Internet Access Books

I finally picked up this book last year and throughoughly enjoyed it. I keep referring to it because the examples build up to the point of qualified proof of concept. The examples also are different enough from the other ones that are easy to find with Google, so between the two you get a complete view of the vulnerable issue.

The book's title should be obvious enough; this is NOT a book of defenses. However, if you understand these attacks you will be better equiped to deal with them when they happen. This book is no replacement for hands-on training in person with a qualified instructor such as at the SANS Institute, but it is an excellent supplement.

Its a great place to start...and works its way through some pretty indepth concepts. The great part is that for the beginner it is step by step....and they tell you were to download everything you will need. Anyways loved it, read it twice.

I have been around the software industry now for almost 20 years and every now and then I find a book where I learn exciting things, this is one of those books. It reminds me of the early days of low level Windows programming but with very up to date information on the OS and how to apply it. The book is obviously designed to attract hackers - both black and white hats - however it does do a good job diving on the internals of the Posix and Windows subsystems. If you like low level stuff this book is for you.

Not an easy read if you're not already familiar with programming and operating system concepts, but then if you are an IT security professional you'd better be, and the book explains why.

I read Rootkits: Subverting the Windows Kernel last year, but waited until I read Joseph Kong's Designing BSD Rootkits before reviewing both books. In a head-to-head comparison, I thought Kong's book was easier to comprehend and directly covered the key techniques I wanted to see. If I could give this book 4 1/2 stars I would, but Amazon doesn't allow that luxury.

Hoglund and Butler should be commended for writing this book. It really does assemble the parts (meaning techniques and code) necessary to implement a Windows rootkit, at least prior to Windows Vista. My only concern is that, at times, the authors are not as clear as I hoped they might be. This is probably due to the fact that they are two of the best rootkit writers on the planet, so they probably do not remember what it was like to not understand "hooking" and other techniques.

In some ways Rootkits is probably a book best suited for other experts (like many who wrote reviews here). That leaves beginners (like myself) wishing for a little more foundation or direct language prior to reading about implementation tricks.

One of the greatest strengths of this book, however, is the degree to which it exposes the internal workings of Windows. For greatest effect it's probably worth reading Microsoft Windows Internals, Fourth Edition by Russinovich and Solomon first.

Note that although I found the direct approach of the BSD rootkits book better for my learning style, this book by Hoglund and Butler is deeper in several areas. In fact, those who liked the BSD rootkits book would do well to read its Windows counterpart to learn tricks from Hoglund and Butler.

Real 802.11 Security is a very well written book and gives the reader a very good background about Wifi security. It perfectly explains why WEP is not a good protocol and shows how WPA and RSN works.

Edney tackles quite a broad topic, but does well with remaining focused and developing the topic from a novice understanding of wireless security to in-depth discussions down to the packet level. With the range of the topic, the book could have easily been written *only* for the novice or specifially for the computer professional, but Edney manages to hit both audiences; not a small feat when writing a computer-related book.

I would definitely recommend this book to anyone interested in understanding why wi-fi networks are vulnerable (more so than traditional wired networks) and in learning more about wi-fi security solutions.

Hello,

I am reading this book and it is helping me a lot with my certification towards the CWNA, the material is very good, explanations are clear and the author has a very easy way to control the reader and explain the things that are sometimes hard to see. This book is a very good reading, i would suggest for whoever is starting on Security to read it, it even makes some humoristics comments during the book. Awesome, 5 stars material !
thanks a lot,

The author really knows what he is talking about. The layout of content shows his strong logical reasoning. He answers almost all questions a curious engineer would have.

Outstanding book, not just for wireless security but for encryption in general. Very clear explanations, chapter on why WEP failed is the best explanation I have read. Also very clear on how EAP, TLS, TKIP, WAP and the rest of the protocol soup relate to each other. I even appreciated the attempts at humor - my style, a bit dry.

This was a great find. I just wish I had read it sooner. There are things in here that every Access developer should read. Lots of good advice, techniques, and code samples. Very well-written and easy to follow. Right to the point. I especially appreciate the humility that Garry shows in his writing. He obviously knows more than most about Access, yet he gives credit where it is due and provides lots of links for the reader to go out and get the background themselves.

I have read some of the other (excellent in their own right) big books on MS Access, and there were a couple of "non-security" things in here that I did not find elsewhere (not to mention the security issues that were new to me). I highly recommend this book for anyone who may be creating a multi-user database.

Gary Robinson is a master at Access security and this book proves it! This is one of the books that stays on the shelf close to me when I am developing. It has great resources for setting up different types of security and he provides forms and code to help you develop security based on your needs. I highly recommend this for developers, especially those who are just designing more complex databases and need a good background on security. He is such a great resource that I subscribe to his newsletter now! I can only hope that he writes another book soon! A+

All of the other reviews pretty much say it all, but I wanted to place a more recent review in the list. Although I have just started using some of the basics Gary clearly discusses, I am anxious to get to the rest. Being able to secure Access has always been in the back of my mind. Now I know I can tackle the issue and get it done in a consistent manner that I can carry into all my Access projects. Thanks for the good work Garry.

A good book will find the reader. I would like to thank Mr. Robinson for a well written read. Besides all the other things I have in my life to do I was able to finish his work in about two weeks. I have read all the other reviews; there is nothing I can add. I can however tell you that if you are into Access database (and you know if you are) then this book is an imperative. I have had many books on Access database pass my way, nothing compares with Mr. Robinsons' book on security and protection.

Mr. Robinsons' is the first technical book on Access I have ever read from cover to cover with a never ending want to turn the page to see what Mr. Robinson was going to teach me next. I'm going to begin a reread of his work and this time I'm going to use the examples with both Northwind and my own database to incorporate his methods; especially enjoying combining the OS and workgroup security to provide my data a secure base from my clients, friends and enemies.

His book provided me ample margin to take copious notes along with my read, it will prove helpful in preparing for deployment. Mr. Robinson is a professional database administrator and this book is written as from such, you will think like he does at the end of this read and be the better for it. Mr. Robinson is a wonderful dbase admin, author, and now teacher. Again many thanks for his efforts and a heartfelt appreciation for my newly gained knowledge. Should Mr. Robinson ever have a worldwide tour on the subject, sign me up.

All of the reviews are positive, I suggest a review of Mr. Robinsons' Table of Contents and more important, the wonderful Index. A review of these documents will give you better insight into the level of Access database security Mr. Robinson clearly and distinctly explains. Mr. Robinson has the world's attention on this security subject and rightfully deserves it.

The Table of Contents and Index may be found at:

View the table of contents (http://www.vb123.com/get/AccessSecurityBook_TOC.pdf)in PDF format.
View the index file (http://www.vb123.com/get/mapindex.pdf) in PDF format.

Tom Pickett
May 9, 2006
Berea, South Carolina USA

This has got to be the best MS Access resource book that I have purchased. Like others, I have found MS Access security hard to understand but with Gary Robinson's help I am now getting a grasp on how I can keep sensitive data secure. The book is aimed at those who are new to security as well as those with experience. Also, the downloable database, with forms and code that you can easily use in your own applications, is a real time saver.

I especially like how he has broken down the overview for each chapter with segments aimed at Developers, DBA's and the IT Managers. In these overviews he explains what in the chapter is important to the reader by their role. The book is arranged so you can easily locate the information you need and not have to go through the whole book to be able to accomplish your security goal. But I recommend that you do read the entire book as it has so much to offer! I am on my second read through.

The book covers the physical layer aspects of modern cable networks, in comparatively greater details than the MAC and transport layers.

The author has done an excellent job in choosing relevant details of each technology presented in the book and laying them out in an easy-to-understand manner.


Overall, it is a good reference book to have within one's reach and is a better starting point in one's understanding of cable networks, instead of searching for terms or concepts using internet search engines.

Dr. Ovadia has written a thorough and carefully researched dissertation on the end-to-end Cable TV network architecture. The book is excellent for both a high level overview of the Hybrid Fiber/Coax network as well as for an in-depth review of the various network components, including laser transmitters and optical fiber amplifiers, plant noise characterization, head-end and subscriber modems, media formats and more. There is also an overview of the Docsis protocol. I recommend this book to anyone who wants to learn more about the Cable Operator network architecture. The contents should be required knowledge for anyone involved in developing any of the components of a cable TV network.

As a non-expert in the field, "Broadband Cable TV Access Networks" is a very complete book that is well-organized and full of information. The introduction sections are very clear and setup up the rest of the book very well. It is clear that Shlomo is an expert in the field and also a very good writer that integrates difficult concepts into a readable story. On areas that Shlomo is not an expert in, the descriptions are not so complete. Sometimes, the book moves too quickly through the details, but the amount of material in the book is impressive for its size. Overall this is a very good book that holds the reader's interest.

The book "Broadband Cable TV Access Networks" by Dr. Ovadia presents both a high level overview and low level details of CATV technology. It is a well organized system engineering handbook for cable TV network. It gives an excellent introduction to the overall CATV architecture. The introduction is very descriptive and easy to understand. And then extends to rigorous technical details in transmission technologies (over both fiber and coax cable), RF and digital transceiver design, cable modem protocols, software architecture and applications. The book can be a good tutorial for people interested in CATV technology and a good reference for engineers working in the area.

I am working in MRV Communications in the field of FFTx Receivers Transceivers design, focusing in the analog side of the system video transport.

I had purchased the book and enjoyed reading it. Indeed, it is a great system engineering book covering a broad spectrum of technical subjects which I have a lot of interest. It broadened my knowledge on the arena of CATV which was new to me.
(I came from Israel from the Satellite Communications field).

It is a recommended book to any communications engineer, component engineer and system engineer dealing with fiber optics data communications and video transport.
It covers all design aspects in all perspectives, system wise and component wise.
It provides a broad review, showing the affects of RF chains and , optical links imperfections on a QAM signal in most scientific analytic and professional way.

The book is structured as a zoom-in, taking the reader from a broad picture of definitions, system architectures and topologies such as HFC, PON, zooming into each building block requirements and constrains such as optics CWDM WDM optical none linearity, pre-distortions, CATV receivers topologies , specs and optimized solution. Additionally it covers the aspects of protocols such as DOCSIS and CATV standards showing how to approach to system design, understanding its requirements in order to reach the proper design.

The books provides block diagrams, schemes plots and conclusion to each chapter subject.

Indeed Dr. Shlomo Ovadia did here a huge effort and a great job.
This book is must have in any technical library.

Avi Brillant
Senior Design Engineer
Luninent-Inc
20550 Nordhoff Street
Chatsworth
CA-91311

Cell 818-266-7330

I really enjoyed this book. It was straight forward, to the point and provided some great best practices as solutions to some common security problems. A major problem with security is management. Too often the people making the important decisions do not understand the information that they are given.

As the authors point out, Managers and technical staff speak different languages and that is the key problem here. Managers that read this book will gain a clear understanding of the problems that the IT staff faces, and IT people that read this book will understand the management side and will know how to speak to non-technical staff.

This book is a perfect introduction to security and related business concerns.

This is a really good introduction to security for non-technical and IT personnel. It covers a lot of subject matter including disaster planning, and writing a security policy. This book is an excellent resource for managers who need a clue. It is written better, more organized and more helpful than "Secrets and Lies" and other similar books. I recommend this book for anyone that needs a good overview of security. You may not be a CISSP after you finish it but you will understand what a CISSP is saying.

This book is a great overview of security and policy development. This is not a technical book, it does not teach you the specifics of any particular OS, or how to configure software. It does ask key questions, and gets you thinking about security programs and business practices. The policy template is an added bonus. I gave this book to my manager to help convince her that we needed to look at security differently and budget for it.

This book is a great starter book on information security! I was wading though my copy grumbling "I know this, this, this...", when it occurred to me that I am not the intended audience.

For some time, one of my friends was asking me for a good book on security for somebody who knows absolutely nothing about it. I gave him "Access Denied" - and now he is hooked. Several weeks has passed by and he is already asking for "Hacking Exposed"...

"Access Denied" covers a wide range of security-related topics. The book is well written, logically organized and have everything to appeal to the beginners in the security field, those curious about modern (if not cutting edge) security topics and those migrating to security from other IT fields.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

This book is a great introduction to security concepts and procedures. I've used it as a resource for college papers and I have used the templates to start a security policy. I recommend it to anyone that needs a well written primer on security.

This book covers more than just your digital privacy. It sweeps on a wide variety of privacy topics. I find that a good thing since it's comprehensive. In reality your digital identity is interspersed with your physical identity and both a very important.

This is the most accessible of the privacy books I've read. The advice is presented in bite sized bits that are easy to understand and implement. It gives both background and practical advice. Both of which are necessary to understand the problem and the solutions.

This book is an eye-opener on privacy invasion, and how it can harm you in countless ways. It is a comprehensive study of the many forms privacy invasion can take, especially as practiced on the Internet, and what you can do to protect yourself. Author Dan Tynan has studied these offensive practices for years, and gives us the benefit of his research and findings. Find out what is going on, and what you can do protect yourself, not only on the internet, but in other aspects of your life as well.

Much as we don't want to, privacy is something we all need to think about and protect these days, unless we want to give up our computers and other gadgets and go back to stone tablets. Now we have an easy, funny, understandable guide to protecting ourselves in the online age, and we'd be foolish (and just asking for trouble) to ignore it. Dan Tynan has done all the hard work for us; now we just need to make sure that everyone we know reads this book!

Computer Privacy Annoyances
O'Reilly
By Dan Tynan
ISBN 0596007752

As someone who gets asked questions about Internet use and safety all the time, a book I had been itching to read was "Computer Privacy Annoyances", by Dan Tynan. According to the cover, the book covers "How to avoid the most annoying invasions of your personal and online privacy."

The quick and dirty? The book gives very practical, real-world examples of how your data can be used, yet the author manages to avoid sounding like a doomsayer... even some of the more scary scenarios don't come off sounding like sensationalism, just honest (and sometimes even apologetic) examples of what could very realistically happen. (I thank you, Mr. Tynan.)

I'll take bets on anyone that doesn't learn at least ten new things they didn't know about their privacy rights. Mr. Tynan has taken the proverbial "They" and reduced it to the very organizations that "they" really are. Did you know you can request a copy of your FBI files? Do you know who has the power view it? Do you know who is collecting data on you at this very moment and what they are doing with it?

The book's format allows for a surprisingly fast read. Well organized sections such as privacy at home, on the Internet, in public, at work, and even on a federal level allow for quick chapter absorption. In each chapter, the author states the annoyance, and then the fix. This allows for quick skipping over an 'annoyance' that might not annoy you that much.

I did notice that the author made no mention of the everyday information users give out about themselves without even realizing it, such as usernames that contain birthdates and such. But the Internet privacy chapter is only a small portion of the topics covered in this book. In fact, if I had to find one fault with this book, however, I'd say they lost a much larger audience that could have easily benefited from the book by calling it *Computer* Privacy Annoyances.

As a tech professional, if I could get all my clients, users, friends, family and complete strangers to read this book, I strongly believe identify theft could become a thing of the past. And it might even reduce global blood pressure, too. Bonus!

Privacy? Good luck! Even the slightest misstep on line (or anywhere else, for that matter) can open you up to privacy intrusions that you may not know about. Dan Tynan does a really good job in outlining these areas in Computer Privacy Annoyances. This is pretty much required reading for living in our heavily computerized society.

Contents: Privacy At Risk; Privacy At Home; Privacy On The Net; Privacy At Work; Privacy In Public; Privacy And Uncle Sam; Privacy In The Future; Index

In this Annoyances title, Tynan looks at a wide range of activities and situations that involve a potential unwanted loss of privacy. Using a question and answer format, he effectively shows how seemingly innocent activities (like booking a hotel room or ordering a kosher meal on a flight) can be logged and combined to build a profile of your activities that may not present a very flattering picture of who you are and what you do (and with whom). While there's the obligatory chapters on spam, online registration sites, and the like, there are also excellent chapters that cover privacy at work (what your employers can and can not do) as well as health record concerns. Things may not be as secure and private as you think they are...

Realistically, there's already more information out there to be gleaned than you'd probably expect and be comfortable with. But by reading and digesting the contents of this book, you can start to reduce your exposure going forward. Even just the awareness of privacy concerns will start to cause you to question *why* a merchant might want certain information. They may *want* your zip code or phone number, but that doesn't mean you *have* to give it to them. Even if this book keeps you from making just one mistake that would lead to identity theft, then it's more than paid for itself. A recommended read...

This concise book is very helpful for people who would like to know cryptography. The book uses a lot of diagrams to make complicate concepts easy to understand. One improvement the author may want to do is to fix the errors in the book.

It usually takes me a while to understand new things, this book was very informative and easy to understand. I now understand cryptography! Read this book!

The goal of this book is to provide an introduction to the basic concepts of cryptography to non-technical people, and to illustrate how cryptography can be applied in e-commerce applications. The author has succeeded admirably in this endeavor.

The first part of the book provides a gentle introduction to symmetric-key encryption and authentication, public-key cryptography, key managements and PKI. The detailed explanations are accompanied with intuitive figures. For the most part, the mathematical intricacies are omitted from the main chapters thus enabling the reading to grasp the important concepts without getting bogged down with technical details. For those interested in the underlying mathematics, the second part of the book provides a tutorial to some of the mathematics. Finally, the third part of the book describes two crytographic architectures designed by the author.

I highly recommend this book to the people with nontechnical backgrounds who are interested in learning how cryptography can be used to secure their applications. Once the basic concepts are understood, the reader can then proceed to one of the many available technical books on cryptography.

The goal of this book is to provide an introduction to the basic concepts of cryptography to non-technical people, and to illustrate how cryptography can be applied in e-commerce applications. The author has succeeded admirably in this endeavor.

The first part of the book provides a gentle introduction to symmetric-key encryption and authentication, public-key cryptography, key managements and PKI. The detailed explanations are accompanied with intuitive figures. For the most part, the mathematical intricacies are omitted from the main chapters thus enabling the reading to grasp the important concepts without getting bogged down with technical details. For those interested in the underlying mathematics, the second part of the book provides a tutorial to some of the mathematics. Finally, the third part of the book describes two crytographic architectures designed by the author.

I highly recommend this book to the people with nontechnical backgrounds who are interested in learning how cryptography can be used to secure their applications. Once the basic concepts are understood, the reader can then proceed to one of the many available technical books on cryptography.

The basics of the usage of symmetric and asymmetric cryptography are explained here step by step in a precise way visualized by clear drawings of a sender, (evil) observer and recipient. Starting with the simplest case and showing what's faulty about it, the author develops an understanding of why it needs message digestion, public and private keys and either Kerberos or a certification authority.

A small part of the book is reserved for some mathematical expostions which do not go very far. Two case studies, one awkward, one profound, round off the book.

The term e-commerce in the title is somewhat misleading. The book deals rather with B2B, the other subcategory of e-business.

A possible audience for the book are people like me, who are supposed to know what excatly a digital signature is and therfore cannot really ask someone.

As a professional db developer, I found this book from Rick Dobson to be an excellent guide to getting you on your way with Access using SQL Server as the back end. This a rite of passage for many Access developers, like me, who find SQL Server kind of intimidating. Rick takes you through every step of the way very logically, preparing you for your next benchmark. He thoughtfully anticipates your next question with a paragraph or two that explains the reasons why you're doing what you're doing and how to do it. No smarmy digressions, bad jokes or confusing examples. Highly recommended reading for IT developers who want to get to the next level of database development. Great job, Rick!

By far the best book I have seen regarding the difficulties encountered when moving an Access application to SQL Server. Until reading this book, I couldn't figure out why my Access queries that were 'converted' into Stored Procedures could not reference each other, why my forms would not work, why the tables weren't updateable (primary keys weren't copied during conversion), etc.
All these and many more perplexing issues are clearly explained here. For quickest results, read Appendices B and C, then the first 7 chapters before trying to convert your first Access database to SQL Server.

Having spent a number of years using Access to develop commercial solutions I recently moved on to Access projects and found this book a real find in getting up and running in a short space of time. Covering each topic in logical chunks I found it to be more than a good grounding in the subject. It is also well written in plain English and avoids the unnecessary complications that are often found in such books and I would thoroughly recommend it to anyone who is considering developing Access projects.

I have years of experience in programming but knew nothing about Access, SQL or VBA when I got my latest assignment. I can't stand those 1000 page books that want to hold me by the hand while I build some simple-minded application through eight chapters. I just need to know the basics quick and then see a few examples of some typical tasks. This book is just what I needed to quickly get me up to speed and working on my own application. There are a few minor differences with Access XP (like changed menus) so you'll need a good XP reference also. I recommend this book to any developer that needs to come up to speed quickly on either SQL or Access.

I just received this book so I cannot comment on its technical merits. However, I have noticed the book is littered with spelling errors and errors in general. Examples are (1) On page 11 "As but this architecture won't be specifically considered furhter".. and yes, I included all the spelling typos. (2) On page 19 "if you had an Access poject" instead of "project." Isn't this what spell checkers are made for? There is at least one more error that I glanced over but did not record. And I have only read to page 19! My experience has been when a book contains many typos then then code should be suspect. I hope not, because a good Access 2000 to SQL book is needed. Caveat emptor!! Paul

All in all just a fascinating book on a fascinating topic. In general, the introductory parts of each chapter are accessible to anyone with a standard 12 year education. The mathematics are best understood by people with a background in algebra and statistics at the American High School level, but not much more. If you buy this book, expect John Ashcroft to put your name on a list of people buying dangerous published works (and with the Patriot Act in place, I am neither paranoid nor joking). The best chapter is the one about encoding information in ordered lists. This book taught me how to include a one line hidden message in a 50 item list of my favorite Country and Western Songs of all time (and THAT is a cool thing to do).

This book is a great introduction to learning how to hide data in places most people wouldn't think about looking. Sample code and various URL's are provided for places to start, this not the easiest subject to grasp, but the book helps put it at a manageable level.

A great place to start!...

This is a deep, serious book about making information transmogrify, even if there are a few silly parts. I liked the funny parts and they reminded me of Goedel Escher and Bach

This is a very easy read that does not really assume much about the reader other than mathematical maturity at the precalculus level, knowledge of programming in a higher level language, and a curiosity about hiding information in such things as images. In fact, I bought this book to get a grasp on how to hide a watermark in an image. The early chapters are devoted to material that forms the basic toolkit for steganography - private key encryption, secret sharing, and error correcting codes. The later chapters describe how to apply these techniques in various ways to hide information.

Chapter 5 discusses common data compression algorithms, not to the point that you could write an encoder/decoder system, but so that you know which allow perfect reconstruction and which do not. Compression leads to the topic of mimicry, which is the subject of chapter 6. Basic mimicry produces text that looks statistically similar to the original text but is far from perfect. Chapter 7 shows methods of improving mimicry techniques so that the mimicked text not only passes statistical tests for similarity to the original, but passes rules for grammar. This leads to the concept of context free grammars and their role in mimicry. Thus, you can hide data in realistic sounding text.

Chapter 8 concentrates on a robust and complete model known as the Turing machine. Such a machine hides data as it "runs forward", while running the machine in reverse allows the hidden data to be recovered. Certain proofs show that this is a stronger data hiding model than those previously discussed.

Chapter nine discusses a more image-processing related data hiding topic - hiding in the noise. What appears as noise to the untrained eye can actually be a message. Of course, the flip side of this is "real" noise has the power to obscure the hidden message.

Chapter 10 discusses anonymous remailers, which is the deletion of the name of the originator of a message by an intermediate node. Such systems can range from very secure to very insecure depending on strategies involved. Chapter 11,"Secret Broadcasts", is a companion chapter on how to broadcast a message so that everyone can read it but nobody knows the source. The solution lies in the "Dining Cryptographers" algorithm, and this solution is discussed at length.

Chapter 12, "Keys", discusses message keys as extensions to the concept of keys in basic cryptography, which was discussed earlier in the book. Adding keys to any algorithm discussed up to this point makes that algorithm stronger. Chapter 13, "Ordering and Reordering", discusses how steganography strategies might be disrupted by reordering parts of a message, and discusses methods that might prevent this from being a problem.

Chapter 14, "Spreading", is a more mathematical chapter than the preceding ones and takes a different approach to the problem of information hiding. It takes ideas from spread spectrum radio and applies them to steganography. This is the one chapter where a knowledge of calculus, Fourier transforms, and even wavelets will be helpful.

The last three chapters, "Synthetic Worlds", "Watermarks", and "Steganalysis" are short and more subjective than previous ones, mainly giving the reader a broad overview of these topics.

The book has a wealth of algorithms, equations, and simple examples. There is even a very basic Java mimicry program in the appendix. However, this is not a programming book full of ready to implement solutions - you will have to do that yourself. There are numerous references to web addresses where you can find both executable and source code for implementing some of the algorithms mentioned in this book. I would say if you are interested in hiding information in data of any kind - text, sound, imagery, etc. - then this book is essential reading. I highly recommend it.

I read the entire book from first to last page and enjoyed the content absolutely. The book has theory and practice, clear examples and many references to free and open source software to make tests. The math part has razonable level (not too much, not to little). I have no found anything better in the area.
Good for Peter Wayner!

P.D. ...

Don't let the title fool you into thinking the book is only of value to novices. Instead the book goes into unexpected levels of detail while still staying easy to read. I was surprised at how much detail there was. There was a lot more information that I would have expected. I think a wide range of skill levels can still find value in the book as an everyday reference, or to study up on the topic. I would highly recommend this as a vendor-neutral book for your networking collection.

Perhaps the most striking thing about this book is that it is not totally Cisco based. Often books from Cisco Press seem like they are really Cisco manuals that have been rewritten. When I picked this book up I was expecting to see nothing but the Cisco PIX Firwall and of course the new Adaptive Security Appliance (ASA). And yes, Chapter 6 is on the PIX/ASA Firewall. But then you go to Chapter 7 and it's about Linux based firewalls that can be put on a basic generic PC at a dramatically lower cost.

Also, somewhat surprising to see a chapter on what you might call personal firewalls, where it specifically covers the firewall that comes with Windows XP and the very popular Trend Micro's PC-cillin.

Basically this excellent book starts with a definition of firewalls, what they are, what they are supposed to do, why they sometimes fail. In short everything you need to know about firewalls. This includes some information that goes down to the basics of TCP/IP through what the screens look like for setting up the common firewalls. I also liked where he talks about points where some experts don't agree with others. When they do this, they point out the good and bad points of both positions.

All in all, an excellent book that meats the goals of discussing the fundamentals of firewalls.

Firewall Fundamentals provides what I see as the first clear book in many years on the oldest known protection for the Information Technology field. Authors Wes Noonan and Ido Dubrawsky take the concepts of protection at the basic level and slowly walk the reader through protection and defense from the introduction of threats to the details of advanced firewalls like the Cisco PIX and ASA appliances to Microsoft's ISA application. While this book may to be advanced in nature, it explains in detail the simple items that make the understanding of Firewalls and their technology important. Even from the goal of the book "...personal and desktop..." where the authors clear state that no level will be untouched does this book make one feel comfortable and unafraid.

Considering that this is a Cisco Press, book it surprised me that the amount of non-Cisco detail the authors' included, from Checkpoint and Microsoft ISA in the larger areas to Trend-Micro in the smaller areas. These guys ensured in this book a level of detail and understanding that will guarantee a complete read; even a Security Engineer, like myself who has learned the advanced concepts and deployment methods/reasons for security, gained new insight into the world I work in. For both Noonan and Dubrawsky present the items I sometimes miss, the obvious and clear issues that the regular individuals encounter and need to help them.

Noonan and Dubrawsky start with the simple items and basic concepts slowly and adding to them while not forgetting the assumed reader. This book is divided into four sections including the Appendixes: The first of the major section as always the Introduction which covers the basics from what a threat is to the difference between a personal (computer) based firewall to a network firewall.

After the basics are covered the authors' begin moving into the how of firewall technology from the personal computer to the common home-office like Linksys and finally into the realm of small office and hardware that include the Cisco platforms. While these chapters may appear to focus more on the Cisco Products they do include important other chapters that deal with items like where a firewalls belongs within the network. Within this section of the book we see items as mentioned like the Linksys and Cisco products, but we also see NetFilter and other freeware and pay products including Microsoft's ISA and Checkpoint mentioned, configured and discussed in detail. Within Chapter 7 the Linux products that are slowly advancing in the industry due to their cost and availability are detailed with the NetFilter product. Flow-charts and diagrams again help to explain not only this product, but the key concepts behind firewall technologies and examples of scripting help individuals learn and understanding what should be occurring with the product.

Finally the last key section deals with the importance of Managing and Maintenance any Firewall. From policy management to troubleshooting they do not leave anything out. I personally found the chapter entitled "What is My Firewall Telling Me?" very different from what I would expect in a simple how to read the logs chapter. The authors took time to explain the concepts of logging, the importance and different methods to read the log. Again they showed that this is not a book that is Cisco centric on Cisco heavy by using products and screen shots of non-Cisco items like Microsoft and NetIQ.

What this book is missing is a disclaimer that while published by Cisco Press it is not entirely Cisco Centric and this is a good thing. Yes as many people know Cisco is a large player in the field of networking and information security these author's do everything to ensure a fair and equal play of the others I have mentioned before. I feel that if you where looking for a book to help anyone with a small or home office environment protect it, this is the book you need. While I found adding it to my collection a positive and enjoyable experience, I can only hope that you will too.

As an IT professional, I know and understand that firewalls are a requirement in today's computing environment. But as a developer, the details of firewalls are pretty much a black box to me. I was pleasantly surprised with the book Firewall Fundamentals - An introduction to network and computer firewall security by Wes Noonan & Ido Dubrawsky. I actually understood most of it! :)

Contents:
Part 1 - Introduction to Firewalls: Introduction to Firewalls; Firewall Basics; TCP/IP for Firewalls
Part 2 - How Firewalls Work: Personal Firewalls - Windows Firewall and Trend Micro's PC-cillin; Broadband Routers and Firewalls; Cisco PIX Firewall and ASA Security Appliance; Linux-Based Firewalls; Application Proxy Firewalls; Where Firewalls Fit in a Network
Part 3 - Managing and Maintaining Firewalls: Firewall Security Policies; Managing Firewalls; What Is My Firewall Telling Me?; Troubleshooting Firewalls; Going Beyond Basic Firewall Features
Part 4 - Appendixes: Firewall and Security Tools; Firewall and Security Resources; Index

There were actually a number of surprising aspects to this book (all good). The first thing that surprised me is that this is a Cisco Press book. As such, I would have expected a huge bias towards Cisco technology at the expense of everything else. Yes, most of the options and solutions covered include the Cisco offering in that category. But the overall focus is on the underlying technology instead of the vendor offering. That means that you are getting great information on firewalls, not just how Cisco does it. Another surprising aspect for me was the range of experience that is targeted in the book (and successfully at that). Part 1 was perfect for someone like me who isn't intimately acquainted with the inner workings of a firewall. Part 2 covers the range of solutions, both hardware and software, personal and enterprise. And Part 3 is one of those sections that you'd likely use on a regular basis at work if you're responsible for the care and feeding of network security. The information is extremely practical, and having checklists for troubleshooting may just be something that bails you out of some ugly situations...

There's not too many books that can pull off the difficult task of reaching all experience levels on a subject. The fact that this book does it while being published under a vendor imprint is even more impressive. Definitely a book I'd recommend on the topic of firewalls...

Firewalls have gone from a luxury to a necessity in the computer world, and today a thorough understanding of their function and setup is required reading for any serious networker, programmer, or computer operator. Firewall Fundamentals: An Introduction To Network And Computer Firewall Security addresses all issues, providing a through introduction to firewalls, how they protect, up to more advanced TCP/IP protocols and firewall configuration for Linux and other systems. From application proxy firewalls to security policies and rules, Firewall Fundamentals holds it all.