EH-Net

Hi all,

I'm hoping to stimulate a little discussion here.  I see pretty frequent suggestions on this site for various penetration testing and hacking books, but not for many other security books.  I'm guessing that the members here read other security books too, so I ask:

What is your favorite non-hacking security book?

My favorite security book is Network Security: Private Communication in a Public World by Charlie Kaufman et. al.  The book focuses on network security protocols and has very lucid explanations of the cryptography involved, how the protocols work and what their shortcomings are.  It doesn't have a lot of practical advice for system admins, but it really helped me to understand Kerberos, IPSec, SSL, etc.

I'm pretty fond of Malware: Fighting Malicious Code by Ed Skoudis

http://www.amazon.com/Malware-Fighting-Malicious-Computer-Networking/dp/0131014056/ref=pd_bbs_sr_2?ie=UTF8&s=books&qid=1232059142&sr=8-2

I really enjoy this one Incident Response and Computer Forensics, Second Edition (http://www.amazon.com/Incident-Response-Computer-Forensics-Second/dp/007222696X/ref=sr_1_1?ie=UTF8&s=books&qid=1232060193&sr=1-1).  I am rereading it right now to prepare for GCFA.  Another "Hacking" book I love reading is Nightwork: A History of Hacks and Pranks at MIT (http://www.amazon.com/Nightwork-History-Hacks-Pranks-MIT/dp/0262661373/ref=sr_1_2?ie=UTF8&s=books&qid=1232060463&sr=1-2).  Nightwork isn't technical at all but it has some great stories.  If anyone is interested you can read about a lot of the hacks here (http://hacks.mit.edu/).

While it is not a really technical book like others have mentioned I really enjoyed  The Cuckoo's Egg (http://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/0743411463) by Cliff Stoll. I look back on what is written in that book and while some of the software may have changed but the system problems still remain (bad passwords, default passwords, unpatched software, etc...). If you are looking for a good story that isn't overly technical this is a great book to get into.

 

I was fortunate to come across a copy of The Cuckoo's Egg at a used bookstore a few years ago.  I thought it was very good; perhaps it even deserves a re-read.

I'm a really big fan of the Cyber fiction genre such as the Stealing the Network Series, published by Syngress.

Harlan Carvey's "Window Forensics and Incident Recovery" is also one of my favourites.

Regards

Syn

I'll concede the StN series are good, some of the other technical-fiction books Syngress have put out are really quite bad* (good from a technical point and have got me thinking, but not the easiest of reads)

I'll n-th Cookoos Egg, I need to get hold of it again as I'd like another read of it.

* other opinions are available ;)

Well for non hacking IS books i love:

Counter Hack Reloaded

Syngress - Wireshark Ethereal Protocol Analyzer Security

Wiley - IT Security Interviews Exposed

O'Reilly - Security Warrior (older but still good)

The New School of Information Security

Geekonomics

Tao of Network Security Monitoring: Richard Bejtlich

File System Forensic Analysis: Brian Carrier

Snow Crash: Neal Stephenson - cause sometimes you just wanna read some ninja hacker cool science fiction...