Internet Access Books

I found this book a little bit out of date, since software described in it it has changed the book isn't very useful: And it only talks about software, not other techniques.
It doesn't explain virtual communities.
In this issue, I think the best book is Cyber safe kids, Cyber-savvy teens.
Best

This book not only has a lot of great information in it to keep your kids safe, it is also a great reference guide. It points you to websites that you can go to and report cyberbullying or any other unscrupulous website.
Highly recommended.

What a wonderful book! Our children's safety should be one of our major concerns in our lives. With all of the ways a predator can get to our children, a book like this helps us stop one way they can harm our kids. It is also a good reference/source in suggestions on which software is available, how to find it and how to use it, as well as web sites to visit. Many times I have wanted a software but wasn't sure which one was the right one for me. This book helps eliminate those types of questions. I do wonder just how many parents don't know about the helpful software available or that come with the computers of today since parents are so tied to computers through work. I am 55, I have a child that is 40 and that child has a 4 year old. All three generations know and use the ways Mr. Johnson has described in this book. For those who are not computer-wise, this is a MUST HAVE book even if you don't have children.

Keep Your Kids Safe on the Internet talks of VOIP and IRC. These are two programs that I was aware of but have never explored. With this book as a guide, I would be willing to try them out. The book also talks about being careful with what information you or your child provides at Internet sites. A generation or two ago, we used a Public Library to ferret out the information. With anything and everything being so easily found on the web, the only difference between the library and the Internet is the quickness with which the information can be obtained. The same goes for cyber-bullying. I grew up with a bully bothering me and the kids of today get it on the web. Both these problems have always been with us, it is just easier with the net and something that children as well as adults need to not have in their homes.

Mr. Johnson has provided two things I will be using in the future. The first is how to view headers in Outlook. I had always been able to do it in Outlook Express but when I switched to Outlook, I was lost. He also talked about www.cybertipline.com. This site has information on Child Sexual Exploitation and how to report it. There you can also read about Amber Alerts, Megan's Law and ways you can get involved.

Windows Messenger Service not to be confused with MSN Messenger, Internet properties, pop-up blocker, five pages of Internet Chat Room Acronyms, and content advisor are a part of the short list of topics Mr. Johnson has included in this book. And the last chapters of the book talk of various types of software and how to use them such as filtering, email junk, firewalls, antivirus, malicious and windows update. For these chapters alone, "Keep Your Kids Safe.." is worth the price of $19.99 US. And don't forget to visit http://www.keepyourkidssafe.com/index.htm to read about the author and his very important reason for writing such a highly useful book.

KEP YOUR KIDS SAFE ON THE INTERNET
By Simon Johnson
Publisher: McGraw-Hill/Osborne
© 2004
ISBN: 0-07-225741 - 5


A Book Review by Frank Dobrowolski
For the Hobbyists Unlimited Computer Club Jan. 2005

AND KEEP YOURSELF SAFE TOO!

While this book is aimed at the parents of young children, most of the Internet dangers and protective measures that it discusses are pertinent for all users of whatever age. In fact, the author even has implemented similar procedures for business and governmental agencies. The book has received a host of favorable reviews from publications and people worldwide.

The scope of the book is indicated by the Chapter titles:

1. What Is The Internet.?
2. What Are You Threats To Your Children And How Serious On Day.
3. How To Avoid And Reduce The Risks To Your Kids.
4. Content-Filtering Software.
5. Using Filtering Software To Keep Out The Junk Mail.
6. Internet Firewall Software.
7. Antivirus Software.
8. Malicious Software Detection.
9. Putting Your Defense Into Place.
Appendix - info on various Spyware & Adware programs

The book points out that malicious Internet efforts targeted at children are frighteningly common, with its web site, www.KeepYourKidsSafe.com, offering the following data:

* 1 in 5 children (5.7 million children) have received unwanted sexual solicitation in the past year.
* 20% (1-1.5 million children) were "very or extremely upset" about receiving such solicitations.
* 25% (5.4 - 6.4 million children) received "unwanted exposure to pictorial images of naked people or of people having sex".
* 71% of "unwanted exposures" occurred while the children were searching or surfing the Internet.
* 67% of the unwanted exposures happened at home.
* 80% of children between ages 7 and 18 in the USA receive inappropriate spam each day

Obviously anyone who has youngsters [including visiting grandkids] using their computer should be aware of the dangers and the protective steps available. But we all need to protect ourselves from the various intrusions and dangers of the Internet.

Some of the recommended protective steps are:

1. Avoid presenting personal information unless the site has a legitimate use for it.
2. Don't assume anyone on the Internet is truthfully identifying themselves - it is too easy to adopt an alias identity and personality
3. Don't give your password to anyone.
4. Do not respond to unsolicited e-mail (SPAM), including not activating an "Unsubscribe" option. This is used to identify valid e-mail addresses.
5. Use a nickname or alias for a screen name
6. In Chat rooms, on Message Boards and elsewhere your postings can be read by anyone who can access the site.
7. Discuss with children the dangers of the Internet
8. Don't post personal pictures on the Internet
9. The Internet is global and is *not* governed by any entity. This means that there are no limitations or checks on the information posted and accessible to Internet users.

The book has an extensive discussion on Malware - software that invades the user's privacy or attacks the computer. The variety of ways used to obtain information from our computers is almost staggering. One cannot read this book without resolving to maintain Anti-Virus, Firewall and Spyware Protection programs

There is a good presentation on ways to filter the content reaching our computers, including browser and e-mails filters - make sure to implement these protections. The book presents an extensive detailing and comparison of protection software products and filtering options inlcuding Firewall programs, Anti-Virus programs and Malicious Software protection programs. The last chapter discusses how to put these various defenses into place and keep them effective.

The Appendix includes a description of many malware programs. This a good reference when using the protection programs which usually list suspicious programs and allow the user to select whether or not to delete them.

Another interesting site covering much of this material is Are Your Children Safe from Spyware? at http://www.pcpitstop.com/spycheck/kids.asp. That site also lists Anti-spyware resources on www.pcpitsop.com .

Free eTrust EZ Antivirus Software for one year is offered with Purchase of the Book--a $29.95 USD value. However, it appears one only needs to go to the Computer Associates website, www.ca.com/freeav, to get the free download

This book is available through the Bergen County Library system, www.bccls.org.
It also is available at Ridgewood's Bookends at the List Price of $19.99 and
at Amazon.com for $ 13.59 plus S/H - waived for orders over $25.

"I didn't write this book to scare you. Nor did I write it to persuade you not to let your child use the Internet. The Internet benefits your child too much to warrant it being banned. I wrote this book to arm you with the knowledge and tools you can use to ensure, as much as possible, that your child has a positive Internet experience..." ~Simon Johnson

Keep Your Kids Safe on the Internet is a book dedicated to keeping your family safe from a variety of predatory elements lurking online. Everything from viruses to cyber-bullies. As an adult you have no doubt met many of these issues when you were first online and through experience you have been able to work through the chaos to get to the helpful sites and information.

Children don't have the time to deal with these issues (childhood is already stressful enough) and so parents have to protect them by putting in protective computer elements like firewalls and filtering software. Issues addressed:

What is the Internet?
How is the Internet Regulated?
What are the threats and how serious are they?
How to Avoid and Reduce the Risks...
Content-Filtering Software
Using Filtering Software to Keep Out the Junk Mail
Internet Firewall Software
Antivirus Software
Malicious Software Detection
Putting Your Defense into Place
Spyware and Adware

Lists of common acronyms and emoticons are interesting; parents can learn about blogs, viruses attached to your child's e-mail and search engine filtering. Comparisons of programs like Net Nanny and McAfee are helpful for everyone. Simon Johnson has written a very helpful book to protect your entire family against threats lurking online.

~The Rebecca Review

Cryptography has been around for a long time but a solid introductory crypto book is hard to find. This is one of the best crypto book I have ever bought. Well worth the investment and I am sure it is a book that I can always go back to if I need to look up something. It has a nice number theory chapter but I wish it could be more in depth(provides more proofs). The chapters on public-key crypto and related crypto.techniques are very well written. This book also covers some nice research result one can only found on some research papers(if one cares to dig). I am very impressed with this book! Not too "dry" nor too "elementary!"

What's great about Mao's book is that so many aspects of cryptography are covered in an approachable manner and with many good examples.
What's not so great about Mao's book is that it is chock full of errors. There are many mathematical typos. But what really kills this book for me are the ridiculous number of English mistakes - on average about two or three per page. Most mistakes are simple grammatical mistakes that can be re-parsed by the reader on the fly. However, there are more serious errors that make it very difficult to understand the meaning of significant passages and concepts.
Given Mao's refreshing conversational style it's a real shame that Prentice Hall couldn't come up with some decent editing. Hopefully a second edition will fix this.

Excellent,the best of all modern treatment on this subject,All in one guide.
Not for beginner.Icluded are many new features as ID based,Pairing,Provable security etc.
Nguyen Quoc Nam

Cryptography has been around for a long time but a solid introductory crypto book is hard to find. This is one of the best crypto book I have ever bought. Well worth the investment and I am sure it is a book that I can always go back to if I need to look up something. It has a nice number theory chapter but I wish it could be more in depth(provides more proofs). The chapters on public-key crypto and related crypto.techniques are very well written. This book also covers some nice research result one can only found on some research papers(if one cares to dig). I am very impressed with this book! Not too "dry" nor too "elementary!"

It's a pretty good one too, but it's still a college text. The orientation of this book is far more theoretical than practical, complete with abstract mathematical notation that sometimes does more to confuse than to elucidate (although the author, to his credit, includes a glossary of mathematical notation early in the text). Still, the book is complete and up-to-date, covering everything from probability theory and number theory through the latest stuff on PKI, symmetric crypto (including AES), and authentication.

Cryptography is not an easy subject, and this book will take a while to wade through for all but the most mathematically astute readers. Nonetheless, for those wanting a "deep dive" into the theoretical underpinnings of the subject, this is a good book. Security practitioners will likely find Schneier's "Applied Cryptography" an easier, more enjoyable, and equally beneficial read, although it is due for an update.

Although "Malicious Cryptography" is most certainly not for beginners, you will enjoy it if you have some background in security and anti-virus research.

Be warned, though: cyber-punk style of this book will probably resonate with some, and irk others.

Bypassing computer security systems has sometimes been called an art rather than a science by those who typically do not interact with computing machines at a level that would allow them to appreciate the science behind security attacks. This book does not address the strategies of how to bypass security systems, but instead concentrates on how to use cryptographic methods to corrupt the machines once access has been acquired. Clearly the authors are very excited about the developments in cryptovirology, a relatively young field, that have taken place in the last five years. Their goal though is not to train hackers to break into systems, but rather to coach the reader on how to find vulnerabilities in these systems and then repair them. The subject of cryptovirology is fascinating, especially in the mathematics that is uses, and a thorough knowledge of its power will be required for meeting the challenges of twenty-first century network computing.

After a "motivational chapter" that it meant to shed insight on what it is like to be a hacker, this being done through a collection of short stories, the authors move on to giving a general overview of the field of cryptovirology in chapter 2. The reader gets his first dose of zero-knowledge interactive proofs (ZKIPs), which allow a prover to convince a verifier of a fact without revealing to it why the fact is true. The authors point out that viruses are vulnerable once found, since their rudimentary programming can be then studied and understood. This motivates the introduction of public key cryptography into the payload of the virus, and it is at this point that the field of cryptovirology is born.

Chapter 3 is more of a review of modular arithmetic, entropy generators, and pseudorandom number generators and can be skipped for those readers familiar with these. The authors emphasize the need for effective random number generators and in using multiple sources for entropy generation. They also introduce the very interesting concept of a `mix network', which allows two mutually distrusting parties to communicate securely and anonymously over a network. `Onion routing' is discussed as a method for implementing asynchronous mix networks. Mix networks can be used to hide the propagation history of a worm or virus.

In chapter 4, the authors discuss how to implement anonymous communication and how to launch a cryptotrojan attack that utilizes an anonymous communication channel. There are many applications of anonymous communication, one being E-money, and also, unfortunately, money laundering. The authors describe in fair detail how to conduct criminal operations with mix networks and anonymous money. This same technology though allows freedom of speech in geographical areas that are not sympathetic to it. Electronic voting, so controversial at the present time, is discussed as an activity that is very susceptible to the threat of stegotrojans or government violation of anonymity. Techniques for doing deniable password snatching using cryptovirology, and for countering it using zero-knowledge proofs, are also discussed.

Chapter 5 introduces techniques for preventing the reading of counters when a virus is propagating from one machine to another. Known as `cryptocounters', the authors discuss various techniques for constructing them, such as the ElGamal and Paillier public key cryptosystems.

Private information retrieval (PIR), which allows the secure and private theft of information, is discussed in chapter 6, wherein the authors present a few schemes for performing PIR. These schemes, unfortunately, allow the theft of information without revealing anything about the information sought and without revealing anything about what is taken. The authors also introduce a concept that they call `questionable encryptions', which are algorithms to produce valid encryptions or fake encryptions depending on the inputs. Related to question encryption, and also discussed in this chapter, are `deniable encryptions', which allow the sender to produce fake random choices that result in the true plaintext to be kept secret. Also discussed is the topic of `cryptographic computing', which allows computations with encrypted data without first having to decrypt it. The modular arithmetic used in this chapter is fascinating and well worth the read.

Chapter 7 is by far the most interesting of the entire book, and also the most disconcerting if its strategies are ever realized. The goal of the chapter is to find out to what extent a virus can be constructed whose removal will damage the host machine. This, in the author's opinion, would be a genuine `digital disease', and they discuss various scenarios for bringing it about, which are at present not realized, but could be in the near future. The approach discussed involves game theory, and the authors show how the payload of a virus can survive even after discovery of the virus. They give a very detailed algorithm on how to attack a brokerage firm, including the assumptions that must be satisfied by such an attack. The attack is mounted by deploying a distributed cryptovirus that tries to find three suitable host machines, and the attack consists of three phases, the first involving replication leading to the infection of the three machines, the second involving preparation for the attack, and third involving playing the two-player game. The host machines, to be acceptable for launching the attack, must either be "brokerage" machines, which have sensitive information available to the virus, or "reclusive" machines, which are machines that are not subjected to much scrutiny. The goal of the virus, according to the authors, is to give the malware purchasing power, and not direct monetary gain. The virus may then evolve over time to become a portfolio manager, and may even act as a surrogate for purchasing shares on behalf of the firm or client. Other possibilities for the virus are discussed, and the authors overview the security of the attack and its utility.

I did not read the rest of the chapters in the book, so I will omit their review.

Malicious Cryptography: Exposing Cryptovirology is a brilliant book from two leading cryptographers.

This is not for the fainthearted.

If you are looking for an intro to crypto, look elsewhere.

If you want cutting edge info about breaking crypto and making your crypto stronger, this is the book.

duncan young is truly a gift to the world of cyberphreakery. i once saw him defeat a host of cyborg lemurs with his chainsaw-arm. it was so good. this guy is from the f*ckin future. 'nuff said

For some time now we have been taught that modern cryptography offers an elegant solution to a number of problems. Communicate securely? use a VPN; identify the author of a document? use a digital signature; securely encrypt e-mail? use PKI. But what if the very power behind these solutions can itself be [misinterpreted]? If such is the case, then encryption can be a curse, a digital signature an illusion and the heralded savior an unconquerable nemesis. This is the essence of what this book is about.

To be sure this is not easy reading. It is adult material, meaning that thinking is required. But it could not be otherwise, the material would not allow it. However the reader will be well rewarded for every morsel of math they endeavor to puzzle through. The realization of the potential dark side of modern cryptography is the first step in preparing to defend against it. This book provides that realization.

The reader may find the first few chapters to be an entertaining fictional account of some days in the life of a hacker. Indeed, the text reads beautifully as such. But here is a chilling thought - what if the events described were real?

I read this book out of general interest and a need to dig deeper into the technical aspects of security, and intrusion detection in particular. For that, this title is perfect!

It's great to learn intrusion detection, packet analysis, forensics, attack methodologies, attack recognition, and similar topics. And oh, by the way, if you have any interest at all in certification, Intrusion Signatures and Analysis is the study guide for one of the hottest new certs there is: SANS GIAC Intrusion Detection In Depth.

This is the best book about Intrusion Signatures published yet.
I teach computer security at a local university, and with the only help of this book, I could take care of all the practical aspects of my last course. If you have already a good background on this field, and read and understand thoroughly the book, then you can afford any related security certification test.
Chapters 3 through 17, present several well documented cases, which, in turn, are discussed following the same standard:
- Presentation
- Source of Trace
- Detect Generated by
- Probability the Source Address Was spoofed
- Attack Description
- Attack Mechanism
- Correlations
- Evidence of Active Targeting
- Severity
- Defense Recommendations
- Questions

Chapter 1 introduces the reader to Analysis of Logs (including Snort, Tcpdump, and Syslog), IDS, and Firewalls. Even being a quick review, it is quite useful, though.
Chapter 2 explains the way the cases are studied.

The covered vulnerabilities and attacks include:
- Internet Security Threats
- Routers and Firewalls Attacks
- IP Spoofing
- Networks Mapping and Scanning
- Denial of Service
- Trojans
- Assorted Exploits
- Buffer Overflows
- IP Fragmentation
- False Positives
- Crafted Packets

At the bottom line, this is one of the 5 best computer security books I ever read. Even for non experts, the book can be a valuable tool to improve the understanding on this field.
Try it.

A must-have for the serious network security professional, Intrusion Signatures And Analysis opens with an introduction into the format of some of the more common sensors and then begins a tutorial into the unique format of the signatures and analyses used in the book. Readers will find page after page of signatures, in order by categories as well as a case study section on how attacks have shut down the networks and web sites of Yahoo, and E-bay and what those attacks looked like. As an added feature, the collaborative authors Stephen Northcutt; Mark Cooper; Matt Fearnow; and Karen Frederick included review questions with throughout the book to help readers be sure they comprehend the traces and material that has been covered. Intrusion Signatures And Analysis is a recommended resource for the SANS Institute GIAC certification program. 448 pp.

This is the second release from some of the key SANS GIAC folk and is a fine addition as it extends on the data from "Network Intrusion Detection : An Analysts Handbook", to give intrusion detection practitioners some interesting detects from the GIAC graduates.

Included in these detects are some of the more unique pieces of analysis that have been performed at GIAC, with detailed write-ups of the analysis process and the logic applied in defining the conditions in which the events occured.

Once again, this is easy and interesting reading which will appeal to intrusion analyists of all levels. Further, this book gives neophytes a real sense of what can be monitered and how important intrusion detection is in security layering.

The real-world signatures in this book, along with the analysis, make this a wonderful reference book. There is, of course, no substitute for experience. However, this book provides an excellent baseline of experience for any Intrusion Analyst! From that baseline one should be able to better analyze future attacks; there is, after all, only so much an attacker can do.

This book was made possible by contributors to GIAC (Global Incident Analysis Center); professionals out "in the trenches" dealing with attacks of all shape and size on a daily basis. These traces were not generated in a lab; they're the same traces you will see on your network if you're looking for them.

I've already used this book as a reference guide and it sits on my shelf next to "TCP/IP Illustrated V1" by Dr. Richard Stevens and "Intrusion Detection: An Analysts Handbook V2" by Stephen Northcutt and Judy Novak- I use all on a regular basis.

Whether you are just starting out in the IDS realm or whether you're an established Analyst sitting on an enterprise of sensors this book is for you.

-- Brent Deterding Enterprise Manager of Network Security - Solutia Inc.

I purchased the book in attempt to figure out a "best practice" way to encrypt information in a web-facing business database.

I think the book delivered a best-practice approach, but I didn't find it as useful as I'd hoped despite learning a lot both theoretically and practically.

There are a number of caveats I wish I'd known about this book, in rough order of importance:

1) If you aren't using HSM hardware to store the keys, this book's practical usefulness appears to decline a fair bit, a point the author seems to acknowledge. Your key information ends up stored in databases or systems which themselves can be compromised. There's a lot of machinery to encrypt the keys and replace them over time, but fundamentally you are just raising barriers with this approach, not really securing anything (as far as I can tell). It seemed like a lot of implementation complexity for a mild amount of obscurity, as far as I was concerned (since the book is published!) If, say, you have a webserver connecting to a database and your webserver is compromised, and the attacker can get to your database, the encryption here will slow, but not stop them. If only the database or its backup is compromised though, his stuff is great; it'd be hard to recover the data. But that's not the threat model I think most web-facing database companies are concerned about; there the webserver gets compromised first. In a webserver+database-noHSM model, I'm not sure all the obscurity his system provides is worth the implementation complexity-- a simpler alternative approach that provides most of the benefits would have been helpful.

2) The book's approach does not describe/give-code-for any practices or infrastructure in which one might store (or migrate) some information (e.g. credit cards) offline in an attempt to secure it, placing the information online only temporarily (e.g. when doing recurring billing, sending email blasts with personal information, etc).

3) The book does not cover any asymmetric encryption techniques, dismissing them early on since they "aren't necessary for solving the problems in which we're interested". Maybe I'm missing something, but it would seem to me that if the usage/data-retrieval model for one's application allowed use of offline private keys (or a password to unencrypt an private key) entered at the time of data retrieval, data in the database could be stored write-only by an application (using a public key stored in a database) and delivered read-only only-to-an-authorized-user without ever storing the key information necessary for read-able retrieval in any online database. (This assumes the information never needs to be read by the application without the user present.)

4) The Java code is fairly helpful but, as the author notes, it's a prototype and you will need to add alerting and exception handling for any production system.

All this doesn't make the book "bad"; it's a very good primer on symmetrically encrypting information in a database and managing the entire security process surrounding that. I concur with the other good reviews here; it probably is a 4-5 star book for most people. But I found myself just hoping for something simpler (given the assumption of no HSM) and/or more secure (when facing different usage constraints) than what I was left with.

I kind of went in expecting this to be some form of "marketing spiel" for someone's embedding of crypto tools into one or another DBMS. I was pleasantly surprised, instead, to see that this was much more an "analytical" work; something of an account of some of the practices at Symantec.

What is particularly laudable is that they start not by explaining crypto technologies, but rather motivating things by enumerating a threat model. Sensitive data needs to be protected from various sorts of attacks that can come from outsiders as well as insiders, the latter requiring *much* more care as they may legitimately need to have access.

The assumption (which seems entirely valid) is that crypto keys need to be particularly carefully managed as a *very* tightly restricted database of their own.

The examples quite conspicuously *don't* involve cryptography taking place inside the database; that practice is one that would necessarily be equivalent to giving all of the keys to the DBAs and/or system administrators, as they control database engine deployment. Instead, crypto activity takes place outside the database; secure applications require a particularly secured portion of the application infrastructure.

The one place that they get a bit "hand-wavy" is in proposing that Hardware Security Modules are the only really forcible way to achieve strong security. I tend to agree with that doctrine; I suspect they intentionally glossed over it in that their approach of using standard Java libraries for all of their examples did not admit the ability to use HSMs. Implementing an HSM requires going to a great deal of trouble, and that feels like it ought to be a subsequent project for another book.

In view of emerging sorts of privacy legislation that mandate keeping data secure, this looks like one of the books that anyone storing sensitive information should read and heed...

To be honest, when picking up this book, I was not interested in implementation details and internals of database cryptography (part II), but more in enabling database security by means of encryption (part I). Therefore, I was coming more from the user vs developer perspective. I was even less interested in managing the database cryptographic project.

As a result, I enjoyed the part I on database security with motivations, attacks against databases, threat models and a primer on securing databases with cryptography. If you are "doing security" read part I, if you are implementing database encryption or record hashing - read the rest of the book.

Dr Anton Chuvakin, GCIA, GCIH, GCFA is a recognized security expert and book author. A frequent conference speaker, he also participates in various security industry initiatives and standard organizations. He is an author of a book "Security Warrior" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and the upcoming "Hacker's Challenge 3". He also published numerous papers on a broad range of security subjects. In his spare time he maintains his security portal http://www.info-secure.org and a blog at http://chuvakin.blogspot.com

Noted security guru Marcus Ranum has observed that "these days, with the kind of plug-ins that come in your typical browser, combined with all the bizarre undocumented protocols used by new Internet applications; makes it highly unlikely that a firewall is doing anything more complex than a thin layer of policy atop routing. As such, the applications behind the firewall are now more critical to security than the firewall itself. Which should scare the holey moley out of you."

Taking Ranum's observation to the next level, it is not only the applications that need to be secured, but databases also. The theme of Cryptography in the Database - The Last Line of Defense is that databases, being the main repository for critical consumer and business data, are often not given the adequate level of security that they deserve.

Large databases often contain terabytes of data. This data often contains R&D, client, customer data and more, that if compromised, could wreak havoc on an organization; both from a public relations perspective, in addition to a regulatory perspective. In a large customer driven organization, a database breach can wreak havoc on tens of thousands of customer records. With all of that, companies will spend large amounts of money on the security appliance of the month, but often let their databases sit unprotected.

Cryptography in the Database is a valuable book in that it shows how a formal methodology is required to adequately protect large corporate databases. The emphasis of the book is on designing and integrating a cryptosystem into the database to protect it against the various threats that are specifically launched against corporate database systems.

The books 4 parts contain 21 chapters. Part one is brief overview of the need for database security, along with related threats to database, and also covers the basic concepts of cryptography and encryption.

Part two provides a comprehensive synopsis on the cryptographic infrastructure necessary to secure corporate databases. Chapter 3 goes into details on how to set up an effective key management scheme. Such a scheme is crucial as the author notes that all it takes is the loss of a single 128-bit key, and gigabytes of data can become inaccessible.

Part two also creates a sample cryptographic architecture that is flexible and modular so that it is easily adaptable to various situations. The author notes that such systems can be difficult to manage if they become overly complex, and the challenge is to find the right balance between security and complexity on one side, and usability on the other. Creating an effective cryptographic database infrastructure. is not an elementary task given the different requirements of security and functionality.

Chapter 3 details the various entities that go into a complete cryptographic architecture, including the cryptographic engine, and the various controls around the crypto keys. The chapter provides a good overview of the key life cycle. Historically, controls around the key life cycle are crucial. One of the ways the Allies were able to break the German Enigma cipher machine during World War II was that the German's reused their crypto keys, which obviates much of the security that cryptography can provide. Had the German's not done that, the outcome of the war may have been dramatically different.

Part 3 details the issues that need to go into the entire cryptography project. Kenan notes that for security to be effective, it must be dealt with at the commencement of a project and must permeate the overall design and seep into every line of code. Also, in the long term, developing a culture of security depends on looking at security as an opportunity to provide extra value. Where security fails is when it is viewed merely as a series of checklists that are meant to get in the way.

Chapter 9 shows how data flow diagrams can be used by a database analyst to better understand how a system works. These data flow diagrams are valuable as that they show the various inputs into the system and where potential failures can crop up.

Part 4 provides various Java code examples of the cryptographic infrastructure that were detailed in the previous 12 chapters. The example code is meant to show how to implement the primary functionality of the various components that the book describes.

One of the popular terms in security today is data at rest, which refers to all data in storage. Businesses, government agencies, and others need to deal with attacks on data at rest, which more often then not will be found on databases.

After reading Cryptography in the Database, the reader can understand why database cryptography must be implemented in a methodological fashion, since incorrectly implemented cryptography can often be worse than no cryptography at all. With that, database administrators, architects and others who have input into the design of database security are highly advised to read Cryptography in the Database.

Databases are far too critical to an organization to be left unsecured, or incorrectly secured. The database is indeed the last line of defense in an organization. Books such as this are thusly vital to ensure that the last line of defense is not easily breached.

When I pick up a Symantec Press book, I will either love them or dislike them. I never have mixed emotions about them. This book I love. His book should be titled, Database Security. While the primary focus is on encryption, the author dives into several topics I wish some of my past DBAs had known.

The book is divided into four major parts: Database Security, A Crpytographic Infrastructure, The Cryptographic project, and Example Code. I however would calssify the book into two major parts. The first part is reading and understanding some fundamentals that are very important. Throughout this first part, there are many graphical presentations to help the reader understand, in a graphical way, what the author is discussing. This is most visible in the third chapter entitled An overview of Cryptographic Infrastructure.

The second part of the book is actual code written in Java, and designed for plain SQL, the author does confirm that all examples work in MYSQL. The examples give common scenarios such as consumer input. Consumer input requires first name, last name, credit card information, the verification code and other fields. This example discusses and demonstrates a best practice model around that code.

Given the two parts above, this book is solid, and I would have recommended it. However, the author went a step further, and included information on security surrounding the database, penetration testing and methodologies for databases, architecture and design best practices, and so many other important points. This makes this book valuable to anyone working with databases.

The section breakdown is as follows:
* Database Security - Common Attacks Against Databases; Laws and Regulations; and Cryptography
* Cryptographic Infrastructure - Introduction to Keys, and Their Management; Engines and Algorithms; and Vaults, Manifests and Managers
* The Cryptographic Project - Outlines the Security Culture; Hardening, Classifications, and Policies; Securing Design; Securing Development; and Testing
* Example Code - Key Vaults; Manifest; Key Managers; Engines; Receipts and the Provider; The Consumer; Exceptions; and the System at Work.

Overall this book is geared to medium level technicians for best practices and coding examples. Although anyone working with databases in general could find something useful in this book, even if its design, architecture and implementation best practices.

E-Mail Virus Protection Handbook is a great book for learning where your email software is vulnerable and how you can defend yourself against malicious code in your email. The authors provide a detailed overview of the various malicious code threats- viruses, worms, trojans, etc. They also discuss a range of email clients from Outlook and Outlook Express to web-based email programs such as Hotmail or Yahoo Mail. For each client they provide some common weaknesses and give detailed explanations of what you can do to protect your computer. Email is one of the most common vectors for malicious code attacks and it is important for everyone to be aware of how to guard against these threats. While slightly dated, I still recommend this book.

(...)

This book is amazing, covering all aspects of email related issues and the ways to deal with. I pretty much enjoyed reading the chapter on web-based mail issues, which drives me to use hushmail than yahoo or hotmail.

I purchased this book after my e-mail and web browser were getting hack attacks. The information in this book gave me alot of tools on how to plug up vulnerable points in my Outlook program, Outlook express and all other popular e-mail programs as well as web browser Active X and Java attacks and instant messenger attacks. It also goes into how the hackers get into your system and what the code looks like and how to search for it on your computer if they are stored on your hard drive. Very good book, I highly recommend it!

Picked this up a week or so ago, and have found myself referring to it on a number of occasions. The overall treatment is nice, as it delves into things needed for both the home user and email admin. I've especially enjoyed (and found useful) the chapters on Securing Win2K Server and Securing Red Hat Linux for email services.

I was extremely happy to find this book on Amazon, because of all the problems our company has had with e-mail viruses over the past several months. The book adressed almost all of the types of attacks that I've had to deal with, and many others that I've been trying to prevent. It's obvious that the authors know their stuff, and they do an excellent job of communicating their knowledge and experience. Highly recommended!

One of the biggest challenges facing the person doing a job search is the World Wide Web. It has become an integral part of any comprehensive job search. At the same time, it is also the most confusing part. Jane Lommel not only realizes this; she has done something to help. She has written Network. Network is an organized approach to the daunting array of web sites facing any online job seeker. And not only that, she has included some finely distilled pages concerning the electronic resume. A great guide to the career resources on the Web with valuable advice to help with your electronic resume from a knowledgeable source all in one book, this will be the best money you spend in 2001. I recommend it.

Exceptional! Jane Lommel has provided us with an excellent resource for managing our careers. This book moves the job search process to the 21st Century with a comprehensive, yet practical guide that intelligently uses the Internet for career advancements. NetWork should find its way into the library of every individual who understands the need for first-rate job search tools and information in today's dynamic, ever-changing economic environment.

I have recently been a job seeker and this book has been an excellent resource. The internet has greatly changed how we go about finding jobs. It is sometimes difficult to know where to look or how the internet job search differs from the job search of old. Dr. Jane Lommel has had great foresight to perceive this and to write a book at a time when it is most needed.

This book aids job seekers by providing valuable website addresses, good advice on writing an internet friendly electronic resume and other helpful information I have found to be useful in my job search. Dr. Lommel has arranged the websites within three different categories: type, field and state which makes it easier for the reader to find sites that are most helpful. She also gives a brief description of each site and what it has to offer. Everyone will find there are several sites listed that will benefit them no matter what type of job they are looking for. Also the advice on writing an electronic resume was extremely helpful as I had no idea that it needed to be different than the resumes of old.

I believe that this book will aid anyone that is looking for a job whether they are fresh out of college or a seasoned worker. It certainly helped me!

There are a tremendous number of quality career resources on the Internet, but finding them on your own isn't necessarily easy and can be greatly time-consuming. Instead, let Jane Lommel be your guide.

Dr. Lommel's NetWork: Maximum Access to Career Resources on the Internet is the essential helper, with annotated references to many hundreds of relevant and useful career-related web sites.

NetWork is the first of an intended series, and may be the only book you'll need for finding your niche in the new economy.

Gary Johnson, BraveNewWorkWorld & NewWork News ...

Dr. Lommel's book, NetWork Access to Career Resources on the Internet, is a wonderful resource for anyone looking for a new job via the Internet. It is an up-to-date on-line resource directory for jobs in the public and private sectors. If you have not used the Internet before in your job search-this book will show you how powerful of a tool the Internet can be. Whether its posting your resume or searching for online resources-this book is comprehensive and well-written.

I have not read this book yet, but I am ordering it. However, I would imagine anyone interested in this book's content would also be very much interested in:

What the Doormouse Said: How the 60's Counterculture Shaped the Personal Computer (Kindle Edition)
by John Markoff

Available here at Amazon.

UPDATE:

Excellent book, a must read for Internet Historians who want 1st person accounts.

This work describes the history of the computer and the evolution
of computer systems from the Arpanet to the Internet. The
world wide web (www)protocol was invented in Geneva Switzerland (CERN).

The Geodesia org ties together random segments for collective
decision-making. Poor communication is a considerable problem
for internet users. Current challenges deal with bandwidth allocation and entry points for a multiplicity of users. This book is perfect for a student project on the evolution of the computer. For this reason alone, it is worth the price of admission.

From Paul Baran, inventor of packet switching: Among the many books written about the Internet, this one has unusual merit because Jacques Vallee was there during the infancy of the network. It is fun to read his recollections as a key hands-on pioneer. His aspirations and visions, and those of his colleagues at SRI and the Institute for the Future, led to the first Network Information Center and to revolutionary ways of conducting group communications. This work made possible the large simultaneous interactions of today.

From Paul Saffo, Institute for the Future: Based on a deep understanding of the Internet and its origins, this book presents a compelling warning. It is a welcome antidote to both the naive utopianism of the Internet bubble and to oppressive liberty-quenching actions by global corporations and governments alike. Read this and take nothing for granted - the Internet will only remain a force for freedom if you help protect it.

Dr. Vallee is well respected in other fields besides the computer world, but this book detailing his experience as part of the evolution and creation of what became the internet is sure to acquire a good audience of its own. The book is written partly like an autobiography, partly like a discerning review of the subject. It is a nice mix, with enough personal insight and interest to make it compelling, and enough factual detail to make it a worthy reference book on its own. As is common for this author, he has a keen insight into not just the technical and factual aspects of a subject, but the human perspectives as well, and it is this which makes the book not just another list of facts (as many about computers are), but an intriguing narrative of human history and how the present came to be--as well as what the future may hold. I highly recommend it.

This is a book that is required for my masters degree. It appears to be well organized and written in easy to understand manner.

This book is comprehensive and very readable. The information is excellent. Mr. Proctor's experience helps show how intrusion detection systems are used in real life through a lot of examples. My company implemented network-based IDS last year and this book really helped us understand host-based IDS. In fact it's the only book I've read on IDS that pays any significant attention to host-based IDS.

On the down side there are a few typos and the product section is a dated because several of the products mentioned have been acquired by other companies but this didn't take away from the really useful information.

I've read the other books on intrusion detection and if you've got Northcutt's book and this one you'll have all the information you need.

I am the officer technical lead for a 50-person military intrusion detection operation. Paul spoke at the SANS 2000 Technical Conference on 25 March 2000, right before I gave my own presentation. Even though Paul emphasized a host-based ID view, and I have network-based lineage, I found his insight and experience impressive. His new book demonstrates those qualities in spades. Chapter 6, "Intrusion Detection Myths," is particularly helpful, and his statement that "There is no such thing as a false positive" rings true.

An outstanding feature of the book is Paul's discussion of operational models for intrusion detection. Too many organizations (including my own military unit) believe intrusion detection involves little more than deploying and monitoring sensors. Paul encourages the reader to develop policy, requirements, expectations, legal considerations, and other facets of operation before spending a penny on intrusion detection products.

The main negatives for this book involve a rushed-to-production look in some places. For example, Appendix B: Commercial Intrusion Detection Vendors, is labelled on pages 338 - 346 as "Chapter 1: Fundamentals of Vibration Damping, 1.1 Introduction". Minor errors appear elsewhere. They do not detract from the book's content, and I believe the next printing should correct these typos.

This book has earned its place as the second "must-have" intrusion detection book, in my opinion. The first remains "Network Intrusion Detection" by Northcutt and Novak. While Paul's book is not a manual for front-line operatives, it will help transform your intrusion detection mission into a world-class operation.

In general, Mr. Proctor`s book is well done. Unfortunately, the autor uses many definitions which are not primarily used among ID specialists. These definitions are straight from the handbooks of Cybersafe Centrax, an IDS developed by the author (e.g. Network Node Intrusion Detection; the unique definitions of realtime/batched modes...). Additionally, Mr. Proctors seems to believe that only commercial IDSs are worthy of the professionel ID analyst. He wrongly describes Snort, an OpenSource NIDS published under GPL, as shareware and mentiones it very briefly in 3 sentences. Currently, 80-90% of all detects published on lists like Incidents are detected by Snort sensors ! Since Centrax is a first rate HIDS and only a second rate NIDS, the autor seems to be a very strong supporter of HIDS. This shows clearly through the whole book. The book gives a good overview over todays ID techniques combined with excellent examples. If Mr. Proctor had desisted from placing more or less hidden product advertisement in his book he would have done all readers a big favor.

The Practical Intrusion Detection Handbook offers a highly readable and comprehensive presentation of intrusion detection.

Security is a holistic endeavor, requiring coordination of many different components, including technology, policy, practice, behavior, and so on. This trait of security makes the topic hard to grasp, and even harder to explain to non-experts, most of whom think of security as being conferred by a single object, whether a firewall, security policy, or chief security officer. The most impressive accomplishment of this book is that helps the reader apprehend all the different aspects of intrusion detection and how they interrelate.

The book helped me organize my own thinking about intrusion detection, providing not only an overview of approaches and technologies, but presenting the organizational, operational, policy, and financial aspects of intrusion detection.

The book is an excellent complement to other books on intrusion detection, such as Network Intrusion Detection: An Analyst's Handbook by Stephen Northcutt, and Intrusion Detection by Rebecca Gurley Bace.

I've read Alison Balters entire series of Access book more than twice each. She writes in a clear style which gets right to the point. When Access 2007 came out,I immediately ordered Alison Balters book. It helped me to get up to speed on Access 2007 and was money well spent. I would also recommend reading Access 2007 VBA published by Wrox after reading Alison's book.

I have found this book extremley helpful and like the others i was missing the cd from the book This however was easily rectified by emailing alison directly to resolve this issue of which she was extremely helpful with. On that note i believe that is more an Amazon issue as I have bough an earlier version of this same book from another source and did get the cd with it.

Very well written (as are all of Alison Balter's Access books), very clear and easy to follow.

As is already known, Access 2007 has a new interface, with ribbons and many new features targeted mainly to the end-user. The DEVELOPMENT process however, has not changed much. This book presents a brief introduction of what is new in Access 2007, and then goes on to present the "development" part. Alison Balter, as in her previous books on Access Development, presents the right combination of theory and code (VBA, ADO, etc). The chapters on objects/properties/methods/events, advanced form techniques, advanced report techniques, advanced query techniques, advanced VBA techniques, and ActiveX Data Objects, to name a few, are excellent. Some chapters have been appropriately revised, some others have been completely rewritten or are new -database security, and customizing ribbons, for example. However, there is no longer coverage of DAO, and because of the new interface, the coverage of startup options is gone. I have downloaded the book examples and source code, naming conventions (appendix A) and table structures (appendix B) without any problem. Of course, having these, you no longer need the CD. This book is outstanding; as in the past, the technical editing is excellent and the content is superb. I expect nothing less from the terrific author Alison Balter.

Once again Sams Publishing takes the award for sloppy technical editing.

On page 2, "Included in the text and on the sample code CD-ROM is a generic error handler that you cab easily build into any of your won applications". You guessed it, there is no CD included with this book.

On page xxxxiii, "The following appendixes are available for download at www.samspublishing.com/title/0672329328". If you guess that there are no such files or opportunity to download them on this web page, you would be right.

Where can we obtain the book's naming conventions appendix and the table structures to all the tables she develops in the book, for those of us who do not relish repetitive typing.

Shortcomings that mar what otherwise would be an excellent book.