Security Books

Around the Horn was excellent. I especially like the trade logic in finding set ups off the daily charts to find day trades for the next day. It makes sense. In essence, the author teaches readers how to find buying or selling pressure from the prior day's session when the stock is otherwise pulling back or doing something else that indicates it's ready to resume its trend and then put on a day trade to profit from the follow-through the next few days. Different from most trading books out there because everything is practical and easy to implement and profit from immediately.

The book is full of robust patterns. Each is geared toward a certain market condition and each works well when applied as per the chapters in the book. Highly recommended.

To further incorporate the author's baseball jargon, Around the Horn is lean and mean, yet jammed with vital stats. Nearly every paragraph gives you a tangible idea that's easily understandable as well as theoretically palatable. There's no razzle-dazzle or wasted passages. It's the kind of book a systems' fanatic like me can't resist, and I look forward to converting Dr. Manz' setups into mechanical strategies.
Art Collins, author of
Beating the Financial Futures Market

I have been watching and using the setups in this book for about four months now and can say that when they present themselves in the "real world," they provide solid trading ideas. Dr. Manz posts a free list of the potential trades and how they relate to the patterns in the book on his traderinsight service, and that serves to clarify the ideas in the book and to point out which setups are working at a particular time and why. The author has answered my email quetions and provided links to free information that clarified any questions I have had. A great book, full of solid ideas and an author who is willing to support his work by interacting with his readers. Highly recommended.

Dr. Manz has put together a conservative trading methodology for those who are disciplined to follow it consistently every trading day. The book lays out step by step each of the patterns off the price bars on the charts. The methodology is based on the most basic market principles: Price and Time. A group of Price Bars not only represent the price action of the security, but also the psyche of the trader crowd at a particular time. An astute and experienced trader such as Dr. Manz recognizes these patterns that setup low risk, high probability trades for the next morning. Risk is managed by selection of near-by natural price action support and resistance. As one reads on and studies the charts and trading guidelines, one notices the absence of typical computer generated indicators.

The methodologies are fully revealed and explained with no secret "trading tool" withheld. The TraderInsight web site publishes every day a "Stocks to Watch" list and a very thorough review of the preceding day's performance. This review covers the potential entry and exit points, as every trader's real time execution would be different. For further learning, one can visit the trading chat room and observe how various traders successfully execute these setups.

The setups look nice and simple to apply when you read the book, but it does not give the same results when it was used in the real world of trading. It did not hold water when it was back tested. It is lacking lots of stuff to be useable or profitable. The book is big in size and empty of good reliable trading ideas. I personally recommend Dr.Elder or Tony Oz or Ed Ponsi Trading books and methods, for whoever wants good ideas for trading which will give good results in the markets; These authors offer way better alternatives to this elementary book of trading (that has few selected poor trading examples every one in more than one big page.)
Who needs this big size empty papers? Even this inflated appearance of the book does not off set the lack of substance. I am not convinced with the five star reviews because they do not specifically say why they like the book even if it does not give a single strategy that can give good results with mechanical or discretionary trading. Stay away from this book, or at least open your eyes wide when you review it, before you decide to buy it or not. Good luck any way.

I often play with Nigerian scammers though not to the extent that the author does. Some of his responses to the scammers email are really funny. A lot like the annals of "The Porcine Princess".

There are some hilarious pages in this book, some that had me crying and unable to speak. If the author had a little more variety it would have been a great book, but it did seem to repeat its formula in the responses to the email scams after a while.

A laugh-riot from start to finish--the funniest book I've read in years.

This was one of the funniest books I have enjoyed in a long, long time. The content is fun and light and makes for an easy read. There were times I had tears in my eyes and pain in my stomach from laughing so hard. It's an excellent book for when you need a break from this mad, mad, world.

It's one of those purchases you won't regret.

Highly recommended!

The Publishers Weekly review above is on the money, in that this book is gleefully offensive.

I'm fine with that.

If you're fine with that as well, this book will make you snort with laughter at inappropriate times. Do not read while sitting in bed next to your sleeping spouse. She will eventually punch you in the chest for waking her up.

It'll be worth the bruise.

When you're working with Group Policies or Profiles, it's simple: you must read this book. Jeremy Moskowitz learns you the tough parts of Windows in his own matchless style.

This book isn't for beginners but if you're a network or systems administrator it is an excellent source of group policy information for Windows servers and workstations (2000, XP, and 2003).

Great read and very informative. I've been using it as a reference ver since. Keep up the great work Jeremy!

Jeremy Moskowitz books are easy to read. He gives you great examples.

For managing GPOs for locking down servers, this is not a complete book. This is an excellent book for managing desktops or workstations, laptops and terminal servers. There are many user rights assignments and security settings that are left completely out of this book.

Updates:

Since the author commented, I feel it's only fair to elaborate on some of the items, either as a thought for a "Group Policy - locking down your servers" book or possibly a future update to this one.

Most of the User Rights Assignments are the most sensitive rights you can grant. Several of them provide the ability to impersonate other users, including the obvious ones (Impersonate client after authentication). Other rights don't actually provide the functionality that users likely think (Create permanent shared objects - you wouldn't believe how many application teams thought this would let them share folders and printers). At the very least, a detailed list of rights that should be granted per setting for complete OS functionality(changing Impersonate Client... without granting the right to the Service builtin object will break a server running Windows Server 2003 with SP1, but have no effect on other versions of the OS) would be very helpful - the defaults for Windows Server 2003 and Windows 2000 Server are completely different.

Personally I think that another book about securing your servers via GPO would be nice. Not everyone should be securing their servers via GPO and it may add a certain level of complexity to an application environment that is not desired, but for larger environments that require an automatic mechanism to correct any security deficiencies or changes, GPOs are an excellent solution. A book that would cover Windows 2000 Server, Windows Server 2003, Windows Server 2008 (or whatever Longhorn ends up being called) and the differences between the OS versions, would be fabulous for a security/AD/GPO admin in any environment that is much more complex. Particularly in a complex environment, all 3 versions of Windows Server that GPOs apply to should be covered. Many larger companies are slow to adopt new versions of software or upgrade that which they already have (if it ain't broke, don't fix it!), so finding OUs that have Windows 2000 Servers and Windows Server 2003 machines in the same structure of your organization is definitely far from abnormal and providing the reference to effectively secure all of the GPO functional server operating systems (or at least the MS ones).

I understand that the intention of this book is to talk about basically the user environment portions of the GPO, but the name doesn't define that, so won't update my rating. Maybe if it had a companion for the machine-side security related settings...

THE RIGHT TO PRIVACY is an excellent legal resource which can be read by legal scholars, however, lay people need to consult a legal dictionary from time to time. But the book clearly establishes how the right to privacy applies to every citizen when used against several aspects of everyday life the citizen comes in contact with. Caroline Kennedy, along with Ellen Alderman, has proven her excellent legal scholarship which, in my opinion, qualifies her as attorney general and/or associate justice of the U. S. Supreme Court.

This book starts off Rated R. I wish I could give a copy to my teens, but it gets a little too descriptive (necessary for impact though) of police violations on women. However, I thoroughly enjoyed this book. (Maybe when they're older...) It is a collection of some landmark cases, conflicts, and horror stories of the reality of our government's instrusiveness into people's personal lives. It is an eye-opener to those who blindly follow government orders. I'm comfortable reading legal documents, but I thought one of the book's better points was that it put legal terms into layman's terms. I found the book so lively and intriguing I finished it in a day! I definitely recommend this for anyone concerned about government instrusiveness and loss or interpretation of constitutional rights.

a bit boring but just shows what big brother can do to innocent people . good to see caroline standing up for ordinary people .

I enjoyed this book, even though it is heavy on legal court cases. Don't let that fool you, though, it's not a legal reference. This book covers significant cases in privacy using a very interesting approach. There a interviews and behind-the-scenes stories that explain what happened, how the plaintiff felt, and what the outcome was.

If you liked this book you will love "The Digital Umbrella." It is a great compliment to this book.

This book is written by a couple of lawyers who specialize in privacy issues. It is essentially a collection of thoughly researched court cases with added commentary from the authors. As such, it reads like...well... a collection of court cases.

A copy was originally lent to me by a very well-read and intelligent friend of mine who considered it overly dry. I, on the other hand, loved it. It's very details-oriented from cover-to-cover and packs in a wealth of information that is invaluable to anyone interested in the legal aspects of privacy.

This book is a great introduction to the world of NSM (Network Security Monitoring). The basic idea is that security defenses will fail at some point and that to realistically improve the security posture of an organization NSM is needed.



The book starts with an introduction to risk analysis. It then describes how to build an NSM platform using open source tools, FreeBSD, and network taps / SPAN ports. It also includes some case studies and a lot of material on the operational aspects of running a NSM team.



I really like Richard's style such as his footnotes with related papers.

Be sure to check out the author's blog at http://taosecurity.blogspot.com/.

It's hard to add much that isn't said by the 17 other 5 star reviews, but this is easily my favorite security book. Aside from ascribing me to the theories of NSM -- that visibility into the network provides the critical information required to accurately diagnose and respond to security issues -- and being an excellent read, this book is also a fantastic reference. As I've implemented NSM in my environment, I haven't stopped referencing the book to find tools that might be better suited to jobs, or to find tools that have all but vanished from the face of the earth. I thoroughly recommend this book to anyone responsible for the security of any size network.

Cuts right to the chase. Worthy addition to any serious network security library.

A problem with the approach many people take to network and security monitoring is that they expect it to be plug and play. Install the software and then stop attackers in their tracks. If only it was so easy. But one can't simply install monitoring software or an IDS, collect data and expect it all to correlate and correct itself.

The beauty of The Tao of Network Security Monitoring : Beyond Intrusion Detection is that it shows how network monitoring requires a strong discipline to truly have an effect on security.

The book is written for the person; primarily a system administrator or security engineer whom truly wants to use an IDS to manage and secure their network. This is not an introductory text, rather it is written for someone not scared of downloading and compiling code. If you are looking for an intro to IDS usage, this is not the book for you. This is a book about someone who has an IDS, and needs to find a way to use it and tune it for maximum usage.

The book has a near endless supply of network traffic capture and analysis tools, techniques and network topologies. Beyond simply providing a list of software tools, the book shows how to install and configure a variety of these tools. Rather than wasting pages and screen shots detailing how to download and install the software mentioned; the book shows how to use the tool in the context or Tao of security monitoring.

In addition, the author emphasizes the point that the people are a crucial aspect of effective network monitoring. The ultimate success of any IDS is directly tied to the analyst behind the console. They are the ones making the decision on how to respond to an incident, and if they are not appropriately trained, all of the hardware and software will only provide a fraction of it potential.

With that, The Tao of Network Security Monitoring should be considered required reading for anyone using an IDS or responsible for its use. If you have staff using an IDS, ensure that they have read The Tao of Network Security Monitoring as it will educate them in truly understanding how to monitor a network.

I am not sure how I was first introduced to the author, Mr. Bejtlich. I cannot remember if I first noticed his work via his excellent blog or this, his first book. Either way, after reading "The Tao of Network Security" by Richard Bejtlich, I feel he has prepared and educated me in a way unlike any other author. The first item you must recognize is the tone that this book dictates right from the outset. The book begins by citing many different authors, their books and their value. I knew immediately that I was in for a treat. And I was right!

I will not attempt to offer a full review as I feel one can gather from other reviews the value of this book. The book is basically broken up into 5 sections. The first 100 pages is an intro to Network Security Monitoring (NSM). The second part is dedicated to the different ways to monitor - I particularly like (and agree) with how the author broke up the different ways of cataloguing NSM - full content, session, and alert. The third section describers NSM processes and the fourth section describes NSM people.

The book, overall, is a superb resource. Not a page goes by without some screenshots of TCPDump, UNIX configs or diagrams. I have heard others' mention they have been given this book to read in their classroom study and I can see why.

I give this book 5 pings out of 5:
!!!!!

If you are considering buying any guide for Check Point Firewall-1 NG buy this one first and forget the rest.

Don't let the author's "phoneboy" aka make you think twice. This is one of the best guides I have ever read. Most are dry boring and overly technical. This guide is a very easy read, it is well written and to the point and covers all aspects of Check Point Fire Wall thoroughly.

Welch-Abernathy has taken great care to present installation, configuration and troubleshooting in a manner anyone will understand, whether you are seasoned pro or just getting started. He has covered all OS models and taken many of the trobleshooting questions from his site FAQs at www.phoneboy.com and shown examples of how to understand and correct them. In addition to actual Q and A, he outlines the step by step sample configurations excellently with actual scripts, screenshots, notes and diagrams.

Welch-Abernathy also guides you through creating network structures on a scale that allows someone new to Check Point to design and impliment smallto medium network configurations in easy to manage ways.

The author starts out buy giving a great overview of firewall security technologies and there relation to OS Models while comparing the benifits and short comings of both.

Welch-Abernathy then guides you through the installation and developing your rule base. He includes tables and charts to show examples of each and backs up his examples with the most common Q&As making an installation seem like a breeze.

The authors explanation of remote access, NAT and high availability servers don't get any simpler. Any Admin who needs load balancing and fail over on a server cluster should keep this
guide around for refferance as well as daily use.

In addition to the main body of knowledge Welch-Abernathy also includes a great appendex covering OS Bastion security that is not only simple it is direct as well. Also included in the Appendices are a use policy template, ldap configuration, fine tuning for performance and two pages of concrete internet resources.

The author starts out buy giving a great overview of firewall security technologies and there relation to OS Models while comparing the benifits and short comings of both. I also found his overview and specifics of the licensing to be very helpfull.

Welch-Abernathy then guides you through maze of the installation process and developing your rule base. He includes tables and charts to show examples of each and backs up his examples with the most common Q&As making an installation seem like a breeze.

His examples of authentication, encyption and vpn make this a must read for anyone running Check Point on a corpoarte network.

I also found his overview and specifics of the licensing to be very helpfull as well.

If you are running Check Point Firewall-1 or considering using Check Point Firewall-1 you won't go wrong by putting this one in your library.

Alot of subjects in IT and security are covered over and over with a mass of books that may be a little better or a little worse, but are essentially identical. While Checkpoint is a less crowded topic than, say, NT Administration, I suspect this book will continue to stand out. In researching Checkpoint issues I've been struck by the extent to which "Phoneboy" is personally identified with the topic, both by newbies and by seasoned professionals. It's for good reason. This book is extremely thorough (within its scope) and brings alot to the table in the way of the details that a professional would need. I've read alot of technical texts, but this one stands out, both generally and with the specific topic. The book is written well, with a good structure and giving useful examples. I found the bug reports and known issues particularly useful. As a technical resource it seems unmatched. It was an excellent resource, both on the job and in earning my CCSA.

Each chapter of the book starts off with describing what the reader will learn or accomplish by reading that chapter. This sort of information is helpful for allowing readers to skip information that may not be useful to them and find the answers they seek. Many of the chapters also contain FAQ's and sample configurations and illustrations to help reinforce the information.

The book tries to cover a very broad scope and apply to a wide audience. It contains information all the way from holding the readers hand if they are new to Checkpoint Firewall-1 NG to providing detailed troubleshooting and configuration steps for experienced Checkpoint administrators.

I have never administered a Checkpoint firewall personally, but I found the information mostly straight forward and understandable. Again, this is not a book one would typically read casually, but for anyone who administers a Checkpoint firewall or is looking at installing a Checkpoint Firewall-1 NG system this is an excellent source of information.

(...)

Checkpoint FireWall-1 has become one of the top firewall software products in the industry. There are many reasons for its predominance. It was the first commercial
firewall on the market, but more importantly, the FireWall-1 GUI and its ease of use impressed corporate CIO's.

Although FireWall-1 is easy to use, some users face difficulty in configuring the product correctly and appropriately. In fact, one of the biggest dangers of a firewall is that it can
provide a false sense of security; if not properly configured, a firewall may have so many holes that it actually functions as nothing more than a router. Firewall expert Marcus
Ranum notes that, "...eventually, if enough data is going back and forth through your firewall, it is no longer a firewall -- it is a router."

Many times, firewall administrators are hired not because of their expertise in information security, but because they know network and systems administration quite
well. Many FireWall-1 administrators start with zero experience and knowledge. This is good from a job security and training perspective, but terrible from a security perspective.
Despite the proliferation and ubiquitous nature of FireWall-1 over the past decade, it is only in the last few months that any worthwhile books on FireWall-1 have become
available. One of the best is Essential Checkpoint Firewall-1: An Installation, Configuration, and Troubleshooting Guide by Dameon Welch-Abernathy. Welch-
Abernathy maintains a Web site, ..., which contains information on anything and everything related to FireWall-1. In fact, many FireWall-1 administrators have
... bookmarked as their prime site for FireWall-1 information, even before the Check Point support site.

Although the documentation that comes with FireWall-1 is quite good, Essential Checkpoint Firewall-1 often surpasses it. This is what makes Welch-Abernathy known as
the man for FireWall-1. Even Nir Zuk, who was a principal engineer at Check Point, stated that Welch-Abernathy's knowledge of FireWall-1 in many cases surpassed the
knowledge of Check Point's own engineers.

As its title implies, the book covers the installation, configuration, and troubleshooting of FireWall-1. Whereas the product itself is pretty straightforward to install (except for the
software license information), the real challenge is in the post- installation arena. The book has 14 chapters and, by Chapter 3 (page 34), the book is already into FireWall-
1. Other books often include up to 100 pages of filler on topics such as computer secrity, cryptography, threats, etc., and don't get to the main subject until half way through the
book. Chapter 4 of this book provides a thorough overview of how to build a rulebase. The chapter describes the various fields and objects that need to be created for the
firewall to be effective. Although the simplicity of the Check Point GUI is obvious, the definition of names, network objects, and so forth, must be carefully planned -- especially
for rollouts of FireWall-1 in large enterprise environments.

Chapter 8 provides an excellent overview of content security. FireWall-1 is built on its patented Stateful Inspection capabilities, but it has other security facilities including CVP
(Content Vectoring Protocol), UFP (URL Filtering Protocol), and others. The chapter describes much of the secondary content protection capabilities of FireWall-1. Such

capabilities are crucial in light of the volume of information that passes through corporate firewalls (including streaming media, email, files, Java, etc.).

Essential Checkpoint Firewall-1 covers all the crucial topics that any FireWall-1 administrator needs to know. From authentication, VPN, logging, high availability, and
more, it is all there. This is what makes Essential Checkpoint Firewall-1 the book of choice for FireWall-1.

This is one of those rare books that delivers what the title claims. It gives in-depth instructions on Firewall-1 installation, configuration and troubleshooting, and also includes additional material on security and networking that goes beyond what the title promises.

What I especially liked about this book are the little details that have a big impact if they're overlooked. Notable examples include:

(1) Quick, but thorough, introduction that provides an overview of firewalls at a general level, and the key features and benefits of Firewall-1 in particular.
(2) Issues, such the need for a security policy, are addressed early on. This is an important consideration and the author goes beyond merely highlighting the need by giving you a brief template to use in creating one.
(3) Guide through the labyrinth of Check Point's Firewall-1 licensing schemes - this is a nice touch because mastering the technology is a less daunting task then figuring out Check Point's sales strategy.
(4) Strengths and weaknesses of candidate operating systems, and a straightforward process for installing and configuring Firewall-1. The latter is a strong point because you'll benefit from the author's extensive experience and will save time by having a strategy instead of getting bit by obscure issues and learning painful lessons.

I like the way that each section ends with frequently asked questions. The author anticipates and answers common questions about installation, configuration and troubleshooting. Because of the way this book is structured it can serve as an off-the-shelf implementation and maintenance guide, eliminating the need to develop this material in-house.

This is one of the best written and well thought-out technical guides that I've had the pleasure of reading. It sets a high standard for similar books, but more importantly, it so completely covers Firewall-1 that you won't need anything but this book to implement and support this product.

I make it a point to read pretty much every book that comes out about Iraq and environs. Though there has been no recent shortage of first-rate books about the region, this one packs a punch like you wouldn't believe.

To tell you the truth, I haven't seen the book since I first lent it out. The guy I lent it out to lent it out to someone else and so on and on. That I have yet to get it back should tell you something.

The basic story is that Steven Vincent was your typical dingbat liberal living in the Big Apple as an art critic, believing that God was in his heaven and that all was right with the world . . . and that in particular Islam was a basically peaceful but tragically misunderstood religion.

Then September 11th happened, and in a fit of shock, grief, duty, and curiosity, Vincent hied himself off to desert lands as more or less a roaming reporter for hire.

The book relates his transformation from smug liberal to one who was truly concerned about constructing a fairer portrait of the chances for peace and progress over there.

So far, so good. And whatever you think of his politics, and whatever your position on the war is, and blah blah blah blah.

Listen: the thing that really pushes this book over the edge into the realm of greatest books I've ever read is what happened to Vincent after he wrote it. I won't spell it out here, but you can easily find out on the net.

God, knowing the real ending makes the final third of this book unbearable. Truly unbearable. Some of the most emotionally exhausting and harrowing reading I've ever done.

See, he meets this woman named Nour. And God! God! I can't take it.

Sparrow, O sparrow!

This book manages to deliver a concise, beautifully written account of Iraq, as seen through the eyes of Iraqis and foreigners living there in the early post-Saddam years. We hear from Iraqi men and women of all backgrounds, American "activists", soldiers, policemen, and clerics...to name but a few!
Mr. Vincent begins his journey on the highway that leads from Jordan to Baghdad. This highway gives the reader a pretty good idea of what Iraq as a whole will be like. On it, shiny SUVs and junkmobiles alike zoom at breakneck speed through the desert, avoiding roadside thieves and potholes. Should travelers need a break, they can lounge on one of countless picnic tables installed in years past on this road by Saddam's "planners", and refresh themselves with blasts of wind and sand under the 116 degree sun.
The author travels to Baghdad, the Sunni triangle, Kirkuk, Basra, and to the Holy Shia cities in the south. He reports the views of the cynics, and the disillusioned, as well as those of the (not at all scarce) intrepid optimists who persist in believing in the possibility of a democratic Iraq.
Mr. Vincent doesn't mince words as he describes the many unpleasant and even horrible scenes he finds throughout the country, but also of the growing pockets of Iraq reclaimed from destruction. Throughout he gives a very even-handed account, such that we can identify with both foreigners and locals, and with passionate Iraqis on opposite sides of many ideological wars.
I found his chapter on the Shiite pilgrimages and holidays, excellent. (In order to gain entry to these, he poses as an American Shiite, and must recite boilerplate Muslim creed in his broken Arabic). Here, we join him in his immersion and admiration of the Shiites' as he recounts their history of perseverence in the face of centuries of Sunni domination, but we also join him as he confides his more cynical verdicts on the Shia glorification of bloodshed and death he witnesses during several religious celebrations.
I also found his chapters on life in Basra outstanding. Here Mr. Vincent recounts his experience under the wing of a brave and iconoclastic Muslim woman, Nour, a Basra native. As his guide, she risks her reputation and indeed her life (she receives serial threats from those who view her as out of line), as she guides him to interviews with mullahs, fanatics, moderates, opportunists, party figures, and soldiers, and translates for him their warnings, criticisms, and their....occasional admiration, accompanied by pleas to carry on, and report the truth about Iraq and their dreams for its renewal as a nation finally free from dictatorship to us, the future readers of their story.

Freelance journalist Vincent first visited Iraq in September 2003. While other reporters sheltered in insulated compounds or heavily-fortified hotels of the "Green Zone," he lived and traveled in the "Red Zone," that is without security and among ordinary Iraqis. In all, Vincent has penned one of the best-written accounts of post-Saddam Iraq, one of the few that captures the debates, issues, and contradictory emotions that Iraqis are juggling.

In the Red Zone fills a void left by the many think-tank pundits, academics, and journalists who wrote books in the wake of Saddam's fall, where the Iraqi voice is often lost. Vincent's account has the advantage of bringing to light his encounters with ordinary Iraqis. Among other experiences, he was in Karbala when a series of bombs killed 140 in the city in March 2004; and while traveling in Basra, he was briefly interrogated by U.S. intelligence. He makes no attempt to cover the minutiae of daily Iraqi politics but instead takes a big-picture approach.

That said, In the Red Zone has its limitations. There is little discussion of the Kurdish issue and minor errors of fact pop up--for example, the date when Iran's Safavid dynasty began.

In contrast to the usual journalistic practice of adding color to an article by including an occasional man-on-the-street interview, usually conducted by an Iraqi assistant, Vincent provides a deeper insight into Iraqis. He introduces the reader to Qasim, a Baghdad art gallery owner who, because of a club foot, managed to avoid the carnage of the Iran-Iraq war; Assad al-Abady, deputy director of the Iraqi National Organization for Human Rights; a secular Sunni woman torn between her love of freedom and the "humiliation" of having it delivered by foreigners; a Fallujah policeman who swears blood lust against Americans after U.S. soldiers kill his son; a Shi'ite taxi driver still euphoric over liberation; and a Christian woman in Basra whom Vincent later learns had been raped in her youth by Saddam's police.

Vincent also spent time with foreigners. He details a long conversation with a Canadian antiwar activist who lectured him about U.S. "human rights violations" but would not condemn insurgent terrorist attacks on Iraqi civilians or visit Saddam's mass graves. Vincent also describes a surrealistic encounter with CodePink, an American peace group, during which one member doubted that Saddam really was that bad. He also notes the Iraqi reaction to Western peace groups. "How can people accept for so long the crimes of a dictator, then rise up to try and stop a war begun to remove that dictator from power?" one Iraqi lawyer asked. "Antiwar activists should examine their consciences."

Michael Rubin
Middle East Quarterly
Summer 2005

Although he died while free-lancing in Iraq, I am thankful that this great journalist was able to write this book before he left us. It is an extremely interesting look at life in Iraq, the Iraqi people, and the challenges we face there. I'm sorry about his untimely death, and wish he could have stayed around to write many more compelling and inspiring books such as this one. God bless his family and bless the memory of this brave man.

First, let me say that Steven Vincent died for this book. He was murdered because he wrote brutally honestly about the dark underbelly of Iraq, about how here (and much of the Middle East) life is cheap and what passes for culture twists minds and perpetuates continued ignorance in the majority of the populace. Steven is gone now, but his opus is still available and if you only read one book about Iraq in your entire life, then In the Red Zone should be that one book.

I read this book in one sitting, from cover to cover, all 240 pages in the span of about six hours. Everything you need to know about the war, Shia, Sunnis, Kurds, the occupation, what the future could hold - it's in here. The good, the bad and the ugly are all laid out for you. This book will be of equal fascination to both pro and anti-war readers because Steven didn't sugarcoat a thing when he wrote In the Red Zone. He didn't sugarcoat Iraq one iota and he died for it.

Life is cheap in cultures that glorify death. Steven found that out the hardest way. His death has a silver lining - Nour - his brave Iraqi intrepreter. She was shot by the same vicious parasites that killed Mr. Vincent but survived and is still somewhere in Iraq (as far as I know), guarded, silenced or both. Steven and Nour are microcosms of the relationship between America and Iraq. Read In the Red Zone. It will force you to make adjustments to everything you thought you knew. In the Red Zone is Chapter 1 in the story of 21st century. Other Americans and Iraqis will be stepping forward to write Chapter 2. Are you one of them? Which side will you step forward on?

If you're thinking about taking the Security+ exam from the position of a complete newcomer to the field of INFOSEC, then this book is highly recommended. The print quality is not that great, there are a few typos here and there and the humor sometimes gets a little tedious. But look beyond these shortcomings and this book is worth every penny you spend on it. In fact, if the Security+ exam were not as technical as it is, then this book would be the definitive text. The material is laid out in simple language and yet technical details like port numbers are covered nicely. In all, if you are new to INFOSEC, or you just want to be sure of your foundations, then this is a good place to start. For the exam, read this book first and then get Security+ Prep Guide by Ronald L. Krutz and Russell Dean Vines to provide more technical insight. Polish both off with the 100-page study guide that you get with Security+ Transcender and you should have no problems achieving 85% pass mark.

Congratulations to Helen and Tcat, their book is one of the most organized and practical technical books I have ever seen. I has been very useful to study and day-to-day tasks. A very good choice to prepare to Security+ Exam and IT security career.

I like how this book ties in real life examples and stories into its pages. This makes it a bit more interesting read then most dry, boring, and technical books on Security+.

When you are purchasing any can of material you must do your research on the product. Well I did and it has paid off!
You well not find a better book when your pursuing your Security+
certification! This book not only gets you going in the right direction, but the authors have also included links if you want to delve deeper into the particular subject they are addressing.
(I mean they did their research!)
The software they also include in my opinion is just simply one product you just cannot do without!

There are just too many kudos to list!

When purchasing any kind of material you must do your research. Well I did and it has paid off!

This is the book you want to have when you are pursuing your Secutity+ certification!

It has so much information that is presented in a way that makes you want to never let it down!
Not only will you have this wealth of information, but the authors have included so many hyperlinks related to subject they are addressing. This is great for the person that just wants that extra touch!

The tools which they include on the cdrom are just ones you must have! The missus and myself love testing each other.

There are just too many kudos too list!

When you wake up at 4:30 in the morning and start reading you know you have a great book in your hands!

I wanted to write and thank Mr. Walker for writing this book. I worked in Healthcare IT and have a master's degree so I've taken lots of tests in my life .... the series 6 is the most difficult I've taken. However with Mr. Walker's material I passed the first time studying only 3 weeks and taking weekends off. He makes very boring material interesting and you will catch yourself laughing out loud sometimes as his humor. If you want to pass the first or next time you take the series 6 this is a must read.

I consider myself kind of a smart guy, but the Kaplan materials made my brain hurt. I was really suffering through my studying. Then along comes this book with tidbits such as this:
"a variable annuity is really just a mutual fund investment that grows tax deferred."

Oh yeah. Now that makes sense. Why couldn't the competitor products state this so clearly? I read page after page of competitor materials and didn't REALLY understand what an annuity was until I read that one simple sentence I quoted above.

This book is full of this sort of thing. Everything explained so you can actually understand it.

Bottom line: I got a 92 on my Series 6. I'm happy I got this guide.

I'm very happy with the book I received. The information is written in clear, understandable terms. The author discusses what is on the series 6 test and uses examples and humor to help with understanding the concepts, as well as, practice tests. I know I will be able to pass the test after reading this book.

I recently decided it was time to pursue a new career in financial services and in order to do so I needed to pass the Series Six. This is not very easy, in fact, I didn't think I could pass. I failed on the first try and figured I needed something that would help someone like me who has never done this stuff and doesn't speak this languge. In the past, I usually tuned out financial talk.
I got a copy of Pass the 6 because it looked like it was in the language I speak..."human." It was, and it was even funny at times too. Guess what? I passed with flying colors today!!!
The book also covers things that will really be on the test. The other book I used on my first try helped me with about 60 percent of the questions that are actually on the test.
The author acutally answered a few of my questions through e-mail. That's a first!!! I've never been able to chat with the author while I'm reading his book. I really got the sense he genuinely wanted me to pass.
Bottom line, this is the one that will get you the 70 or above you need to pass. The others may, but this one will. I knew none of this before and now I feel like Warren Buffett Jr.!!!

I just took the Series 6 yesterday for the first time, and walked out with a piece of paper that said "pass." This would not have been possible without Mr. Walker's book. I got caught in a situation where I had to take the test much earlier than anticipated, and only had about a week of study time. Using nothing else but this book, I studied for and passed the test. I am absolutely convinced my success is due to this book, which not only gives you practice tests, but presents the information in a non-jargon format so you can actually understand and absorb the knowledge.

Excellent high-lvel book for anyone involved with software development and implementation. This book digs deep with enough details of security in coding and testing practices and how to avoid security related bugs and vulnerabilities. The book also does well in terms of secure coding, white box and black box testing very well.

Few things where this book falls short "Ignorant" to emerging application landscape and the coding complexities in a multi-platform and application integration environment - J2EE, .NET, XML Web Services and SOA. I am sure, the author will agree on those gaps hopefully we see in the next edition of this book.

The book deserves 5 stars for the concepts + illustrations and 3 stars for those keen on development details for distributed applications.

A required reading for anyone involved with software development and implementation. This book drills-down to security in coding and testing practices and how to avoid security related bugs and vulnerabilities. The concepts illustrated on secure coding, white box and black box testing are excellent. As a developer/architect, I thoroughly enjoyed this book and I suggest to everyone who wants to get started on secure coding and testing practices.

Couple of things I QUIBBLE with are... the book does'nt realize the emerging issues and how-to's for build/refactor security for distributed application proliferation as your it - Portals, Web Services and SOA. The way we develop software is changing, the applications are becoming more pervasive and no-longer contained standalone to a system which makes the built-in security brittle impeding the agile business requirements for application/process orchestration, b2b federation and Web based application mashups. I am sure, the author will realize those gaps in the next edition of this book.

Havingsaid - This book is still a must-read for the budding security developer who wants to focus on secure programming and testing.

What is MISSING - You will not find answers for how you do secure web-centric applications, XML Web services - message-level security, identity federation and other b2b application complexities.

Software Security is the best book for learning to integrate security throughout your software development lifecycle. It contains all the security material that is missing from software engineering books. The author understands that your software development lifecycle is different from his, and so focuses on seven touchpoints that can be introduced into any software development lifecycle, instead of attempting to sell you a new lifecycle. He also understands that no matter how important security is to you, you can't change everything about you develop software tomorrow, so he introduces the touchpoints in order of effectiveness based on his extensive consulting experience, starting with tool-assisted code reviews and architectural risk analysis.

If you're a software developer, Software Security is an essential book to have on your shelf, and you'll also want a secure programming book like Secure Programming with Static Analysis (Addison-Wesley Software Security Series) or the author's own Building Secure Software: How to Avoid Security Problems the Right Way.

The root cause of many security vulnerabilities is poorly written software. Often, software applications are written without security in mind. The logical, yet elusive, solution is to ensure that software developers are trained in writing secure code.

Software Security: Building Security In is a valiant attempt to show software developers how to do just that. The book is the latest step in Gary McGraw's software security series, whose previous titles include Building Secure Software and Exploiting Software.

In past decades, writing secure code was left to the military and banking industry. Today, with everything on networks, all sectors must get into the act.

Much of the problem is that organizations target their security elsewhere--specifically on networks--rather than on software. But so many malicious attacks are directed at software that it is foolish to leave this vulnerability exposed.

McGraw goes into detail not only about writing secure code but also about key related areas, which he terms "the seven touchpoints of software security."

These points comprise code review, architectural risk analysis, penetration testing, risk-based security tests, abuse cases, security requirements, and security operations. A major portion of the book effectively discusses these "touchpoints," making the work a recommended tool for inculcating software developers with a security mind-set.

I read six books on software security recently, namely "Writing Secure Code, 2nd Ed" by Michael Howard and David LeBlanc; "19 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega; "Software Security" by Gary McGraw; "The Security Development Lifecycle" by Michael Howard and Steve Lipner; "High-Assurance Design" by Cliff Berg; and "Security Patterns" by Markus Schumacher, et al. Each book takes a different approach to the software security problem, although the first two focus on coding bugs and flaws; the second two examine development processes; and the last two discuss practices or patterns for improved design and implementation. My favorite of the six is Gary McGraw's, thanks to his clear thinking and logical analysis. The other five are still noteworthy books. All six will contribute to the production of more security software.

Gary McGraw's book gets my vote as the best of the six because it made the biggest impact on the way I look at the software security problem. First, Gary emphasizes the differences between bugs (coding errors) and flaws (deeper architectural problems). He shows that automated code inspection tools can be applied more or less successfully to the first problem set, but human investigation is required to address the second. Gary applauds the diversity of backgrounds found in today's security professionals, but wonders what will happen when this rag-tag bunch (myself included) is eventually replaced by "formally" trained college security graduates.

Second, Gary explains that although tools cannot replace a flaw-finding human, they can assist programmers trying to avoid writing bugs. Gary is the only author I encountered who acknowledged that it is unrealistic to expect a programmer to keep dozens or hundreds of sound coding practices and historical vulnerabilities in his head while writing software. An automated tool is a powerful way to apply secure coding lessons in a repeatable and measurable manner. Gary also reframed the way I look at software penetration testing, by showing in ch 6 that they are best used to discover environmental and configuration problems of software in production.

Third, Gary is not afraid to point out the problems with other interpretations of the software security problem. I almost fell out of my chair when I read his critique on pp 140-7 and p 213 of Microsoft's improper use of terms like "threat" in their so-called "threat model." Gary is absolutely right to say Microsoft is performing "risk analysis," not "threat analysis." (I laughed when I read him describe Microsoft's "Threat Modeling" as "[t]he unfortunately titled book" on p 310.) I examine this issue deeper in my reviews of Microsoft's books. Gary is also correct when he states on p 153 that "security is more like insurance than it is some kind of investment." I bookmarked the section (pp 292, 296-7) where Gary explained how the "19 Deadly Sins of Software Security" mix "specific types of errors and vulnerability classes and talk about them all at the same level of abstraction." He's also right that the OWASP Top Ten suffers the same problem. Finally, Gary understands the relationships between operators and developers and the importance of security vocabulary.

I was pleasantly surprised by "Software Security". I reviewed an early draft for Addison-Wesley and wondered where the author was taking this book. It ended up being my favorite software security book, easily complementing Gary's earlier book "Building Secure Software." In my opinion, Gary is thinking properly about all the fundamental issues that matter. This book should be distributed to all Microsoft developers to help them frame the software security problem properly.