Internet Access Books

I finally picked up this book last year and throughoughly enjoyed it. I keep referring to it because the examples build up to the point of qualified proof of concept. The examples also are different enough from the other ones that are easy to find with Google, so between the two you get a complete view of the vulnerable issue.

The book's title should be obvious enough; this is NOT a book of defenses. However, if you understand these attacks you will be better equiped to deal with them when they happen. This book is no replacement for hands-on training in person with a qualified instructor such as at the SANS Institute, but it is an excellent supplement.

Its a great place to start...and works its way through some pretty indepth concepts. The great part is that for the beginner it is step by step....and they tell you were to download everything you will need. Anyways loved it, read it twice.

I have been around the software industry now for almost 20 years and every now and then I find a book where I learn exciting things, this is one of those books. It reminds me of the early days of low level Windows programming but with very up to date information on the OS and how to apply it. The book is obviously designed to attract hackers - both black and white hats - however it does do a good job diving on the internals of the Posix and Windows subsystems. If you like low level stuff this book is for you.

Not an easy read if you're not already familiar with programming and operating system concepts, but then if you are an IT security professional you'd better be, and the book explains why.

I read Rootkits: Subverting the Windows Kernel last year, but waited until I read Joseph Kong's Designing BSD Rootkits before reviewing both books. In a head-to-head comparison, I thought Kong's book was easier to comprehend and directly covered the key techniques I wanted to see. If I could give this book 4 1/2 stars I would, but Amazon doesn't allow that luxury.

Hoglund and Butler should be commended for writing this book. It really does assemble the parts (meaning techniques and code) necessary to implement a Windows rootkit, at least prior to Windows Vista. My only concern is that, at times, the authors are not as clear as I hoped they might be. This is probably due to the fact that they are two of the best rootkit writers on the planet, so they probably do not remember what it was like to not understand "hooking" and other techniques.

In some ways Rootkits is probably a book best suited for other experts (like many who wrote reviews here). That leaves beginners (like myself) wishing for a little more foundation or direct language prior to reading about implementation tricks.

One of the greatest strengths of this book, however, is the degree to which it exposes the internal workings of Windows. For greatest effect it's probably worth reading Microsoft Windows Internals, Fourth Edition by Russinovich and Solomon first.

Note that although I found the direct approach of the BSD rootkits book better for my learning style, this book by Hoglund and Butler is deeper in several areas. In fact, those who liked the BSD rootkits book would do well to read its Windows counterpart to learn tricks from Hoglund and Butler.

Real 802.11 Security is a very well written book and gives the reader a very good background about Wifi security. It perfectly explains why WEP is not a good protocol and shows how WPA and RSN works.

Edney tackles quite a broad topic, but does well with remaining focused and developing the topic from a novice understanding of wireless security to in-depth discussions down to the packet level. With the range of the topic, the book could have easily been written *only* for the novice or specifially for the computer professional, but Edney manages to hit both audiences; not a small feat when writing a computer-related book.

I would definitely recommend this book to anyone interested in understanding why wi-fi networks are vulnerable (more so than traditional wired networks) and in learning more about wi-fi security solutions.

Hello,

I am reading this book and it is helping me a lot with my certification towards the CWNA, the material is very good, explanations are clear and the author has a very easy way to control the reader and explain the things that are sometimes hard to see. This book is a very good reading, i would suggest for whoever is starting on Security to read it, it even makes some humoristics comments during the book. Awesome, 5 stars material !
thanks a lot,

The author really knows what he is talking about. The layout of content shows his strong logical reasoning. He answers almost all questions a curious engineer would have.

Outstanding book, not just for wireless security but for encryption in general. Very clear explanations, chapter on why WEP failed is the best explanation I have read. Also very clear on how EAP, TLS, TKIP, WAP and the rest of the protocol soup relate to each other. I even appreciated the attempts at humor - my style, a bit dry.

Real World Microsoft Access Database Protection and Security
I found it to be a good rescouce of the various stages of MSAccess DB developing protection for a data base. The end user would also benefit by having a reliable data base.
Braxton Foist

This was a great find. I just wish I had read it sooner. There are things in here that every Access developer should read. Lots of good advice, techniques, and code samples. Very well-written and easy to follow. Right to the point. I especially appreciate the humility that Garry shows in his writing. He obviously knows more than most about Access, yet he gives credit where it is due and provides lots of links for the reader to go out and get the background themselves.

I have read some of the other (excellent in their own right) big books on MS Access, and there were a couple of "non-security" things in here that I did not find elsewhere (not to mention the security issues that were new to me). I highly recommend this book for anyone who may be creating a multi-user database.

Gary Robinson is a master at Access security and this book proves it! This is one of the books that stays on the shelf close to me when I am developing. It has great resources for setting up different types of security and he provides forms and code to help you develop security based on your needs. I highly recommend this for developers, especially those who are just designing more complex databases and need a good background on security. He is such a great resource that I subscribe to his newsletter now! I can only hope that he writes another book soon! A+

All of the other reviews pretty much say it all, but I wanted to place a more recent review in the list. Although I have just started using some of the basics Gary clearly discusses, I am anxious to get to the rest. Being able to secure Access has always been in the back of my mind. Now I know I can tackle the issue and get it done in a consistent manner that I can carry into all my Access projects. Thanks for the good work Garry.

A good book will find the reader. I would like to thank Mr. Robinson for a well written read. Besides all the other things I have in my life to do I was able to finish his work in about two weeks. I have read all the other reviews; there is nothing I can add. I can however tell you that if you are into Access database (and you know if you are) then this book is an imperative. I have had many books on Access database pass my way, nothing compares with Mr. Robinsons' book on security and protection.

Mr. Robinsons' is the first technical book on Access I have ever read from cover to cover with a never ending want to turn the page to see what Mr. Robinson was going to teach me next. I'm going to begin a reread of his work and this time I'm going to use the examples with both Northwind and my own database to incorporate his methods; especially enjoying combining the OS and workgroup security to provide my data a secure base from my clients, friends and enemies.

His book provided me ample margin to take copious notes along with my read, it will prove helpful in preparing for deployment. Mr. Robinson is a professional database administrator and this book is written as from such, you will think like he does at the end of this read and be the better for it. Mr. Robinson is a wonderful dbase admin, author, and now teacher. Again many thanks for his efforts and a heartfelt appreciation for my newly gained knowledge. Should Mr. Robinson ever have a worldwide tour on the subject, sign me up.

All of the reviews are positive, I suggest a review of Mr. Robinsons' Table of Contents and more important, the wonderful Index. A review of these documents will give you better insight into the level of Access database security Mr. Robinson clearly and distinctly explains. Mr. Robinson has the world's attention on this security subject and rightfully deserves it.

The Table of Contents and Index may be found at:

View the table of contents (http://www.vb123.com/get/AccessSecurityBook_TOC.pdf)in PDF format.
View the index file (http://www.vb123.com/get/mapindex.pdf) in PDF format.

Tom Pickett
May 9, 2006
Berea, South Carolina USA

I really enjoyed this book. It was straight forward, to the point and provided some great best practices as solutions to some common security problems. A major problem with security is management. Too often the people making the important decisions do not understand the information that they are given.

As the authors point out, Managers and technical staff speak different languages and that is the key problem here. Managers that read this book will gain a clear understanding of the problems that the IT staff faces, and IT people that read this book will understand the management side and will know how to speak to non-technical staff.

This book is a perfect introduction to security and related business concerns.

This is a really good introduction to security for non-technical and IT personnel. It covers a lot of subject matter including disaster planning, and writing a security policy. This book is an excellent resource for managers who need a clue. It is written better, more organized and more helpful than "Secrets and Lies" and other similar books. I recommend this book for anyone that needs a good overview of security. You may not be a CISSP after you finish it but you will understand what a CISSP is saying.

This book is a great overview of security and policy development. This is not a technical book, it does not teach you the specifics of any particular OS, or how to configure software. It does ask key questions, and gets you thinking about security programs and business practices. The policy template is an added bonus. I gave this book to my manager to help convince her that we needed to look at security differently and budget for it.

This book is a great starter book on information security! I was wading though my copy grumbling "I know this, this, this...", when it occurred to me that I am not the intended audience.

For some time, one of my friends was asking me for a good book on security for somebody who knows absolutely nothing about it. I gave him "Access Denied" - and now he is hooked. Several weeks has passed by and he is already asking for "Hacking Exposed"...

"Access Denied" covers a wide range of security-related topics. The book is well written, logically organized and have everything to appeal to the beginners in the security field, those curious about modern (if not cutting edge) security topics and those migrating to security from other IT fields.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

This book is a great introduction to security concepts and procedures. I've used it as a resource for college papers and I have used the templates to start a security policy. I recommend it to anyone that needs a well written primer on security.

This book is an eye-opener on privacy invasion, and how it can harm you in countless ways. It is a comprehensive study of the many forms privacy invasion can take, especially as practiced on the Internet, and what you can do to protect yourself. Author Dan Tynan has studied these offensive practices for years, and gives us the benefit of his research and findings. Find out what is going on, and what you can do protect yourself, not only on the internet, but in other aspects of your life as well.

Much as we don't want to, privacy is something we all need to think about and protect these days, unless we want to give up our computers and other gadgets and go back to stone tablets. Now we have an easy, funny, understandable guide to protecting ourselves in the online age, and we'd be foolish (and just asking for trouble) to ignore it. Dan Tynan has done all the hard work for us; now we just need to make sure that everyone we know reads this book!

This book covers more than just your digital privacy. It sweeps on a wide variety of privacy topics. I find that a good thing since it's comprehensive. In reality your digital identity is interspersed with your physical identity and both a very important.

This is the most accessible of the privacy books I've read. The advice is presented in bite sized bits that are easy to understand and implement. It gives both background and practical advice. Both of which are necessary to understand the problem and the solutions.

Computer Privacy Annoyances
O'Reilly
By Dan Tynan
ISBN 0596007752

As someone who gets asked questions about Internet use and safety all the time, a book I had been itching to read was "Computer Privacy Annoyances", by Dan Tynan. According to the cover, the book covers "How to avoid the most annoying invasions of your personal and online privacy."

The quick and dirty? The book gives very practical, real-world examples of how your data can be used, yet the author manages to avoid sounding like a doomsayer... even some of the more scary scenarios don't come off sounding like sensationalism, just honest (and sometimes even apologetic) examples of what could very realistically happen. (I thank you, Mr. Tynan.)

I'll take bets on anyone that doesn't learn at least ten new things they didn't know about their privacy rights. Mr. Tynan has taken the proverbial "They" and reduced it to the very organizations that "they" really are. Did you know you can request a copy of your FBI files? Do you know who has the power view it? Do you know who is collecting data on you at this very moment and what they are doing with it?

The book's format allows for a surprisingly fast read. Well organized sections such as privacy at home, on the Internet, in public, at work, and even on a federal level allow for quick chapter absorption. In each chapter, the author states the annoyance, and then the fix. This allows for quick skipping over an 'annoyance' that might not annoy you that much.

I did notice that the author made no mention of the everyday information users give out about themselves without even realizing it, such as usernames that contain birthdates and such. But the Internet privacy chapter is only a small portion of the topics covered in this book. In fact, if I had to find one fault with this book, however, I'd say they lost a much larger audience that could have easily benefited from the book by calling it *Computer* Privacy Annoyances.

As a tech professional, if I could get all my clients, users, friends, family and complete strangers to read this book, I strongly believe identify theft could become a thing of the past. And it might even reduce global blood pressure, too. Bonus!

Privacy? Good luck! Even the slightest misstep on line (or anywhere else, for that matter) can open you up to privacy intrusions that you may not know about. Dan Tynan does a really good job in outlining these areas in Computer Privacy Annoyances. This is pretty much required reading for living in our heavily computerized society.

Contents: Privacy At Risk; Privacy At Home; Privacy On The Net; Privacy At Work; Privacy In Public; Privacy And Uncle Sam; Privacy In The Future; Index

In this Annoyances title, Tynan looks at a wide range of activities and situations that involve a potential unwanted loss of privacy. Using a question and answer format, he effectively shows how seemingly innocent activities (like booking a hotel room or ordering a kosher meal on a flight) can be logged and combined to build a profile of your activities that may not present a very flattering picture of who you are and what you do (and with whom). While there's the obligatory chapters on spam, online registration sites, and the like, there are also excellent chapters that cover privacy at work (what your employers can and can not do) as well as health record concerns. Things may not be as secure and private as you think they are...

Realistically, there's already more information out there to be gleaned than you'd probably expect and be comfortable with. But by reading and digesting the contents of this book, you can start to reduce your exposure going forward. Even just the awareness of privacy concerns will start to cause you to question *why* a merchant might want certain information. They may *want* your zip code or phone number, but that doesn't mean you *have* to give it to them. Even if this book keeps you from making just one mistake that would lead to identity theft, then it's more than paid for itself. A recommended read...

This concise book is very helpful for people who would like to know cryptography. The book uses a lot of diagrams to make complicate concepts easy to understand. One improvement the author may want to do is to fix the errors in the book.

It usually takes me a while to understand new things, this book was very informative and easy to understand. I now understand cryptography! Read this book!

The goal of this book is to provide an introduction to the basic concepts of cryptography to non-technical people, and to illustrate how cryptography can be applied in e-commerce applications. The author has succeeded admirably in this endeavor.

The first part of the book provides a gentle introduction to symmetric-key encryption and authentication, public-key cryptography, key managements and PKI. The detailed explanations are accompanied with intuitive figures. For the most part, the mathematical intricacies are omitted from the main chapters thus enabling the reading to grasp the important concepts without getting bogged down with technical details. For those interested in the underlying mathematics, the second part of the book provides a tutorial to some of the mathematics. Finally, the third part of the book describes two crytographic architectures designed by the author.

I highly recommend this book to the people with nontechnical backgrounds who are interested in learning how cryptography can be used to secure their applications. Once the basic concepts are understood, the reader can then proceed to one of the many available technical books on cryptography.

The goal of this book is to provide an introduction to the basic concepts of cryptography to non-technical people, and to illustrate how cryptography can be applied in e-commerce applications. The author has succeeded admirably in this endeavor.

The first part of the book provides a gentle introduction to symmetric-key encryption and authentication, public-key cryptography, key managements and PKI. The detailed explanations are accompanied with intuitive figures. For the most part, the mathematical intricacies are omitted from the main chapters thus enabling the reading to grasp the important concepts without getting bogged down with technical details. For those interested in the underlying mathematics, the second part of the book provides a tutorial to some of the mathematics. Finally, the third part of the book describes two crytographic architectures designed by the author.

I highly recommend this book to the people with nontechnical backgrounds who are interested in learning how cryptography can be used to secure their applications. Once the basic concepts are understood, the reader can then proceed to one of the many available technical books on cryptography.

The basics of the usage of symmetric and asymmetric cryptography are explained here step by step in a precise way visualized by clear drawings of a sender, (evil) observer and recipient. Starting with the simplest case and showing what's faulty about it, the author develops an understanding of why it needs message digestion, public and private keys and either Kerberos or a certification authority.

A small part of the book is reserved for some mathematical expostions which do not go very far. Two case studies, one awkward, one profound, round off the book.

The term e-commerce in the title is somewhat misleading. The book deals rather with B2B, the other subcategory of e-business.

A possible audience for the book are people like me, who are supposed to know what excatly a digital signature is and therfore cannot really ask someone.

Libraries catering to system administrators will find LINUX FIREWALLS an essential acquisition, discussing the technical aspects of the iptables firewall and Netfilter built into the Linux application. Examples of firewall log analysis, policies, network authorization processes and more compliment chapters that include Perl and C code pieces to help keep a network secure. The result is a fine pick for any programmer's library.

Do you have any familiarity with TCP/IP networking concepts and Linux system administration? If you do, then this book is for you. Author Michael Rash, has done an outstanding job of writing a book that concentrates on network attacks--detecting them and responding to them.

Rash, begins with an introduction to packet filtering with iptables, including kernal build specifics and iptables administration. Then, the author shows the types of attacks that exist in the network layer and what you can do about them. Next, he illustrates classes of application layer attacks that iptables can be made to detect, and introduces you to the iptables string match extension. The author also discusses installation and configuration of psad, and shows you why it is important to listen to the stories that iptables logs have to tell. He continues by introducing you to advanced psad functionality, including integrated passive OS fingerprinting, Snort signature detection via packet headers, verbose status information, and Dshield reporting. Then, the author discusses the culmination of the attack detection and mitigation strategies that are possible with iptables. Next, he compares and contrasts two passive authorization mechanisms: port knocking and SPA. The author continues by showing you how to install and make use of fwknop together with iptables to maintain a default-drop stance against all unauthenicated and unauthorized attempts to connect to your SSH daemon. Finally, the author wraps up with some graphical representations of iptables log data.

This most excellent book takes on a highly applied approach. In other words, after reading this book, you will be armed with a strong working knowledge of how network attacks are detected and dealth with via iptables.

Make no mistake, this book is on what it says it's about "Attack Detection and Response with iptables, psad, and fwsnort" it contains very little information about setting up iptables to block unwanted external traffic.

HOWEVER setting up iptables (in the basic sense) doesn't require an entire book. Sure there are whole books on that topic but there is no need for a 300 page book on it, that just seems to be the size computer books have to be in order to get published. Which means other books on iptables are probably going to about 250 pages of fluff.

Incidentally this book actually only spends about the first 35 pages describing that, the remainder is fantastic, useful, well written information about doing the things that make iptables truly useful. "detection and response" ACTIVELY securing your system.

In addition to being comprehensive and useful this book happens to be well written, far better than most technical books.

If you're thinking about buying a book on Linux firewalls, make it this one, but if you're not already familiar with iptables expect to read the first 35 pages, then a couple online tutorials and then come back to this book.

When I bought "Linux Firewalls" I was expecting a good book because I already knew that the work of Michael Rash is excellent. However, I expected the traditional Iptables handbook that looks more like a "man page". Surprisingly I found that the book was much better than that. Instead of detailing every single feature of the Iptables infrastructure, Michael Rash explains how Iptables can be used as a powerful (and free) Intrusion Detection/Prevention System. To achieve that, Rash presents three open source tools developed by himself: psad, an iptables-based port scan detector, fwsnort, a tool that translates snort rules into iptables sentences, and fwknop, a Port Knocking and SPA authentication system.

The book is very practical. It's amazing how everything is presented so clearly and with such useful examples. The author first introduces the potential threats that are associated with the Network Layer, Transport Layer and Application Layer (I loved those chapters). Then he starts discussing the detection of malicious attackers that try to break into the system. Finally he presents active response mechanisms against attackers and ways to secure the whole system with additional layers of security.

The book is great if what you want is to secure your Linux system using IPtables and the open source tools developed by Rash. Rash is an expert on firewalls and intrusion detection systems. If you follow his suggestions you'll build a very secure system. Firewall enthusiasts and TCP/IP fans will also enjoy reading the book because its written by a geek and its written for geeks. However, if you are looking for an Iptables handbook, you are looking for a theoretical book about Firewalls or you want to use other tools than the ones presented in the book, then "Linux Firewalls" may not be the best option for you.

Disclaimer: I wrote the foreword for this book, so obviously I am biased. However, I am not financially compensated for this book's success.

In the foreword I note that Linux Firewalls is a "great book." As a FreeBSD user, Linux Firewalls is good enough to make me consider using Linux in certain circumstances! Mike's book is exceptionally clear, organized, concise, and actionable. You should be able to read it and implement everything you find by following his examples. You will not only learn tools and techniques, but you will be able to appreciate Mike's keen defensive insights.

The majority of the world's digital security professionals focus on defense, because offense is left to the bad guys, police, and military. I welcome books like Linux Firewalls that bring real defensive tools and techniques to the masses in a form that can be digested and deployed for minimum cost and effort.

One of the main reasons Linux Firewalls is a great book is that Mike Rash is an excellent writer. I've read (or tried to read) plenty of books that seemed to offer helpful content, but the author had no clue how to deliver that content in a readable manner. Linux Firewalls makes learning network security an enjoyable experience. Mike is exceptionally detail-oriented (see the RST vs RST ACK issue on p 63 and elsewhere) and he often cites sources and additional references. Linux Firewalls very nicely integrates sample network traffic to make numerous points; Ch 11 has several great examples. The sections on Fwsnort even improved my understanding of Snort itself.

The bottom line is that if you are a user of non-Microsoft operating systems (Linux, BSD, etc.) and you want to know how Linux can help defend your network, you will enjoy reading Linux Firewalls.

As a professional db developer, I found this book from Rick Dobson to be an excellent guide to getting you on your way with Access using SQL Server as the back end. This a rite of passage for many Access developers, like me, who find SQL Server kind of intimidating. Rick takes you through every step of the way very logically, preparing you for your next benchmark. He thoughtfully anticipates your next question with a paragraph or two that explains the reasons why you're doing what you're doing and how to do it. No smarmy digressions, bad jokes or confusing examples. Highly recommended reading for IT developers who want to get to the next level of database development. Great job, Rick!

By far the best book I have seen regarding the difficulties encountered when moving an Access application to SQL Server. Until reading this book, I couldn't figure out why my Access queries that were 'converted' into Stored Procedures could not reference each other, why my forms would not work, why the tables weren't updateable (primary keys weren't copied during conversion), etc.
All these and many more perplexing issues are clearly explained here. For quickest results, read Appendices B and C, then the first 7 chapters before trying to convert your first Access database to SQL Server.

Having spent a number of years using Access to develop commercial solutions I recently moved on to Access projects and found this book a real find in getting up and running in a short space of time. Covering each topic in logical chunks I found it to be more than a good grounding in the subject. It is also well written in plain English and avoids the unnecessary complications that are often found in such books and I would thoroughly recommend it to anyone who is considering developing Access projects.

I have years of experience in programming but knew nothing about Access, SQL or VBA when I got my latest assignment. I can't stand those 1000 page books that want to hold me by the hand while I build some simple-minded application through eight chapters. I just need to know the basics quick and then see a few examples of some typical tasks. This book is just what I needed to quickly get me up to speed and working on my own application. There are a few minor differences with Access XP (like changed menus) so you'll need a good XP reference also. I recommend this book to any developer that needs to come up to speed quickly on either SQL or Access.

I just received this book so I cannot comment on its technical merits. However, I have noticed the book is littered with spelling errors and errors in general. Examples are (1) On page 11 "As but this architecture won't be specifically considered furhter".. and yes, I included all the spelling typos. (2) On page 19 "if you had an Access poject" instead of "project." Isn't this what spell checkers are made for? There is at least one more error that I glanced over but did not record. And I have only read to page 19! My experience has been when a book contains many typos then then code should be suspect. I hope not, because a good Access 2000 to SQL book is needed. Caveat emptor!! Paul

This is a great book. I rarely give a book 5 stars, but this one has earned it.

The author's technical and standards body background is a tremendous help in helping the reader sort out the substance from the hype. This book covers XML and cryptography basics, DTDs, XML Schema, XML digital signatures and encryption, and SOAP.

I like the author's comparisons of XML with other encoding schemes, particularly ASN.1 DER which is prevalent in the security standards world.

Also helpful are the author's "soapbox" comments, which handily dispel the notion that you should accept all parts of a standard as the absolute truth and the final word. For example, "X.500 identities are baroque hierarchical names in which each level of the hierarchy consists of an arbitrary, unordered set of attribute-value pairs. They are just one of the complexities and false assumptions (such as the assumption that everyone would allow themselves to be listed in one global public directory, including companies listing all their employees) that doomed the X.500 Directory as originally conceived". I love it!

You'd be hard pressed to go wrong with this book.

In researching business requirements for enterprise web services, it soon became obvious that XML security would be an important issue.

I happened across this book, with a seemingly simple format and am impressed with the information it provides, the progression of information, and how well I was able to understand and comprehend the concepts detailed.

After reading serveral books on XML in general, I would recommend this book to anyone just wanting to learn XML concepts.

I wish more technical books gave me the same feeling of usefulness that this one gave me.

As they say in the movie industry... "An enthusiastic thumbs up"

Collaboratively written by Donald Eastlake (Co-chair of the joint IETF/W3C XML Digital Signature working group) and freelance technical writer Kitty Niles, Secure XML: The New Syntax for Signatures and Encryption is a solid, accessible, step-by-step guide to the processes for encrypting and ensuring security of XML applications. Individual chapters competently address canonicalization and authentication, encryption, cryptographic and non-cryptographic algorithms, and much, much more. Highly recommended for advanced XML users, Secure XML is a comprehensive, technically proficient, and detailed instructional resource and reference filled from cover to cover with extensive discussion and practical examples.

When you read the XML specification, you will notice that it contains no notion of security. Critical security functionalities such as encryption, digital signatures, and authentication are simply not part of the XML standard. XML is similar to many other protocols, languages, and operating systems in that it was originally developed without any thought to security and privacy. It is only after serious security vulnerabilities are discovered and publicized that they are patched. But this find, patch, fix mentality of information security is dangerous in that security problems can exist for months or years before they are found.

Similarly within XML, much of the security functionality has been added post- facto, namely in Canonical XML, XML Signature, and XML Encryption Syntax and Processing. By adding security to the core feature set of XML, the W3C has ensured that,
to a degree, the find, patch, fix method won't be the manner in which XML security is developed. A good reference book can help you navigate this XML security landscape.

Topics such as authentication, encryption, XML signatures, algorithms, and keying are discussed. For the most part, the bulk of XML security is covered.

Donald Eastlake, the lead author of Secure XML: The New Syntax for Signatures and Encryption, is the co-chairman of the joint IETF/W3C XML Digital Signature working group, a member of the W3C Encryption and W3C XML Key Management System working groups, and co-author of the XML Digital Signature, XML Encryption, and XML Exclusive Canonicalization standards. It is clear that Eastlake lives and breathes XML. As Eastlake is a writer of numerous W3C XML standards, and standards are often written in a terse and abstract manner; his book has a slightly stiffer writing style than XML Security. If you can get over this style, you can appreciate the comprehensive and uthoritative look at XML the book provides from one of the key architects of the syntax.

Secure XML covers and details every XML security feature. Also, it spends a lot of time giving examples of syntax and language use. This is especially so in chapter 9, XML Canonicalization - The Key to Robustness. Canonicalization is the extraction of the standard form of some data and the discarding of insignificant aspects of the data's surface representations. The book notes that getting the right canonicalization is one of the most important, yet difficult aspects of digital authentication within XML. Chapter 10 goes into great detail about XML signatures and authentication. The chapter gives numerous code examples of various contexts, schemas, and elements that readers can use on their own XML servers. Chapter 10 also has numerous notes and historical information about XML security with information that can't be found elsewhere.

Suppose you have XML data that you want to regularly
send to Bob, across the Internet. But it is of a
confidential nature, so you don't want to send it as
plaintext. Well, you can try using low level
encryptions, like SSL or TLS. But these don't give any
authentication, ie. Bob can't tell that you actually
sent them. Also, once Bob gets the messages, they are
all in plaintext, so he can't easily protect these
against others, if he is on a multiuser computer.

One answer is to incorporate encryption into XML, by
defining cryptographic standards that sit atop XML,
and generate XML documents with encrypted data. These
let you and Bob use powerful XML-based routines like
XPath, XLink and XPointer. Plus, you can now do things
like append your digital signature to your plaintext
file, encrypt the combination with Bob's public key,
and get a resultant XML document that you can send
Bob. Upon receipt, he can decrypt it and verify that
you are the author, all the while dealing with XML
documents.

This book explains the emerging XML standards that
make this possible. They discuss at a high level the
various cryptographic algorithms, like AES [Advanced
Encryption Standard], Diffie-Hellman and MD5. Little
mathematics is needed, as they leave the mechanics of
the algorithms to other books. Instead, they describe
the XML infrastructure that uses these.

The book has a necessarily comprehensive description
of canonicalisation; which refers to the rewriting of
an XML document in a standard form, prior to
encryption. Otherwise two semantically identical
documents would give different ciphertexts, which is
confusing.

If you have been wondering if you should encrypt your
XML documents, and how to do so, this book may clarify
many issues.

I taught a course in computer security and a course in advanced networking during the spring semester of 2008. Both of those classes contained some coverage of the role of computer firewalls and the techniques they use to protect computers from malicious entities. This was the primary resource I used in my presentations of firewalls and in that context, I found it invaluable.
There are three main sections:

*) Introduction to firewalls
*) How firewalls work
*) Managing and maintaining firewalls

For the computer security course, the second section was the most valuable, for in that course we discussed the mechanics of how security is provided on the border of the network with the exterior world. Specifically, chapter 8 "Application Proxy Firewalls" and chapter 9, "Where Firewalls Fit in a Network" were useful.
The last section was of major importance in the advanced networking course since the emphasis in the course was on network management. I required the students to write a major document on network management policy and the ruleset for managing the firewall(s) was a major section of it. Specifically, chapter 10 "Firewall Security Policies" and chapter 11 "Firewall Policies/Rulesets" were useful.
This book is an excellent introduction to firewalls and contains enough advanced material for it to be useful for the training of networking professionals.

Don't let the title fool you into thinking the book is only of value to novices. Instead the book goes into unexpected levels of detail while still staying easy to read. I was surprised at how much detail there was. There was a lot more information that I would have expected. I think a wide range of skill levels can still find value in the book as an everyday reference, or to study up on the topic. I would highly recommend this as a vendor-neutral book for your networking collection.

Firewall Fundamentals provides what I see as the first clear book in many years on the oldest known protection for the Information Technology field. Authors Wes Noonan and Ido Dubrawsky take the concepts of protection at the basic level and slowly walk the reader through protection and defense from the introduction of threats to the details of advanced firewalls like the Cisco PIX and ASA appliances to Microsoft's ISA application. While this book may to be advanced in nature, it explains in detail the simple items that make the understanding of Firewalls and their technology important. Even from the goal of the book "...personal and desktop..." where the authors clear state that no level will be untouched does this book make one feel comfortable and unafraid.

Considering that this is a Cisco Press, book it surprised me that the amount of non-Cisco detail the authors' included, from Checkpoint and Microsoft ISA in the larger areas to Trend-Micro in the smaller areas. These guys ensured in this book a level of detail and understanding that will guarantee a complete read; even a Security Engineer, like myself who has learned the advanced concepts and deployment methods/reasons for security, gained new insight into the world I work in. For both Noonan and Dubrawsky present the items I sometimes miss, the obvious and clear issues that the regular individuals encounter and need to help them.

Noonan and Dubrawsky start with the simple items and basic concepts slowly and adding to them while not forgetting the assumed reader. This book is divided into four sections including the Appendixes: The first of the major section as always the Introduction which covers the basics from what a threat is to the difference between a personal (computer) based firewall to a network firewall.

After the basics are covered the authors' begin moving into the how of firewall technology from the personal computer to the common home-office like Linksys and finally into the realm of small office and hardware that include the Cisco platforms. While these chapters may appear to focus more on the Cisco Products they do include important other chapters that deal with items like where a firewalls belongs within the network. Within this section of the book we see items as mentioned like the Linksys and Cisco products, but we also see NetFilter and other freeware and pay products including Microsoft's ISA and Checkpoint mentioned, configured and discussed in detail. Within Chapter 7 the Linux products that are slowly advancing in the industry due to their cost and availability are detailed with the NetFilter product. Flow-charts and diagrams again help to explain not only this product, but the key concepts behind firewall technologies and examples of scripting help individuals learn and understanding what should be occurring with the product.

Finally the last key section deals with the importance of Managing and Maintenance any Firewall. From policy management to troubleshooting they do not leave anything out. I personally found the chapter entitled "What is My Firewall Telling Me?" very different from what I would expect in a simple how to read the logs chapter. The authors took time to explain the concepts of logging, the importance and different methods to read the log. Again they showed that this is not a book that is Cisco centric on Cisco heavy by using products and screen shots of non-Cisco items like Microsoft and NetIQ.

What this book is missing is a disclaimer that while published by Cisco Press it is not entirely Cisco Centric and this is a good thing. Yes as many people know Cisco is a large player in the field of networking and information security these author's do everything to ensure a fair and equal play of the others I have mentioned before. I feel that if you where looking for a book to help anyone with a small or home office environment protect it, this is the book you need. While I found adding it to my collection a positive and enjoyable experience, I can only hope that you will too.

As an IT professional, I know and understand that firewalls are a requirement in today's computing environment. But as a developer, the details of firewalls are pretty much a black box to me. I was pleasantly surprised with the book Firewall Fundamentals - An introduction to network and computer firewall security by Wes Noonan & Ido Dubrawsky. I actually understood most of it! :)

Contents:
Part 1 - Introduction to Firewalls: Introduction to Firewalls; Firewall Basics; TCP/IP for Firewalls
Part 2 - How Firewalls Work: Personal Firewalls - Windows Firewall and Trend Micro's PC-cillin; Broadband Routers and Firewalls; Cisco PIX Firewall and ASA Security Appliance; Linux-Based Firewalls; Application Proxy Firewalls; Where Firewalls Fit in a Network
Part 3 - Managing and Maintaining Firewalls: Firewall Security Policies; Managing Firewalls; What Is My Firewall Telling Me?; Troubleshooting Firewalls; Going Beyond Basic Firewall Features
Part 4 - Appendixes: Firewall and Security Tools; Firewall and Security Resources; Index

There were actually a number of surprising aspects to this book (all good). The first thing that surprised me is that this is a Cisco Press book. As such, I would have expected a huge bias towards Cisco technology at the expense of everything else. Yes, most of the options and solutions covered include the Cisco offering in that category. But the overall focus is on the underlying technology instead of the vendor offering. That means that you are getting great information on firewalls, not just how Cisco does it. Another surprising aspect for me was the range of experience that is targeted in the book (and successfully at that). Part 1 was perfect for someone like me who isn't intimately acquainted with the inner workings of a firewall. Part 2 covers the range of solutions, both hardware and software, personal and enterprise. And Part 3 is one of those sections that you'd likely use on a regular basis at work if you're responsible for the care and feeding of network security. The information is extremely practical, and having checklists for troubleshooting may just be something that bails you out of some ugly situations...

There's not too many books that can pull off the difficult task of reaching all experience levels on a subject. The fact that this book does it while being published under a vendor imprint is even more impressive. Definitely a book I'd recommend on the topic of firewalls...

Firewalls have gone from a luxury to a necessity in the computer world, and today a thorough understanding of their function and setup is required reading for any serious networker, programmer, or computer operator. Firewall Fundamentals: An Introduction To Network And Computer Firewall Security addresses all issues, providing a through introduction to firewalls, how they protect, up to more advanced TCP/IP protocols and firewall configuration for Linux and other systems. From application proxy firewalls to security policies and rules, Firewall Fundamentals holds it all.