"Special Ops" is one of the most useful security books I've read -- and my library includes 92 titles acquired since 2000. "Special Ops" is not "Hacking Exposed" with a white-and-camouflage cover. While the "Hacking Exposed" series is more assessment- and enumeration-centric, "Special Ops" spends more time on proper installation and deployment of services and applications. Most usefully, "Special Ops" succinctly and powerfully addresses topics neglected by other security books.
Jumat, 28 Maret 2003
Review of Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle Posted
Rabu, 26 Maret 2003
Melissa Virus Four Year Anniversary
Four years ago today the Melissa virus caused lots of headaches and early morning calls. My then-fiance and I were getting photos taken when I received an "all officers" call. I spent the rest of the weekend at the AFCERT dealing with the virus. That event prompted our unit to establish a full-time anti-virus crew.
My friend Stephen Northcutt of SANS fame reviews items for Amazon.com too. I was pleased to see he wasn't thrilled by the second edition of Firewalls and Internet Security, either.
Selasa, 25 Maret 2003
Bejtlich Speaking at SANS NIAL 2003
CerbNG FreeBSD Kernel Module
CerbNG is a kernel module for FreeBSD version 4.x (5.x version soon to come). Our main purpose is providing the administrator with tools for enforcing fine grained control for critical system applications/processes/environments, i.e. privileged daemons (not only those running with uid 0), and setuid programs.
It appears TrustedBSD is already working on these sorts of topics, so we'll have to see how the community uses these tools.
Article on New AFNOSC
Selasa, 18 Maret 2003
Review of Firewalls and Internet Security, 2nd Ed Posted
I wish I could give "Firewalls and Internet Security, 2nd Edition" (FAIS:2E) more stars. I eagerly awaited the next edition of this security classic with the rest of the community. However, like many sequels, it fails to live up to expectations. Nine years ago the first edition was revolutionary. In 2003, despite the addition of skilled practitioner Avi Rubin, the authors make few original contributions to the security scene.
Senin, 17 Maret 2003
Vulnerability in IIS 5.0
Kamis, 13 Maret 2003
Review of Hacking Exposed: Linux, 2nd Ed Posted
I'm a big fan of the Hacking Exposed style of writing. All offensive theory is backed up by command line examples, followed by defensive countermeasures. Hacking Exposed: Linux, 2nd Ed (HE:L2E) follows this tradition, updating the content of the first edition and adding 200 pages of new content. Although I reviewed the first edition in Sep 01, reading the second edition reminded me of the challenges posed by securely configuring and deploying Linux systems.