• White-Hat Security Arsenal

    by  • August 20, 2009 • S-Z

    Rating: threehalf

    The Bottom Line

    Aviel Rubin tries to fill a void with this book. White-Hat Security Arsenal attempts to fill the space between hacking theory and security practice. It succeeds fairly well and is a very good book
    Pros
    • Real-world scenarios help define the issue
    • Bridges the gap from theory to practice
    • Good resource for administrators
    Cons
    • Some advice and techniques are a little dated
    • Focuses a little too heavy on cryptography

    Description

    • Case studies are an excellent way to get readers to relate the theory to real-world implementation
    • Good detailed description of some well-known viruses and worms, but nothing recent
    • Well-written book with many useful references to other writings if you want more detail
    • Covers most areas that a security administrator needs to be aware of- but predates IDS
    • Good “how-to” reference that explains how to implement various security tools and devices

    Review: White-Hat Security Arsenal

    Aviel Rubin helps readers to identify risks, learn about potential attacks and build a secure defense. Instead of just talking hacker theory, the book uses real-world examples and case studies to help relate the information to practical uses the reader can understand. The author goes into enough detail to make his point without going over the top, but refers the reader to plenty of outside references if they desire more in-depth detail on a particular subject. The section on viruses is good, but ends with the “I Love You” virus. The book covers most security technology, but misses discussing IDS and other technology since 2001. Overall it is a good book for security administrators to have in their library though and I would recommend it.

    Buy it here: White-Hat Security Arsenal: Tackling the Threats

    About

    Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

    http://www.tonybradley.com