Books

WindowSecurity.com recommends the following security books:

• Network Security
• General
• Hacking

Network Security

The Windows Server 2003 Security Log Revealed by Randy Franklin Smith

The Windows Server 2003 Security Log Revealed was writin by Randy Franklin Smith the recognized expert on the Windows Security Log. Randy began the Windows security log project in 1998 as part of a Monterey Technology Group client's assignment. Since then, he has provided design consultation to developers of event log monitoring products and created the Security Log Secrets course as an in-person venue for sharing the results of years of research and helping attendees implement effective monitoring and intrusion detection.

Windows Vista Security: Securing Vista Against Malicious Attacks by Roger A. Grimes

Written by two veteran Windows security experts—one a Microsoft Security MVP and Foundstone Security Consultant, and the other a former senior member of Microsoft's Security Engineering Team—this essential resource prepares end users and technical administrators to handle various security problems that exist in Windows Vista as well as possible future threats. Offering in-depth coverage of all significant new security technologies in Windows Vista, this book addresses User Account Control, the new Firewall, Internet Explorer 7.0, Windows Defender, Service Hardening, and BitLocker.

Group Policy: Management, Trobuleshooting and Security: For Windows Vista, Windows 2003, Windows XP and Windows 2000 (Mark Minasi Windows Administrator Library) by Jermey Moskowitz

Presenting a fully updated resource for Windows Vista that shows you how best to use Group Policy in order to take full advantage of Active Directory and create a managed desktop environment. You’ll learn details about the GPMC, Group Policy troubleshooting techniques, and configuring Group Policy to create a resilient desktop environment. You’ll also discover how to create and manage ADMX files and leverage the Group Policy Central Store as well as deploy Office 2007, Office 2003, and more using Group Policy Software Installation.

Information Security Roles & Responsibilities Made Easy, Version 2 by Charles Cresson Wood

Information Security Roles and Responsibilities Made Easy, Version 2 is the new and updated version of the best-selling security resource by Charles Cresson Wood, CISSP, CISA, CISM. ISR&R V2 is based on the 20 year consulting and security experience of Mr. Wood and contains these features to help you save money while establishing a due-care information security organization... Read Mitch Tulloch's review

 

Information Security Policies Made Easy, Version 10 by Charles Cresson Wood

Information Security Policies Made Easy, Version 10 is the new and updated version of the best-selling policy resource by Charles Cresson Wood, CISSP, CISA, CISM. Based on the 20 year consulting and security experience of Mr. Wood, ISPME is the most complete policy resource available. ISPME Version 10 has everything you need to build a due-care security policy environment... Read Mitch Tulloch's review

 

Aggressive Network Self-Defense by Neil R. Wyler

Are you tired of feeling vulnerable to the latest security vulnerabilities? Are you fed up with vendors who take too long to release security patches, while criminals waste no time in exploiting those very same holes? Do you want to know who, exactly, is really trying to hack your network? Do you think EVERYONE should be responsible for securing their owns systems so they can't be used to attack yours? Do you think you have the right to defend yourself, your network, and ultimately your business against aggressors and adversaries? If so, Aggressive Network Self-Defense is the book for you... Read Mitch Tulloch's review

 

Hardening Network Security by John Mallery, et al

Take a proactive approach to network security by implementing preventive measures against attacks--before they occur. Written by a team of security experts, this hands-on resource provides concrete steps you can take immediately as well as ongoing actions to ensure long-term security... Read Mitch Tulloch's review

 

The Business Case For Network Security  by Catherine Paquet & Warren Saxe

This book covers the latest topics in network attacks and security. It includes a detailed security-minded examination of return on investment (ROI) and associated financial methodologies that yield both objective and subjective data. The book also introduces and explores the concept of return on prevention (ROP) and discusses the greater implications currently facing corporations, including governance and the fundamental importance of security, for senior executives and the board... Read Mitch Tulloch's review

 

Linux Server Security by Michael D. Bauer

Geared toward Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Linux Server Security with Linux provides a unique balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages on several popular distributions. With this book in hand, you'll have both the expertise and the tools to comprehensively secure your Linux system... Read Mitch Tulloch's review

 

Privacy: What Developers and IT Professionals Should Know  by J. C. Cannon

J.C. Cannon, Microsoft's top privacy technology strategist, covers every facet of protecting customer privacy, both technical and organizational. You'll learn how to systematically build privacy safeguards into any application, Web site, or enterprise system, in any environment, on any platform. You'll discover the best practices for building business infrastructure and processes that protect customer privacy. You'll even learn how to help your customers work with you in protecting their own privacy... Read Mitch Tulloch's review

 

SSL VPN: Understanding, Evaluating And Planning Secure, Web-based Remote Access by Joseph Steinberg & Tim Speed

This book provides a detailed technical and business introduction to SSL VPN. It explains how SSL VPN devices work along with their benefits and pitfalls. As well as covering SSL VPN technologies, the book also looks at how to authenticate and educate users... Read Mitch Tulloch's review

 

Windows Forensics and Incident Recovery  by Harlan Carvey

Drawing on his widely acclaimed course, Carvey uses real-world examples to cover every significant incident response, recovery, and forensics technique. He delivers a complete incident response toolset that combines today's best open source and freeware tools, his own exclusive software and scripts, and step-by-step instructions for using them. This book's tools and techniques apply to every current and professional version of Windows: NT, 2000, XP, and Windows Server 2003... Read Mitch Tulloch's review

General

Microsoft Log Parser Toolkit  by Mark Burnett

This book is co-authored by Microsoft's Log Parser developer providing a complete reference to this SQL-Query driven log analysis tool. The book and accompanying Web site also provide dozens of customized, working scripts, queries, and templates for Windows Server, Snort IDS, Exchange Server, IIS, ISA Server, Snort and more... Read Mitch Tulloch's review

 

Black Hat Physical Device Security  by Drew Miller

Black Hat Physical Device Security looks at the risk involved with network hardware, home security, security installation companies, biometric devices, and much more... Read Mitch Tulloch's review

 

CYA Securing IIS 6.0 by Bernard Cheah & Ken Schaefer

Coverage includes: Script Source Access, Information Disclosure, Denial of Service, Buffer Overflows, Directory Traversal, Cross-Site Scripting, Preparing the Operating System, Partitioning Hard Drives, Installing the OS, Preparing the File System, Installing IIS, Installing Hotfixes, Locking Down COM and Database Access, Securing Web Services, Running the IIS Lockdown Wizard, Securing IIS Global Settings and more... Read Mitch Tulloch's review

 

Snort Cookbook  by Angela Orebaugh, et al

Snort Cookbook will save countless hours of sifting through dubious online advice or wordy tutorials in order to leverage the full power of SNORT. Each recipe in the popular and practical problem-solution-discussion O'Reilly cookbook format contains a clear and thorough description of the problem, a concise but complete discussion of a solution, and real-world examples that illustrate that solution. The Snort Cookbook covers important issues that sys admins and security pros will us everyday... Read Mitch Tulloch's review

Hacking

The CEH Prep Guide: The Comprehensive Guide to Certified Ethical Hacking by Ronald L. Krutz

A benchmark guide for keeping networks safe with the Certified Ethical Hacker program.  Seasoned authors Ronald Krutz and Russell Dean Vines continue in the tradition of their CISSP security franchise by bringing you this comprehensive guide to the Certified Ethical Hacker (CEH) program. 

 

Google Hacking for Penetration Testers, Volume 2 by Johnny Long

Google is one of the 5 most popular sites on the internet with more than 380 million unique users per month (Nielsen/NetRatings 8/05). But, Googles search capabilities are so powerful, they sometimes discover content that no one ever intended to be publicly available on the Web including: social security numbers, credit card numbers, trade secrets, and federally classified documents. Google Hacking for Penetration Testers, Volume 2 shows the art of torqueing Google used by security professionals and system administrators to find this sensitive information and self-police their own organizations.

 

Google Hacking for Penetration Testers by Johnny Long

Google Hacking for Penetration Testers explores the explosive growth of a technique known as "Google Hacking." This simple tool can be bent by hackers and those with malicious intents to find hidden information, break into sites, and access supposedly secure information. Borrowing the techniques pioneered by malicious "Google hackers," this book aims to show security practitioners how to properly protect clients from this often overlooked and dangerous form of information leakage... Read Mitch Tulloch's review

 

Hacking Exposed Computer Forensics: Secrets and Solutions  by Chris Davis, et al

Investigate computer crime, corporate malfeasance, and hacker break-ins quickly and effectively with help from this practical and comprehensive resource. You’ll get expert information on crucial procedures to successfully prosecute violators while avoiding the pitfalls of illicit searches... Read Mitch Tulloch's review

 

Silence on the Wire by Michael Zalewski

If you are a 'hacker' type in the old sense of the word... you will probably find this book intriguing... Read Mitch Tulloch's review