The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'White-Hat Security Arsenal: Tackling the Threats'

Cover of White-Hat Security Arsenal: Tackling the Threats
TitleWhite-Hat Security Arsenal: Tackling the Threats
Author(s)Aviel D. Rubin
ISBN0201711141
LanguageEnglish
PublishedJune 2001
PublisherAddison-Wesley Pub Co
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer networks
Back to shelf Computer security
Amazon.com info for White-Hat Security Arsenal: Tackling the Threats

Score:

Vote for this book

The Virtual Bookcase Reviews of 'White-Hat Security Arsenal: Tackling the Threats':

Reviewer amazon.com wrote:
As a diverse collection of information--much of it at a fairly advanced level--White-Hat Security Arsenal: Tackling the Threats is a valuable primer on matters of computer and network security. The author doesn't offer specific instructions on how to harden your systems against attack, and doesn't go far in explaining how to build security into software you write. But he does offer good overviews of how particular manifestations of malice--such as Babylonia (a specific virus) and distributed denial of service (DDoS) systems (a broad class of attack)--work. Similarly, he details how security protocols and mechanisms--packet filters and the Secure Sockets Layer (SSL) protocol are two examples--go about their tasks. In brief, the book breaks little new ground, but it covers the familiar data communications security material extremely capably and with frequent reference to the most recent exploits of the bad guys. Rubin is at his best in explaining the details of security protocols, which rarely make intuitive sense. Using the proven "conversation" method of illustration ("Alice sends her public key to Bob..."), he untangles even the remarkably obtuse Diffie-Hellman algorithm. He backs the dialogues with the formulas that underlie encryption and authentication, and usually translates the simplified conversations into the actual messages exchanged by machines. This book is worth the cover price for its lucid explanations of how security protocols work. It also highlights places in which security technology is lacking (in making sure no unauthorized data goes out from a Web server, for example), which is refreshing. --David Wall Topics covered: The state of the art in computer and network security, explained from the point of view of the system administrator wishing to keep bad guys out. A menagerie of recent viruses and attack profiles is followed by discussions of secure storage (with emphasis on encrypted file systems and local password authentication), data exchange via public-private key pairs and trust management system (including Kerberos, of course), network defense with firewalls and intrusion detection systems (IDS), and secure communications via the Secure Sockets Layer (SSL) protocol.
Reviewer Rob Slade wrote:
The distinctive of this book is that it approaches security as a series of specific problems or concerns. The non-distinctive, if you will, is that it attempts to address all audience levels; users, IT professionals, academics, and administrators. A series of icons identifies, at the beginning of each chapter and at particular sections of the text, who should read the various segments of the text. Part one examines the size and scope of the security issue. Chapter one starts out with perhaps our biggest problem, as security people: the insistence on secrecy by companies who get hit, and the fact that this obstinate refusal to discuss the facts makes our job, in protecting institutions, that much harder. A brief look at what may be at risk from security problems is given in chapter two. Recent email viruses are reviewed in chapter three, but they get an interesting treatment. The material, while technically sound, concentrates on the general security attitudes and lessons to be learned, as they apply to computer use in general. Part two looks at information storage. Chapter four's problem is to ensure that information is kept private if an attacker gets hold of your machine, and Rubin gives a good introduction to symmetric encryption and provides tips on passwords. If you are concerned about storage at remote sites over an insecure network, chapter five touches on passwords again, and asymmetric encryption. Chapter six is supposed to deal with securing backups, but seems to get a bit confused, although it does provide some good tips, as well as an overview of some online backup services. Part three considers the problems of data transfers over an insecure net. Chapter seven introduces authentication and some of the problems of public key management. Session keys and key exchange are examined in chapter eight: it has an academic icon at the top of the chapter, and non-specialist users might get a bit confused here. The aspects of virtual private networks are reviewed in chapter nine, and the book begins moving towards the usual technology oriented model. Part four looks at network threats. Chapter ten explains firewalls while eleven discusses a variety of network based attacks. Part five doesn't really have a central theme. The title of chapter twelve is "Protecting E-Commerce Transactions," but most of the text deals with the Secure Sockets Layer for Web browsers. Privacy, in email and Web browsing, is discussed in chapter thirteen, but many areas are left unexplored. For managers and users who are not specialists in computer and communications security, this book provides a readable and accurate introduction to a number of important topics. There are, unfortunately, a number of gaps in terms of the total security picture, but that is probably to be expected when taking the problem oriented approach. Rubin does not talk down to the audience and does not oversimplify, and this work therefore is superior to a number of the introductory books on the market. copyright Robert M. Slade, 2001
Add my review for White-Hat Security Arsenal: Tackling the Threats

Book description:

"Avi Rubin does a great job of explaining the motivations behind many security solutions, as well as providing practical information about how you can solve real-world problems. White-Hat Security Arsenal is an invaluable resource--a judicious mix of practical information and the theory behind it." --Marcus J. Ranum, CTO, NFR Security, Inc. "White-Hat Security Arsenal ups the ante for the good guys in the arms race against computer-based crime. Like a barrage of cruise missiles, Avi's excellent book attains air superiority by leveraging smarts and advanced GPS technology to zero in on critical targets. Intended to educate and inform information security professionals with a no-nonsense, hold-the-hype approach to security, this book is a critical weapon for modern information warriors. If you wear a white hat and are on the good guys' team, buy this book. Don't go into battle without it!" --Gary McGraw, Ph.D., CTO, Cigital How do I allow secure remote access to my site? How do I protect data on my laptop in case it's stolen? How should I configure my firewall? Will I regret using my credit card online? How will the bad guys attack? If these are some of the questions that keep you awake at night, you need to read this book. As a computer security expert at AT&T Labs, author Avi Rubin regularly meets with IT staffs from all types of companies. When asked to recommend resource material to his customers, Rubin realized that there just wasn't a book on the market that would give them concise, direct answers to all their security questions. So he wrote one. Using a problem-oriented approach, Rubin walks you through everything from protecting against network threats to using credit cards on the Web. Each chapter begins with a problem statement, continues with a description of the threat, explains the technologies involved, and then offers solutions. Chapters conclude with one or more case studies. You'll find easy-to-understand information that will help you * Identify the risks * Put attacks in perspective * Store information securely * Perform reliable and secure backups * Transfer information securely across hostile networks * Understand Public Key Infrastructure (PKI) and its limitations * Protect against network threats * Set up firewalls * Deal with denial of service attacks * Understand online commerce and privacy Whether you are an IT professional, a system administrator, an academic, or simply a regular Internet user, White-Hat Security Arsenal is full of information you can't afford to miss.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement