Internet Books

As a graphic designer who does web sites only occassionaly, I use my manual extensively when I forget a Dreamweaver technique. It's easy-to-understand, clear content is a great guide.

As a novice web page designer, this manual provided detailed, hands-on instructions that were easy to follow on everything from basic page creation to adding more complex design elements. The manual's format and structure is easy to follow and was valuable both as a primer becoming familiar with the software, and as a reference tool now that I've become more comfortable with the software. A great, practical resource for anyone using Dreamweaver.

the book gives you step by step (hence the name) commands to work on your own to create your own web sites. I was able to do it, although the complexity of the program precludes it from being effortless (would that it were). And the manual didn't have dummies in the title. Boy did i feel smart

I've used this manual extensively to create my own website and I refer to it over and over again for quick reminders on the Dreamweaver application. I had first purchased "Dreamweaver the Missing Manual" and "Dreamweaver Visual Dictionary" but found this Noble Desktop manual easier to follow. It has concise instructions and tutorials that are very useful and needed knowledge when designing in Dreamweaver. Whether you are looking for just a basic intro or a more indepth look at some of the bells and whistles of Dreamweaver, this manual is a must have.

I was also able to attend a tutorial session by the folks at Noble Desktop and I have to say that they are very thorough and consise in their direction for people like me who have always had a problem with this particular program. I was even able to go home and follow the easy step by step directions that are illustrated in the training books. They are highly recommended.

This workbook is a great learning tool if you're just starting out in flash. There is a cd included that has files and activities for you to work from. The book is very clear and gives you helpful tips throughout. You'll learn the very basics from using the tool palette to applying sound and inserting video. Overall, well worth the money.

Just like the classes given at Nobledesktop, the training manual is straightforward and easy to understand and follow. The exercises are practical, giving you the tools to get up and running quickly and to accomplish tasks that you will use daily in real life Flash production. Heavily illustrated. Gives instructions for both MAC and WINDOWS users.

After struggling forever with Flash, I just wanted a book that explained everything in a straightforward manner. I didn't want to read a 500 page manual to get what I wanted. This book was exactly what I needed. It's not that long, and just tells you what to do to make a simple animation. Basically it walks you through a lot of great examples and once you're done you can go do your own stuff. I feel like I *finally* get this program!

When I found out Doug and Deepa were writing the Flex book for Dummies, I'll admit I was shocked. These two people could easily write the most advanced book on Flex, but a book that by default of its expert level would have been accessible by few.

With so much Flex knowledge in their heads, can this really be a book for dummies? Yes, it can. I'll prove it with a quote from the book. In Chapter 16 (Custom Components and Component Architecture), Doug and Deepa explain how to make a custom component in MXML, not ActionScript. You'll find this little gem in the "Choosing between MXML and ActionScript" section:

"Because creating ActionScript components is an advanced topic (we could write a book on it!), we cover only MXML components in this chapter."

They know their audience and thankfully take it easy on them. The writers gives a taste of Flex's greatness, without getting too deep into all the complex magic that happens behind the scenes.

Anyone looking to get up to speed on Flex would do good to pick this up. After you get comfortable with the basics, go check out the authors individual blogs for more advanced information.

I took my copy of the book into the office, where it was rather quickly "borrowed" by a coworker. I'll likely have to buy another copy just to have at home, where no one can "borrow" it. :)

I want to be clear that I know Doug and Deepa on a personal level. They speak at my conferences and participate in my user group. Does this make my review biased? No. Instead, it gives me insight into their personalities. It helps me understand why they spent so much of their precious time to make life easier for those just getting started with Flex vs those advanced enough to find their own way. Although, I say they still should write an advanced book. If they get started now, it should be done when the buyers of this book are ready for something a bit more advanced.

Doug and Deepa are incredible! They're superstars in the Flex development world, and experts in the field!

They break Flex down into manageable bits and very clearly explain it. I can't imagine anyone better to learn Flex from than these two!

The authors have done a superb job creating Flex for Dummies 3.0. It will be a great asset for beginning Flex developers. The book can be read from front to back - giving an over view of all that Flex has to offer - or as a desk reference to be used while working. I particularly appreciate the 'Remember' and 'Warning' sections, since they point out some of the nuances of working with such a powerful language.

While most likely regarded as a beginners book, there is probably plenty here for a moderately experienced developer to work with. Chapter 16, on Custom Components and Component Architecture has been invaluable while trying to build more complex components.

As Flex grows in popularity, there are more and more resources popping up. While this is great, it is also becoming more difficult for developers to sift through it all and find the answers to their questions - Flex 3.0 for Dummies can provide many of these answers... on your REAL desktop.

As one of the Product Managers for Flex at Adobe, I am often asked for pointers to resources to learn Flex. Flex is admittedly a complex set of tools, and even with our excellent documentation and resources it can be a bit overwhelming. Adobe Flex 3.0 for Dummies is a great resource for those looking for a one-stop shop to get started. The basic underpinnings of the languages are explained, the basics of using Flex Builder are right up front, and you get a really great high-level overview of everything Flex can do.

If you've been intimidated in getting started with Flex, I highly recommend this book.

"Advanced Sharepoint Services Solutions" is the second book by Scott Hiller, on Sharepoint Technologies. The first one was about building basic web parts. This book is for developers who have good knowledge of Sharepoint technologies. It is also assumed that you have already built some web parts and also have good understanding of .NET development. If you are looking for basic Sharepoint stuff, refer to his other book "Microsoft Sharepoint Building Office 2003 Solutions".

The Advanced book is not a complete reference on Sharepoint technologies. Instead it contains 8 chapters, which covers widely different areas. There are few chapters which are not covered by other Sharepoint books. This book is good source for CAML, Information Bridge Framework, Business Scorecard Accelerator, Sharepoint and BizTalk Integration, and for Sharepoint and Content Management Server Integration.
Since these topics are usually not covered in regular Sharepoint books, it becomes good source for these topics.

The book has good amount of source code (in C#) along with the text and provides some great ideas for system integrations. But as I said before it is not a complete reference book, just some great solutions for customizing and integrating Sharepoint technologies.

Well, so Hillier's first book on SharePoint wasn't enough for some readers! Apparently, he found demand for explanations of broader, more advanced usages, that he furnishes here in this book.

Perhaps the more important of these are discussed in the second half of the book. Microsoft has developed several other intricate applications, independently of SharePoint. But consider how it integrated the various parts of its Office suite, so that you can easily go from Excel to PowerPoint, say. In similar wise, Hillier explains how SharePoint is compatible with Information Bridge Framework, Business Score Cards Accelerator, BizTalk Server 2004 and the Content Management Service. Granted, none of these is as successful and widespread as something like Excel. These packages are far more specialised and their usages might often involve some programming effort. Thus too, using SharePoint with them also necessitates programming.

Ok, there are parts where you might pass an XML data file to an application, where this file tells it much of what you want it to do. And the XML approach is declarative, not procedural, so it minimises your programming effort. But typically, there are places where you still need the latter.

My impression of what Hillier describes is that Microsoft is not done with further refining of this integration. There are simply too many low level programming steps to be currently dealt with. No fault of Hillier's, naturally. He's calling it as it is. But let us hope that Microsoft continues improving these products.

Scot Hillier is the best SharePoint author - period.

For example: developers need to write web parts. Web parts are custom controls. Can't view a custom control at design/development time, right? Need to install it into SharePoint, run it, test. Right?

Wrong! Scott shows you how to design, develop, and debug at design-time. This little tidbit alone is worth the price of the book.

All of his books will help you become the best SharePoint developer out there.

Sharepoint is so confusing when you get into the backend and this book answered almost all of my questions. Best book I've found. You can tell the author spent a lot of time digging around in the guts of SP and was probably as frustrated as most of us are trying to figure out how to do the simplest of things. Small book, high price. WORTH IT.

When I first saw that this book was coming to light I had mixed feelings. On one hand, I was hunger for more testing knowledge, both theoretical and practical. On the other hand, I am always apprehensive when books talk about tools. However, the book impressed me as a comprehensive guide to Online Testing. And when I read the following (p.18), I was sure the book is what the market needs:

"The important thing to keep in mind is that the Google Website Optimizer is a tool. (...)It cannot do your thinking for you. It cannot plan your tests. It cannot produce the creative. It cannot interpret your results beyond demonstrating numerical significance and confidence. These things are up to you. If you want the tests you run on the Google Website Optimizer to be meaningful and to provide the intelligence you need to make well informed marketing decisions, then this is the book you need."

The authors cover very thoroughly the Why, the What, and the How of Online Testing. All you need to know from the value of testing to how should you get started. The examples are very enriching and illustrate the power of testing and the bottom line: Testing = $$$.

Part I covers the Why; the authors delve on the power of testing and provide some amazing examples of it (including a masterpiece on Amazon's testing efforts). In addition they walk us through the Google Website Optimizer and provide powerful tips on the tool.

Part II covers the What and the How; the chapters are structured in a very actionable way: "Questions to ask", "Exercises", "What to test", and "Apply this to your site". As you read you can implement the tips instantly. A few examples of what to test are: usability, look & feel, searchability, product presentation, up-sell/cross-sell......

Part III covers some technical aspects of testing. The authors provide interesting information about Google website Optimizer scripts, statistical tests, and other special issues.

*The book is well structured, insightful and action oriented: exactly as online marketing should be! I warmly recommend it.*

I like to pick up marketing and business-technical books as much as I can, and read them in the evening to get ideas for improving my small business. Usually I get books from my local public Library (sorry Amazon) but this book was not available there. I'm extremely glad that I bought the book, because it is going to be living on my desk for the next year, not collecting dust on a shelf now that I've read it.

I had heard of Google Website Optimizer before but I had been a bit daunted at the idea of "optimizing" my website. What am I supposed to optimize, and why? This book is really everything I need to get going. The reason that I want to keep this book around is that there is just too much information to work with in one sitting. Each time I am ready for a new test, I will turn to this book for some ideas of what to try, and what variations might be good to try. For each area there are dozens of URLs of articles that are relevant to that kind of test, and I will be visiting those URLs when I am ready for that test. (No point in visiting them yet, there is just so much information.)

This book, then, is not just a tutorial or a technical manual, but an entire *curriculum* of website testing.

But it's more than that. If I'm going to be attempting to improve some aspect of my website, it would be useful to have some useful hypotheses of what might be an improvement; making shots in the dark isn't likely to be as effective. The WIIFM chapter reiterated many of the concepts I had read about in other books (such as types of website visitors) but this is the only book I have seen to actually have some suggestions for how to actually address these visitor types on your landing pages.

So I have to think of this book as a great *marketing* book, not just a great book about Google Website Optimizer.

As someone who has spent some four decades in direct response advertising, I know the value of testing. Like all successful ad people and many successful marketers, I have read and re-read the classic, "Scientific Advertising" by the great Claude Hopkins. It's a classic --- even to this day. Of course, it's quite dated.

Fast forward to "Always Be Testing" by Bryan Eisenberg and John Quarto-vonTivadar with Lisa T. Davis. This book brings Hopkin's important work into the modern age and again puts testing to the forefront, where it belongs. And no one is better qualified to write the book than Eisenberg.

The authors explain Google Web site Optimizer in detail. They show how to use it and how to perform your Web site tests. They discuss the A/B test and the multivariable test. But they go beyond that. They tell you what to test and how to test.

Moreover, they go beyond Google Web site Optimizer and discuss other things to test. All of this information will help you to get far more conversions. With all we have at our fingertips, not testing is just inexcusable.

In my opinion, this book is a modern day classic and is as valuable to our time as Hopkin's book was to his. I hope all my clients read this book and absorb it. I hope they put it into practice.

I've had many experiences when I didn't like the copy I wrote and yet it worked exceedingly well when it went live or, if direct mail, was sent out. I've also had clients who didn't like the copy I wrote for them but I'd tell them to test it. When they did, it succeeded beyond their wildest dreams.

So testing is key to success in marketing. This book is a must-read if you intend to be successful in your online marketing. I highly recommend it to you.

- Susanna K. Hutcheson

Watch Video Here: http://www.amazon.com/review/R31GB8LIZ6HPKQ This book has everything you need to know, and more, about how to do a/b testing that actually works for you. Serious marketers and anyone else who does any type of selling online needs to have this book memorized. Imagine if you read this book and converted 1% better? What would that mean in profit to you for an inexpensive book?

The book was band new just like the seller said and arrived in a timely manner. I would buy from this seller again.

I used this book in my introductory level computer science course. I found this book to be an essential tool in my early undersanding of how computer works in general and more importantly how to develop working algorithms. This book is well designed and easy to read and easy to understand. This book comes with a CD ROM. I believe this is the key feature to this book. On the CD ROM there are emulators of various computer operations. (eg. Compiler tree breakdown, and many other emulators. An Excellent book!

Deckers gives you a concise tour of computer science. Not enough to turn you into a programmer, given the space limitations of the book. But he covers many key ideas in the field. Including Usenet, email, virtual communities [think Second Life], and the World Wide Web. Naturally, he has to explain HTML, as the graphical language of the Web. HTML is so simple that he essentially explains all its important points. Including the crucial hyperlink tag.

The book then segues naturally from HTML to XML. Where you can now write your own tags. Immensely flexible and popular.

It is only after this, that the book goes into the traditional topics of computer science. The explanations of what makes a programming language. He uses JavaScript as one example of such a language. So you learn about constructs like for loops, if-else and while statements.

The book is really dominated by the Web. The pedagogy stresses this.

This book is one of the two texts in FSU's COP 3502: "Introduction to Computer Science" course (a required course in their Computer Science degree). As the authors state in the preface, they "wanted to design a 'CS 0' course that was a true survey course." They did an excellent job. Basically, they start with the assumption that the reader has never turned on a computer in his life and take him through its history, how to use it, what programming is about, and how the hardware works. They even teach a bit of HTML and JavaScript. There's very little I can say that is bad about the book. It comes down to some typgraphical errors, an incorrect web address for the online portion of the book (easily figured out from the page their web address takes you to), and my belief that they took out too many steps in describing computer switches, gates, and circuits. Frankly, I'm amazed that they reasonably went from a neophyte level to a fully-grounded level in one book. I rate it as 5 stars out of 5.

I think it is a much needed and valuable item that every Internet connected animal lover should own. This book gives greaet Internet addresses. It has everything you need to spend many hours of fun and discovery on the Internet with other animal lovers!

The Animal Lover's Guide To The Internet includes nearly 600 Web site addresses and decriptions. In addition, Bonnie included several chapters in the book to help newcomers. The first time I attempted to get on the Net, I felt like I was lost in the twilight zone. Nothing made sense and the books I read on the subject just confused me more. This book is written in simple, easy to understand language and is focused on getting you up and running quickly and painlessly!

An excellent reference guide for animal lovers to the world of Internet in six easy steps to the site of general interest, health, chats, newsgroups and on-line publications about birds, cats, dogs, fish, rabbits, reptiles, horses and even dinosaurs.

First of all, the cover illustration by Bonnie Shields is adorable. Aptly depicted animals gathered around a computer monitor are a visual treat. Look for the cat that is curled around the monitor's base. He is shown rather true to form. The inside illustrations by Sharon Redfield are charming and show an eye for detail. This is a great gift for the animal lover in your family or circle of friends. More so if that animal lover is yourself. Happen to have one or more grandchildren or a niece or nephew with a computer? Animal lover or not, this book would constitute a wonderful study tool. As a comprehensive, yet easy to understand manual for everything from choosing the right computer, accessing the Internet, to fossil hunting, this book excels. The author's words are friendly, warm and serve as the wisdom of a knowledgeable friend. I feel this makes for a perfect package. Well organized, with more than 500 Internet addresses for you to explore, you will find the material broken down into easy to understand classifications. Have fun reading and exploring. I did!

Hopkins' Applescripting QuarkXPress - It's really nice book including a lot of good examples. And I think there's no applescript book specially relating to quark. So I can tell this book is really cool choice to make script for quark. But it's not good for beginner. If you have experience in programming, you can refer applescript manual from web site with this book. You can do something like me.

It doesn't get any better than this. I even learned some things about AppleScript that I didn't know before. Between the instructions and examples in the book and the scripts on the CD, you should be able to AppleScript anything that's scriptable in Quark with this book. I also like chicken and tacos, but not chicken tacos.

If you want to script quark then this is THE book to own. I hadn't done any scripting before and the literature from quark is pretty useless for beginners. This book has taken me in wonderfully easy and well explained steps, from a beginner to an extremely proficient user. For quark it is invaluable, and by working through it also helps you understand how applescript structures itself,making it much easier to learn how to script other applications. To put it in a nutshell, this book was for me what the discovery of making fire was to the cavemen.

I found this book to be an excellent source to Applescript in QuarkXPress. It gives tons of examples along with a CD. Without this book I wouldn't have been able to figure out the sentence structures in Script Editor for the goals I wanted to accomplish. Thanks Shirley!

Our publisher sent me a copy of Raffael Marty's Applied Security Visualization. This book is absolutely worth getting if you're designing information visualizations. The first and third chapters are a great short intro into how to construct information visualization, and by themselves are probably worth the price of the book. They're useful far beyond security. The chapter I didn't like was the one on insiders, which I'll discuss in detail further in the review.

In the intro, the author accurately scopes the book to operational security visualization. The book is deeply applied: there's a tremendous number of graphs and the data which underlies them. Marty also lays out the challenge that most people know about either visualization or security, and sets out to introduce each to the other. In the New School of Information Security, Andrew and I talk about these sorts of dichotomies and the need to overcome them, and so I really liked how Marty called it out explicitly. One of the challenges of the book is that the first few chapters flip between their audiences. As long as readers understand that they're building foundations, it's not bad. For example, security folks can skim chapter 2, visualization people chapter 3.

Chapter 1, Visualization covers the whats and whys of visualization, and then delves into some of the theory underlying how to visualize. The only thing I'd change in chapter 1 is a more explicit mention of Tufte's small multiples idea. Chapter 2, Data Sources, lays out many of the types of data you might visualize. There's quite a bit of "run this command" and "this is what the output looks like," which will be more useful to visualization people than to security people. Chapter 3, Visually Representing Data covers the many types of graphs, their properties and when they're approprite. He goes from pie and bar charts to link graphs, maps and tree maps, and closes with a good section on choosing the right graph. I was a little surprised to see figure 3-12 be a little heavy on the data ink (a concept that Marty discusses in chapter 1) and I'm confused by the box for DNS traffic in figure 3-13. It seems that the median and average are both below the minimum size of the packets. These are really nits, it's a very good chapter. I wish more of the people who designed the interfaces I use regularly had read it. Chapter 4, From Data to Graphs covers exactly that: how to take data and get a graph from it. The chapter lays out six steps:

1. Define the problem
2. Assess Available Data (I'll come back to this)
3. Process Information
4. Visual Transformation
5. View Transformation
6. Interpret and Decide

There's also a list of tools for processing data, and some comparisons. Chapter 5, Visual Security Analysis covers reporting, historical analysis and real time analysis. He explains the difference, when you use each, and what tools to use for each. Chapter 6, Perimeter Threat covers visualization of traffic flows, firewalls, intrusion detection signature tuning, wireless, email and vulnerability data. Chapter 7, Compliance covers auditing, business process management, and risk management. Marty makes the assumption that you have a mature risk management process which produces numbers he can graph. I don't suppose that this book should go into a long digression on risk management, but I question the somewhat breezy assumption that you'll have numbers for risks.

I had two major problems with chapter 8, Insider Threat. The first is claims like "fewer than half (according to various studies) of various studies involve sophisticated technical means" (pg 387) and "Studies have found that a majority of subjects who stole information..." (pg 390) None of these studies are referenced or footnoted, and this in a book that footnotes a URL for sendmail. I believe those claims are wrong. Similarly, there's a bizarre assertion that insider threats are new (pg 373). I've been able to track down references to claims that 70% of security incidents come from insiders back to the early 1970s. My second problem is that having mis-characterized the problem, Marty presents a set of approaches which will send IT security scurrying around chasing chimeras such as "printing files with resume in the name." (This because a study claims that many insiders who commit information theft are looking for a new job. At least that study is cited.) I think the book would have been much stronger without this chapter, and suggest that you skip it or use it with a strongly questioning bias.

Chapter 9, Data Visualization Tools is a guided tour of file formats, free tools, open source libraries, and online and commercial tools. It's a great overview of the strengths and weaknesses of tools out there, and will save anyone a lot of time in finding a tool to meet various needs. The Live CD, Data Analysis and Visualization Linux can be booted on most any computer, and used to experiment with the tools described in chapter 9. I haven't played with it yet, and so can't review it.

I would have liked at least a nod to the value of comparative and baseline data from other organizations. I can see that that's a little philosophical for this book, but the reality is that security won't become a mature discipline until we share data. Some of the compliance and risk visualizations could be made much stronger by drawing on data from organizations like the Open Security Foundation's Data Loss DB or the Verizion Breaches Report.

Even in light of the criticism I've laid out, I learned a lot reading this book. I even wish that Marty had taken the time to look at non-operational concerns, like software development. I can see myself pulling this off the shelf again and again for chapters 3 and 4. This is a worthwhile book for anyone involved in Applied Security Visualization, and perhaps even anyone involved in other forms of technical visualization.

When security professionals are dealing with huge amounts of information, and who is not nowadays, correlation and filtering is not the easiest path (and sometimes enough) to discern what is going on. The in-depth analysis of security data and logs is a time consuming exercise, and security visualization (SecViz) extensively helps to focus on the relevant data and reduces the amount of work required to reach to the same conclusions. It is mandatory to add the tools and techniques associated to SecViz to your arsenal, as they are basically taking advantage of the capabilities we have as humans to visualize (and at the same time analyze) data. A clear example is the insider threat and related incidents, where tons of data sources are available.

The best sentence (unfortunately it is not an image ;) that describes SecViz comes from the author:
A picture is worth a thousand log entries.

This is a great book that joins two separate worlds, visualization and information security (infosec). The first chapter is an excellent introduction to the human perception system, its basic principles, and how we analyze, discern, and assimilate information. It is an eye opener for those new to the field. Chapter two is similar from an infosec perspective, and summarizes the main challenges and data sources, such as packet captures, traffic flows, and firewall, IDS/IPS, system, and application logs. The third chapter details different graph properties and chart types, including some open-source and online tools for chart and color selection. Although we (infosec pros) are familiarized with link graphs to represent relationships between botnet members or hosts, the book provides a whole set of charts for different purposes; one of the most useful types, and we are not very used too it in the security field, is treemaps. The chapter includes a really useful table to select the right graph based on the purpose of the analysis and the data available.

Then, the previous chapters are smoothly mixed together through a reference methodology that defines what is the problem to solve, and the process to manipulate the available data and generate a (or set of) graph(s) that allow gathering relevant conclusions and answers. The methodology is complemented with an introduction to the standard Unix-based text processing tools (grep, awk, Perl, etc). This methodology is later on applied, with a strong hands-on and how-to spirit, to an extensive set of common security use-cases, such as the perimeter threat, compliance, and the insider threat.

The perimeter chapter offers a deep insight into common attack scenarios, such as worms, DoS or anomaly detection, and operational tasks, like firewall log and ruleset analysis, IDS tuning, or vulnerability assessments. I could never forget how useful were SecViz techniques for anomaly detection on a huge DNS-related incident I was involved about 5 years ago. Thanks to the performance and statistical graphs we had available at that time, we were able to easily identify and solve a very complex and critical security incident.

When I saw this chapter included a wireless section I got really excited due to personal interest. However, I was disappointed as it was just a couple of pages. I think it could be extended to gather a whole set of useful information about complex wireless attacks and client and access points relationships, just by inspecting the different 802.11 management, control, and data frames, and even radio-frequency signals (from a spectrum analyzer). SecViz opens the door to a whole new wireless research area!

The compliance chapter offers a whole methodology to check and manage regulations, control frameworks, auditing, and risk monitoring and management from a visual perspective.

The same applies to the insider threat chapter, as it provides an impressive framework, not only visualization-based, to deal with malicious insiders. It is based on setting up scores for certain behaviors and activities (precursors), generating lists of suspicious candidates, and apply thresholds to accommodate exceptions. It also contains an extensive and directly applicable precursor list at the end to detect suspicious insider activities.

Finally, the book contains a whole chapter, full of references and comparison tables, of open-source and commercial visualization tools and libraries that allow the reader to select the appropriate tool for specific tasks and scenarios.

Although the book hands-on component is very significant, with lots of detailed examples of commands, scripts, and tool options to generate the different graphs, I would have liked to see a thorough usage of the how-to portions, as for some sections there are no specific details about how the graphs have been generated. The book layout makes it the perfect candidate to become a fully interactive technical book. I would suggest to add (for a 2nd edition ;)) practical sections to each chapter where the reader could reproduce all the steps discussed. The book CD is the perfect tool to provide the reader with all the (sanitized) data sets and logs used to generate the graphs, and even allow to include some challenges where the reader needs to analyze the data and answer some questions after generating the appropriate graphs.

To sum up, this book is a mandatory reference for anyone involved in the operational side of infosec, doing intrusion detection, incident handling, forensic analysis, etc, and it can be applied to both, historical analysis and real-time monitoring. Additionally, I found it useful too for auditing and pen-testing professionals, as it provides great tips to generate relevant and efficient graphs for the associated reports.

The accompanying DAVIX Live CD is an excellent resource to start applying the techniques covered throughout the book through open-source tools, SecViz is the Web portal to expand your knowledge on this topic, and AfterGlow is (one of) the most relevant SecViz open-source tools.

Applied Security Visualization (ASV) is a pioneering book in the emerging field of using visualization techniques to explore and represent data from a security perspective. Many security products - everything from intrusion detection systems, firewalls, SIM's, and AV software - offer methods for visualizing data they collect, but no single product has the ideal visualization interface (whatever that is). A main theme in ASV is to impart the reader with the knowledge and skills necessary to ask new questions about security data (such as a set of IDS event logs or application logs) and show the reader how to visually represent the answers to these questions. If a commercial interface has not been designed to visualize a data set in a particular way, ASV introduces tools and techniques to frequently make this possible. For example, common visualizations of firewall logs involve source and destination IP addresses and port numbers, but suppose that you want to create a link graph that involves source and destination IP addresses graphed against the TTL value in the IP header? The information in ASV makes this a snap.

At many points ASV deals with custom data parsing with invocations of clever one-line perl commands, and being a perl hacker myself, these examples are of particular interest.

The discussion in ASV is firmly grounded computer security, and many important security questions are raised along with motivating examples. For instance, a nice example is given for visualizing all outbound connections made from a laptop and differentiating these connections based on whether they are sent over the Tor network for strong anonymity. Additional examples include using visual techniques to detect outliers, combining multiple data sources, using visual aids to assist with regulatory compliance (by quickly conveying meaningful security data to auditors), and much more. One graphing type, invented by Ben Shneiderman, is the Treemap and several examples of its usage are presented. While Treemap graphs are perhaps not intuitively obvious, ASV makes a strong case for why they should be included within your visualization arsenal. A particularly good example is presented in Chapter 6 on using Treemap graphs to visualize vulnerability data provided by Nessus.

Although I'm not an expert in visualization, I have worked in the field of computer security for over ten years, and have written books on the subject (concentrating on intrusion detection systems and firewalls). I gave ASV five stars because it arms the reader with the knowledge required to produce custom visualizations that may not be addressed by any particular tool. This is much more powerful than presenting some specific software and associated (fixed) parser. Security is a process, and ASV provides a foundation for the effective inclusion of visualization techniques in the constant fight to secure computing systems and networks.

Marty explains how to analyse computer security logs using visualisation. The problem is that the logs can, and in fact usually do, become voluminous. You, the sysadmin, then have the uneviable task of manually plodding thru megabytes of text in a log file, looking for possible cracker probes or even actual successful intrusions. As Marty points out, if you can somehow display the data in a concise visual format, then you can take advantage of the high bandwidth of the human eye and the wetware pattern recognition that it is connected to in the brain.

So what display methods are there? Well, the text goes over principles known to graphics artists, but perhaps not as well bruited amongst sysadmins. Basically, you have a two dimensional area, like a computer screen, in which to show data. By judicious use of colour, shape and movement [and some other means] you can extend the effective dimensionality of the graph.

The book talks about various graphs. Describing the limitations of the simple pie, bar and line graphs. More versatile are the scatterplot and cluster graph. The latter lets you show a "graph", in another meaning of the latter word as a connected [perhaps via directed arcs] set of nodes.

The example data are drawn from typical internet logs, like those output by a packet sniffer or by a web or mail server. The logs look at different levels of the Internet Protocol stack. The web and mail server logs sit at the application layer.

Also useful is Marty's survey of open source and commercial plotting packages. The book's CD has a collection of the former. You should consider whether an existing package is suitable for your needs. Much quicker to adapt one, than to code a graphics program from scratch.

It goes into the basics of bandwidth calculation, leading up to the technologies used to support the different kind of services.

If one were to look for a good read, this book is a good start for a newbie.

This book could be used as a pre-cursor to an indepth research into new technologies.

ADSL, ATM, ISDN is mentioned in the book.

Lastly, this book is not drab and has some humour in it.

Before I started reading this book I had some idea about ATM. Author explains from scratch giving good background about basic communication systems and then starts with why ATM? ,ATM protocol ,reference model and AALx. Finally covering the current trend in home computing . In generally this book is good start for the people who knows IP and whats to know about ATM and this is a good self study book.

I am an Telco engineer implementing adsl and cable modem networks for broadband access service in China. The book came just in time for me because my company is in the stage of building an ATM network providing service like Internet surfing and experimental vod etc via adsl and cable modem. And this book has given us quite clear an infrastructure for the practice.

I am a teacher and consultant to the telecom industry. I bought the book to sharpen my skill set and increase literacy. I was most impressed with Mr. Kwok's ability to take a highly technical subject and break it down understandably. The end result is that both the "techno-literati" and the "average Joe" are well-served. Mr. Kwok apparently is one of us "techies" who also paid attention in writing class. Kudos for an excellent reference work.

Don Gilbert M.S. DG Consulting