a Tor situation, or with SSH tunnels). Sadly, the section on Tor talks more about Tor basics (very incomepletely) than about how to make GTalk work with Tor. Very lousy presentation of how to set up SSH tunnels, too, with incomplete steps at every turn.

Chapter 7 -- GTalk in the Enterprise -- is a neat idea, although it could have been implemented more completely. Because many enterprises have strict IM policies, they will either want to standardize on GTalk or ban it, and so both topics are (poorly, and incompletely) covered. I like this idea a lot, and I think this could have been more completely covered. I think that more books on applications should cover this sort of concept more often.

Two appendices round out the book. Appendix A covers video chats, and honestly should have been included in a standalone chapter devoted GTalk and video (and audio) chats, which would have cut down on a lot of the confusion in the "basic usage" chapter.

Appendix B covers free video calling software, and is kind of wierd -- it doesn't look like these apps integrate with GTalk, but rather would replace GTalk with video. I don't get why they're in the book, to be honest.

All in all not the best book I've read. I don't like writing negative reviews of books, but I have to be honest with this one: it's not well done. The organization is poor (it's downright confusing!), the writing is unclear (it tries to be too cute for its own good), and the coverage is weak and incomplete. If you want to learn how to use GTalk, look elsewhere, this one will not be of much use.

A helpful addition to your linux webserver library. Offers a few additional insights that I've not seen in other books and for the price, you can't lose.

In my opinion, the GDB quick reference that you can download for free is more useful. To go over the basics, this book is OK, but for daily lookup purposes, the quick reference is more useful.

I purchased this book as a "filler" to reach over $25 for free shipping. I'm a software engineer and do use GDB frequently.

I went to the meeting at which this was handed out, and left when I realized that most of those in attendance were retirees or students, and this book managed to discuss a topic I and 749 others have been pioneering since 1988, without ever once mentioning anyone else's effort.

I am not easily outraged, but this "immaculate conception" is on the one hand, encouraging (it only took CSIS 20 years to catch up with the rest of us) and on the other, infuriating because the arrogance and myopia of those who put this booklet (note the page count--26 pages) forward is unbounded on the one hand and so narrow on the other as to be clinically blind.

NewsFlash: Singapore is the only country that listened to me when I did my world tour in 1994, and they are well on their way to being the first "smart nation" but they are making the common mistake of believing in technology as a substitute for creating the world brain with real humans. The Nordic countries are close behind, and have pioneered Multinational Multiagency Multidisciplinary Multidomain Information Sharing (M4IS) and public sense-making (24 of us are pioneering public intelligence in the public interest)

CSIS has enormous potential that is failing to contribute to the public dialog because they lack the discipline and humility to reach out to multi-cultural pioneers. Hubris is fatal.

In the comment I provide URLs to material superior to this lightweight endeavor, all free. Below I list a handful of books from true experts:
Early Warning: Using Competitive Intelligence to Anticipate Market Shifts, Control Risk, and Create Powerful Strategies
The New Competitor Intelligence: The Complete Resource for Finding, Analyzing, and Using Information about Your Competitors
The Secret Language of Competitive Intelligence: How to See Through and Stay Ahead of Business Disruptions, Distortions, Rumors, and Smoke Screens
Strategic and Competitive Analysis
Super Searchers Do Business: The Online Secrets of Top Business Researchers (Super Searchers, V. 1)
The New Craft of Intelligence: Personal, Public, & Political--Citizen's Action Handbook for Fighting Terrorism, Genocide, Disease, Toxic Bombs, & Corruption

This library reference is very extended, up-to-date and cover every aspects of Python's modules ( string, regular expressions, ...). The division in themes ( Maths, Internet, ...) and in order of usefulness makes it easy to learn and get important information. The index and the table of contents make it very easy to find the appropriate method to perform a particular task. In addition, the style is concise and the presentation clear.

Nevertheless, this is only a reference : The examples are rare and insufficient to learn efficiently the language, unless you need'nt examples to learn all about a new language.

Therefore, this book should be used as a reminder or a quick finder, i.e. a reference book.

The subtitle of this book "Administration and Development" is comletely inaccurate. The foreward begins: "This book is for the JBoss content developer and administrator".

No it isn't. It should be called "JBoss Internals", which is what it actually covers. Whoever chose the title was an idiot. How anyone could imagine that a book on JBoss that doesn't cover EJB deployment is aimed at administrators is beyond me.

Less than useless (if I could give it zero stars I would), as the "authorized" book, it will actively discourage people from learning JBoss.

The chapter on security might as well be encrypted. The authors constantly use terms before they are defined. They rarely give a comprehensible overview of subjects, they just jump in and bury you with details. These are some very smart guys who don't know how to write a text book.

This a good book if you don't know anyting about JBoss, but it falls short once you detailed information. Check the JBoss forums for answers before buying this book.

Good book if you already know JBoss. If you're thinking of re-writing JBoss or just wondering how it works internally then this is good. Absolutely needs step-by-step guide on how to install a bean. Even the JBoss doc.s on the CD are very weak. Having used WebLogic and WebSphere extensively I have still spent 4 hours and not gotten a bean to deploy AFAICT. Oh yeah, no clients/usage are given for the examples; e.g. they show on p70 code and talk about the J2eeDeployer service as being a web service but give no example code or mention of how to use it! Oh yeah, p14 says to drop jar's in the deploy directory and they will be deployed automatically. Well, where are they? Where are the usage examples for the examples provided?

This book is a mess. It is rife with typos and confusing grammatical errors. Diagrams are cut off and/or poorly laid out.

This would be forgivable if the overall content hit the spot. However, as another reviewer noted, the main focus is on the internals of JBoss, not on how to use it. Ultimately, that's the biggest disappointment.