Average customer rating:
- Fiction that hits too close to home
- Entertaining in it's own right...
- Useful, readable illustration of computer security concepts
- Rough writing, but interesting
- Making Technology and Security a Fun Read
|
Stealing the Network: How to Own the Box
Ryan Russell ,
Ido Dubrawsky ,
FX ,
Joe Grand , and
Tim Mullen
Manufacturer: Syngress
ProductGroup: Book
Binding: Paperback
 Encryption
| Security & Encryption
| Web Development
| Computers & Internet
| Subjects
| Books
Privacy
| Business & Culture
| Computers & Internet
| Subjects
| Books
Hacking
| Business & Culture
| Computers & Internet
| Subjects
| Books
Security
| Business & Culture
| Computers & Internet
| Subjects
| Books
Network Security
| Networking
| Computers & Internet
| Subjects
| Books
Networks
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
General
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
General
| Certification Central
| Computers & Internet
| Subjects
| Books
General
| Computers & Internet
| Subjects
| Books
General
| E-commerce
| Industries & Professions
| Business & Investing
| Subjects
| Books
Look Inside Business Books
| Trip
| Specialty Stores
| Books
Look Inside Computer Books
| Trip
| Specialty Stores
| Books
All Amazon Upgrade
| Amazon Upgrade
| Stores
| Books
Business & Investing
| Amazon Upgrade
| Stores
| Books
Computers & Internet
| Amazon Upgrade
| Stores
| Books
All Titles
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Similar Items:
-
Stealing the Network: How to Own a Continent
-
Stealing the Network: How to Own an Identity (Stealing the Network) (Stealing the Network)
-
Stealing the Network: How to Own a Shadow (Stealing the Network) (Stealing the Network)
-
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers
-
Google Hacking for Penetration Testers, Volume 1
ASIN: 1931836876 |
Amazon.com
Stealing the Network is a book of science fiction. It's a series of short stories about characters who gain unauthorized access to equipment and information, or deny use of those resources to the people who are meant to have access to them. The characters, though sometimes well described, are not the stars of these stories. That honor belongs to the tools that the black-hat hackers use in their attacks, and also to the defensive measures arrayed against them by the hapless sysadmins who, in this volume, always lose. Consider this book, with its plentiful detail, the answer to every pretty but functionally half-baked user interface ever shown in a feature film.
One can read this book for entertainment, though its writing falls well short of cyberpunk classics like Burning Chrome and Snow Crash. Its value is in its explicit references to current technologies--Cisco routers, OpenSSH, Windows 2000--and specific techniques for hacking them (the heroes and heroines of this book are always generous with command-history dumps). The specific detail may open your eyes to weaknesses in your own systems (or give you some ideas for, ahem, looking around on the network). Alternately, you can just enjoy the extra realism that the detail adds to these stories of packetized adventure. --David Wall
Book Description
"Stealing the Network: How to Own the Box" is NOT intended to be a "install, configure, update, troubleshoot, and defend book." It is also NOT another one of the countless Hacker books out there. So, what IS it? It is an edgy, provocative, attack-oriented series of chapters written in a first hand, conversational style. World-renowned network security personalities present a series of 25 to 30 page chapters written from the point of an attacker who is gaining access to a particular system. This book portrays the "street fighting" tactics used to attack networks and systems.
Not just another "hacker" book, it plays on "edgy" market success of Steal this Computer Book with first hand, eyewitness accounts
A highly provocative expose of advanced security exploits
Written by some of the most high profile "White Hats", "Black Hats" and "Gray Hats"
Gives readers a "first ever" look inside some of the most notorious network intrusions
Download Description
"Stealing the Network: How to Own the Box" is NOT intended to be a "install, configure, update, troubleshoot, and defend book." It is also NOT going to be another one of the countless Hacker books out there now by our competition. So, what IS it going to be? "Stealing the Network: How to Own the Box" is going to be an edgy, provocative, attack-oriented series of chapters written in a first hand, conversational style. World-renowned network security personalities will present a series of 25 to 30 page chapters written from the point of an attacker who is gaining access to a particular system. This book will portray the "street fighting" tactics used to attack networks and systems.
Customer Reviews:
Fiction that hits too close to home.......2007-01-09
While they present this as a work of fiction, there is a large amount of information that can be immediately applied to your own situations. The authors mention that the stories come from real-life experiences or observations, and it is very easy to believe them. This is a great read for any network engineer or network administrator though don't read it at night, case some of the stories can be a little frightening, and you don't necessarily want the nightmares in your sleep.
Entertaining in it's own right..........2006-08-16
The Stealing the Network series of books is in a catagory on it's own. Thrilling, entertaining, and fun to read just scratches the surface of these books. I'll recommend this book to anybody, from joe sixpack who only uses the internet for games and pr0n to mitnick himself.
The highly detailed accounts immerse the reader in a truly fantastic series of stories of hackers and their techniques. Remember, the game is a mental one...
Useful, readable illustration of computer security concepts.......2005-10-31
_Stealing the Network: How to Own the Box_ has 10 stories with a first person narrator, who is either an attacker, or in two cases, a defender. While the characterization isn't up to the standards of (good) commercial fiction* in most cases, it makes the technical medicine go down easier and gives a picture of who and why people do this stuff. That picture is useful in making an abstraction feel more like a concrete threat.
I think this would be a good intro for a non-technical manager of security staff who needs to know why we have to worry about these things. It's a faster read than Bruce Schneir's admirable _Secrets and Lies_, which is a straight discussion of how to think about security, and probably more rigorous and complete. This offers specific examples and leads to many similar lessons. I will read the next one, How to Own a Continent, when its turn comes up in the queue.
One quibble: for a book published in 2003, with a chapter that mentions Snort a couple of times, I was disappointed in the Laws of Security Appendix. Specifically, the Law that "Any IDS can be Evaded" contains some material that is way out of date. To state that "free ones are starting to come available" at least a decade after Shadow, and at least a couple of years after Snort surpassed proprietary intrusion detection solutions, is a bit, well, weird. Snort is big time - Checkpoint just bought the company that writes it. The two chapters telling a defender's tale refer to Snort.
Also, I'm not convinced of the law's validity. The escalation between intrusion evaders and detectors is an interesting one but I think IDS has the advantage in this go-round. We can detect it, if we're watching the right things. Many of the evasion techniques are themselves alertable!
Apart from that, I found myself nodding in agreement with most of what was said. This taught me some things, and I've read pretty widely. This title is available cheap if you look at used. Check it out.
*It's at least better than Tom Clancy, whose plots are the only thing separating him from pure cheese, the male equivalent of a romance novel.
Rough writing, but interesting.......2005-10-11
The writing needs some help -- I understand the newer books are edited by an actual writer to smooth out the prose a bit.
Overall I liked it, there were useful concepts in each hacker's exploit.
The story relating to "H3X", the female hacker was one of the better ones, but had a glaring problem: seeing as I'm not a lonely 14-year-old boy and have had romantic experiences of my own, I really didn't give a crap about the gratutitous, albeit vague, descriptions of her romantic nights out -- it would've been better to just stay on topic.
Making Technology and Security a Fun Read.......2005-05-16
You may be asking yourself why I am writing a review of "Stealing The Network - How to Own the Box" (Ryan Russell, Tim Mullen, et al, Syngress Press, 2003, 429 Pages) two years after it came out in 2003. The reason is that next month, the third book in this series, "Stealing The Network - How to Own an Identity", is being released by Syngress. So in anticipation of this new title, I wanted to read this book, as well as "Stealing The Network - How To Own a Continent" (review to be written later this week). I did not expect to be drawn in as quickly as I was by this book, but I found myself being drawn in by the totally unique style in which technical content is presented and the fast pace the narrative took.
Each chapter presents a mini-scenario that demonstrates how specific network vulnerabilities can be exploited, causing potential problems and losses from organizations. What sets this apart from many of these books that I have read is that is kind of set up in the style employed by the television serial "Law and Order: Criminal Intent": a focus on narrative and knowledge from the point of view of the bad guys. While this is a work of "techno-fiction", the level of detail suggests that only the names were changed to prevent the innocent (or the guilty system administrators who fail to lock systems down as well as they should or could).
Another interesting point throughout this book is the emphasis on "social engineering", an oft overlooked weakness that has only started gaining true visibility in the evaluation and education of system administrators, managers, and end-users through highly visible incidents. It is kind of refreshing to read a detailed tale of what led a hacker to jump in a dumpster to find out information, and what led him to that point.
It is the unique approach the authors take that may make the book a more palatable read for true "uber-geeks", rather than these people not wanting to read a dry book presenting technical material in the typical dry approach, which for sure puts me asleep any day of the week. It may also make the topic more readable for non-technical managers to get a better understanding of their risks and vulnerabilities without getting buried in technical detail. However, this also is one big weakness of the book: there is no index of keywords or topics to go back to for easy reference, which would make the book a more used reference than just a good "summer beach book".
Who Should Read This Book
This book should be read by students starting out their formal education in computer information systems. It can teach them lessons without beating them over the head. The book should be read by system administrators so they can see that technical information can be presented in simpler ways, encouraging them to work on their "soft skills". Finally, it should be read by non-technical management so they can understand that the risks and vulnerabilities are very real, and need to be addressed.
Scorecard: Par on long Par 4
Note: When you read my review for "Stealing The Network - How To Own a Continent", you will hopefully understand why I only gave this book 4 stars.
Book Description
Demand for qualified and certified information systems (IS) auditors has increased dramatically since the adoption of the Sarbanes-Oxley Act in 2002. Now you can prepare for CISA certification, the one certification designed specifically for IS auditors, and improve your job skills with this valuable book. Not only will you get the valuable preparation you need for the CISA exam, youll also find practical information to prepare you for the real world. This invaluable guide contains:
Authoritative coverage of all CISA exam objectives, including:
- The IS Audit Process.
- IT Governance.
- Systems and Infrastructure Lifecycle Management.
- IT Service Delivery and Support.
- Protection of Information Assets.
- Disaster Recovery and Business Continuity.
Practical information that will prepare you for the real world such as:
- Secrets of successful auditing.
- Government regulations at a glance.
- Incident handling checklist.
- Scenarios providing insight into professional audit systems and controls.
Additional exam and career preparation tools such as:
- Challenging chapter review questions.
- A glossary of terms.
- Tips on preparing for exam day.
- Information on related certifications.
A free CD-ROM with:
- Advanced testing software with challenging chapter review questions plus bonus practice exams so you can test your knowledge.
- Flashcards that run on your PC, Pocket PC, or Palm handheld.
- The entire book in searchable and printable PDF.
Customer Reviews:
Great Book for Targeted Learning.......2007-10-03
The CISA exam is written in a way to reflect the choices an auditor faces. What's best, what's the most preferred, etc., tend to be the types of questions one faces. (The CISA exam is not going to ask the test sitter, what is the best in a given environment, as that would be too ridiculous to measure.) As such, people often find the test confusing, because they want to read too much into the questions.
I picked this book up the week before the CISA exam and targeted my reading toward those areas in which I had the least experience (e.g. SDLC, etc) and I passed. That was it! Although not perfect, the book is readable and focused. There are some decent example questions at the back of the book that will prepare one for the types of questions on the test.
Good CISA study guide.......2007-09-11
This book is easy to read and it helps to study for the exam especially if you have CISA exam question CD.
I highly recomend it (and exam question CD too).
Good book, used it and passed Dec 2006 Exam. I am a CISA thanks to this book.......2007-08-15
Good book, used it and passed Dec 2006 Exam on my first attempt. I am a CISA, thanks to this book.The details are just what you need, the authors a did a good job, i recommend it to my brother and friends for Dec 07 Exams, and i talk about it to whoever care to listen.
A book does not need to be a hard core to be good, simple easy and straight forward that is why i like it. it gives you the details,it is a good manual.
Used it to pass the June 2007 exam.......2007-08-10
I just found out that I passed the June 2007 exam. I used 2 items to study.
This book and the question and answer database from ISACA.
First, do not try to use this book alone.
Second, dont even waste your time with the practice questions at the end of the chapter. You will never see questions like those on the exam.
Third, I would recommend the question and answer database. You will see questions like those on the exam.
After using this book and the Q&A database, the test was not that hard. I was not surprised by any questions.
Good study guide, but not enough for the exam.......2007-06-23
I took the exam two weeks ago and did really good. I would recommend studying ISACA's CISA review questions in addition to this book. Reading this book alone will not help you pass the exam. The concepts are well explained but the questions in the book are nothing like the ones in the exam.
Good luck
Amazon.co.uk
The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios.
After Mitnick's first dozen examples anyone responsible for organizational security is going to lose the will to live. It's been said before, but people and security are antithetical. Organizations exist to provide a good or service and want helpful, friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared.
Considering Mitnick's reputation as a hacker guru, it's ironic that the last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organizations and were probably known to the Phoenicians; technology simply makes it all easier. Phones are faster than letters, after all, and having large organizations means dealing with lots of strangers.
Much of Mitnick's security advice sounds practical until you think about implementation, when you realize that more effective security means reducing organizational efficiency--an impossible trade in competitive business. And anyway, who wants to work in an organization where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world, effective organizations have to acknowledge that total security is a chimera--and carry more insurance. --Steve Patient, amazon.co.uk
Book Description
The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
Customer Reviews:
The Art of Humanity.......2007-09-13
Probably one of the very best books I've ever read in my life. This book follows through some of the life of hacker Kevin Mitnick. A lot of good laughs and some surprising and eye opening admissions that are full of lessons for anyone who uses a computer.
Without being condescending or preachy, Kevin shows people the ways around the easiest element of security to break, the user themselves. For anyone who's been involved with computers from the beginning of the first pre-PC's it's like a page of reminiscences from your own brain 20 years ago.
To newer users it's bordering on the insanity that is hacking lol.
This book is worthy of any home user or even IT professionals attention. Mitnick reveals many of the flaws in the human personality that allow people to abuse them, be it verbally, socially or even physically. I can't recommend this book enough to anyone who's had a problem with a hacker or spyware. It will show you, your and everyone else's major character flaw that can be managed effectively to eliminate the naivety that is the Internet.
Essential Reading.......2007-07-06
This is a book everyone should read. It is not only fascinating, but is an essential lesson in self-protection against those who would prey on the trust and vulnerability of honest and kind people.
Hits the nail on the head, but management won't be able to comprehend the implications!.......2007-06-28
Although many of the examples detailed in this book are dated , the concepts are still as easy to leverage as ever.
Mr. Mitnick offers some possible solutions in this book, however he wasted his effort. As any security expert knows, getting upper management buy in to security is difficult at best. Management pays lip service to security, but they are typically more concerned about privacy issues than taking meaningful steps to address known security risks.
When my organization tasked my team to perform a social engineering assessment of their network, that's what they meant. Over and over, we tried to suggest processes that would be easy to manipulate for even the most amateur attacker, only to be immediately cut off and told no. If there is no technical attack to guard against, management can't begin to process the implications.
Good book to share with staff.......2007-01-31
This book served as a great reminder of why we need to be thoughtful about sharing information. I am buying extra copies to share with our staff. The offered advice was especially useful for large organizations with distributed sensitive information.
Fun read.......2007-01-28
If you are intreased in this, good book. Not a lot of detail, but good read.
Average customer rating:
- An expert's view on unifying information
- An excellent starting point for tech writers making the move to single sourcing.
- Content reuse, not Enterprise Content Management...,
- Review of Managing Enterprise Content: A Unified Content Str
- A must for Content Management projects
|
Managing Enterprise Content: A Unified Content Strategy
Ann Rockley
Manufacturer: New Riders Press
ProductGroup: Book
Binding: Paperback
Web Development
| Computers & Internet
| Subjects
| Books
| Content Management
| E-commerce
| Programming
| Security & Encryption
| Web 2.0
| Web Design
| Web Servers
| Web Services
| Website Analytics
| Website Architecture & Usability
Privacy
| Business & Culture
| Computers & Internet
| Subjects
| Books
Manager's Guides to Computing
| Business & Culture
| Computers & Internet
| Subjects
| Books
E-Commerce
| Business & Culture
| Computers & Internet
| Subjects
| Books
Network Security
| Networking
| Computers & Internet
| Subjects
| Books
General
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
Graphic Design
| Computers & Internet
| Subjects
| Books
| 3D Graphics
| Adobe FrameMaker
| Adobe Illustrator
| Adobe InDesign
| Adobe PageMaker
| CAD
| Desktop Publishing
| Electronic Documents
| General
| Information Visualization
| Interface Design
| Printing
| Reference
| Rendering & Ray Tracing
| Scanning
| Typography
| Web Design
Internet
| Home Computing
| Computers & Internet
| Subjects
| Books
| Internet & Education
| Online Searching
| Web Browsers
| Web for Kids
General
| Programming
| Computers & Internet
| Subjects
| Books
Information Systems
| Software Engineering
| Computer Science
| Computers & Internet
| Subjects
| Books
General
| Computers & Internet
| Subjects
| Books
General
| Software
| Computers & Internet
| Subjects
| Books
All Titles
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Business & Investing
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Computers & Internet
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Similar Items:
-
Content Management Bible
-
Single Sourcing: Building Modular Documentation
-
Content Management for Dynamic Web Delivery
-
Enterprise Content Management Technology: What You Need to Know
-
Designing a Document Strategy
ASIN: 0735713065 |
Book Description
Today's businesses are overwhelmed with the need to create more content, faster, cutomized for more customers, and for more media than ever before. Managing Enterprise Content: A Unified Content Strategy provides the concepts, strategies, guidelines, processes, and technological options that will prepare enterprise content managers and authors to meet the increasing demands of creating, managing, and distributing content.
Author Ann Rockley, along with the Rockley Group team, provides techniques that will help you define your content management requirements, build your vision, design your content architecture, pick the right tools, and overcome the hurdles of managing enterprise content. This book will help you visualize the broad spectrum of enterprise content, the requirements for effectively creating, managing, and delivering content, and the value of developing a unified content strategy for your organization.
Customer Reviews:
An expert's view on unifying information.......2007-07-26
Actually implementing a content management solution, even for a small company, is a daunting prospect. Not only do you have to consider a myriad of concrete tasks in order to audit, centralize, and reuse your information. You also have to "sell" a major work-style change to numerous players. Even knowing where to start can be overwhelming, and that's where Ann Rockley's book Managing Enterprise Content comes in.
Authoritative and experienced, Rockley acknowledges that enterprise content management is not for everyone (a refreshing change from those pushing cookie-cutter solutions). In cases where content management could solve business problems, Rockley makes her case with calm conviction, breaking the subject down into logical chunks. In particular, her chapters on designing metadata (the "information about information" that is key to effective and scalable content management) and workflow (the designation of who does what, when) are lucid and comprehensive.
Whether your objective is to get a grasp of the subject, sell an implementation to your organization, or just digest what an impending implementation will mean to you, you'll want Rockley's book on your desk.
An excellent starting point for tech writers making the move to single sourcing........2007-05-25
I came to this book from a very different direction than many (all?) of the other reviewers. I'm a technical writer ("content developer") researching methods and tools for single-sourcing technical documentation. For my purposes, this book was an excellent starting point in recognizing and understanding the considerations that must be taken into account when migrating to a single-source solution (i.e., one tool and set of practices for developing documentation to be delivered in multiple media), defining a new set of practices, and evaluating an authoring tool. I recommend this book strongly to any tech writer/manager who needs help understanding the basics of single-sourcing.
Content reuse, not Enterprise Content Management...,.......2006-11-05
This book's title has probably attracted those interested in Enterprise Content Management. ECM has increasingly become a major buzz in business strategy circles as the information age tidal wave spills over into organizations and floods them with content. We're literally drowning. "Managing Enterprise Content" does not discuss ECM in broad terms, such as structured and unstructured content, email, scanned documents, OCR, ICR, etc. Instead, it focuses on content reuse. To take a simple example, a product brochure, a website, and a press release all include descriptions of a product. Why, the book argues, rewrite that description three separate times for each medium? Why not write it just once, store it in a content management system, and then reuse it over and over again? "Content Modularization" or "Content Reuse" probably describe the goals of this book less confusingly than "Managing Enterprise Content." But, in fairness to the authors, the current title isn't inaccurate, it just lends itself easily to misunderstanding. To reiterate: those looking for a course in Enterprise Content Management conforming to the Association for Information and Image Management's (AIIM) guidelines should look elsewhere.
Nonetheless, those looking for a strategy to manage distributable content throughout an organization should take a look at "Managing Enterprise Content." The focus remains on implementing a "unified content strategy," which translates essentially to an efficient reuse of content. Here the word "content" has a specific sense relating to verbiage authored for a specific use. Product descriptions, mission and vision statements, disclaimers, compliance and regulatory announcements, anything widely distributable qualifies. How does one efficiently manage the creation and the evolution of such content across an organization? This obviously implies some form of centralization (although this pregnant term gets strategically avoided for obvious reasons). And this further implies a software system. But prior to purchasing an expensive application, the business must align itself process-wise to enable content reuse. Otherwise the costly program will sit and rot. The first three parts of the book (I - III), comprising its first twelve chapters, discuss these necessary preparations and walk the reader through to implementation. This progression mirrors, for good reasons, the project management and software development life cycle processes. First, determine the concept or the "why?" of the project (Chapters 1 & 2). Then perform cost benefit analysis (Chapter 3 discusses ROI for content reuse), analyze and prioritize the current content infrastructure, the "As-Is" (Chapters 4 through 6), look to the future by modeling and designing the elements of the system the "To-Be" (Chapters 7 through 11), and finally implement the reusable content infrastructure (Chapter 12). Evaluation of software tools and technology should come before implementation, but the book instead covers these topics in Part IV (Chapters 13 to 18). So it's that easy to implement a unified content strategy? Well, no, not really.
Part V, the book's final section, outlines the inevitable issues that face organizational restructuring. Implementation of a unified content strategy will probably necessitate fundamental changes. Roles will get changes, people moved around, departments will get realigned or reorganized. All of this can sap morale or cause anxiety amongst employees. The author is not an authority on such issues, so this section of the book remains somewhat cursory and high-level. Conflict management gets deferred to a website (the book contains an out of date URL, but the book's website[...] has an updated address), and the advice presented here will probably not surprise anyone. Still, managing change remains an important part of any new implementation and this section, though rudimentary, will at least raise awareness.
Lastly, the appendices contain a grab bag of information. Appendix C, on vendors, has probably suffered from age (these days, a lot can happen in three years), but it may provide some good leads. Appendix B, "Writing for Multiple Media," probably could have appeared in the main body of the book; it contains important details not covered elsewhere.
Overall, the book does give a plausible outline for implementing the proposed strategy. Some of the chapters may seem overly simplistic or overlong to those experienced with system implementations or business process management. At the very least, "Managing Enterprise Content" may introduce some readers to the concept of enterprise content reuse. That concept remains a challenging one that will likely mean different things to different organizations. So this book does not provide the final word on the subject, nor does it intend to. An organization can only use this book as a blueprint or a guidepost for implementing its own unified content strategy.
Review of Managing Enterprise Content: A Unified Content Str.......2004-05-21
Are you overwhelmed with the need to create more content, faster, customized for more customers, and for more media than ever before? Do you consider storing documentation on a server as an effective a content management system? Do you want to learn how content management will empower your organization? The answer to these questions and many more is covered in Managing Enterprise Content: A Unified Content Strategy by Ann Rockley with Pamela Kostur and Steve Manning of The Rockley Group. The Rockley Group is one of the leading providers of content management methodologies.
Managing Enterprise Content provides concepts, strategies, guidelines, processes, and technical options that will prepare you to meet the increasing demands of creating, managing, and distributing content. It describes techniques that will help you define your content management requirements, build your vision, design your content architecture, select tools, and overcome obstacles of managing enterprise content. It will help you to visualize the spectrum of enterprise content, the requirements for effectively creating, managing, and delivering content, and the value of developing a content strategy for your organization. That¡¦s a lot of information for one person to understand. That¡¦s why the book is written for three audiences: content managers, information architects, and authors. Managing Enterprise Content follows the same methodical approach that Rockley uses to teach content management in seminars and workshops.
I was expecting the book to jump into the technologies to implement a content management system. But that¡¦s not how Rockley presents content management. She begins with The basis of a unified content strategy and describes how content is created, who creates it, why authors work in isolation, and the consequences of isolation and centralizing content. The solution is to consolidate content in a definitive source, and a process that encourage authors to work collaboratively. The next step is to assess opportunities for content reuse. If you have never heard the term ¡¥reusing content,¡¦ you may know it as single sourcing. You probably already reuse content (i.e. copy and paste), which works well until the information, and everywhere that it appears, must be updated. Content reuse involves using existing content components (e.g. paragraphs, sections, and chapters) to develop new documents. Implementing a unified content strategy is a costly investment: tools, technologies, and training are not cheap. Investment costs are incurred in technology, training and consulting, and lost productivity.
Examples are given to calculate the cost of authoring tools, content management systems, training and consulting¡Xa content management system is not a plug and play, one size fits all solution. The return on investment is achieved by reduced time to market, reduced cost of product content development, improved accuracy and quality of content, and reduced manufacturing defects. The examples are especially helpful because you will need to create a proposal to convince budget holders and management on the return on investment of a content management solution.
Are you ready to buy a content management system? Not yet, read further. ¡§Performing a substantive audit: Determining business requirements¡¨ begins with an introduction on how to determine goals that you want a unified content strategy to solve, for example:
h Reduce the time to plan, write, review, approve, and publish
h Create flexible content that is easily reused to create information products for multiple products and multiple media
h Reduce the cost of translation by reusing existing translations.
h Make content more accessible; separating content from format makes it possible for content to be displayed automatically in a format appropriate to the disability.
Rockley describes how to identify opportunities where a unified approach of content management (i.e. planning, design, authoring and revision, version control, access control, publication and delivery to its audiences) is beneficial.
You are probably wondering how this all fits together, and Rockley explains how. ¡§Design¡¨ describes information modeling and metadata, how to personalize content, how to design a workflow, and how to implement your design.
An information model is critical for a unified content strategy because it provides a framework for documentation. It's the 80/20 rule: 80% of your effort is planning and analysis, and 20% of your effort is implementing the solution with whatever tools are selected to accomplish the goals the organization has set for itself. The level of detail of your information model depends on the level of reuse you want to achieve.
Many desktop publishing tools can dynamically publish personalized letters and forms by matching elements such as names and address¡Xa content management system can do the same. I was confused why design is given so much attention. Why not conduct the audit, buy the tools, and worry about design later? You can¡¦t. The design of information, reuse models/maps, meta data and workflow are all tool independent tasks. Regardless of the tools selected, you must first analyse and then design a content or information model so that it can be presented to IT staff and software vendors. Doing this in advance makes it possible for you to ask vendors to respond to a request for proposal and document how their tools can help you satisfy your specific challenges. Analysis provides an opportunity to collect metrics. From your information models, you can identify how much of your content could be reusable and where.
Educated on how content is used, where and how, you are better prepared to match the tools and technology to the origination¡¦s goals to deliver a unified content management solution. ¡§Tools and technologies¡¨ offers guidelines for evaluating tools. With so many tools and technologies to choose from, selecting the one that best satisfies your goals and budget is a challenge. Your best advantage is to be an educated consumer before you shop around. Rockley recommends that you identify your needs, and criteria for evaluating product options in terms of usability, training provided, supporting documentation provided, technical support, upgrades and enhancements, implementation time, cost, vendor viability, partnerships the vendor has to provide an expanded solution, and references. Where do you being looking?
Some good sources are conferences where vendors present authoring solutions such as the annual STC conference, electronic mailing lists, technology magazines, Web sites and online discussion boards and newsgroups. A supplement to ¡§Tools and technologies¡¨ is Appendix C, ¡§Vendors,¡¨ which is an overview of products, features and vendors. Appendix D, ¡§Tools Checklist,¡¨ which lists sample questions to ask a vendor. When you have narrowed your list of potential vendors, Rockley suggests that you either contact the vendors and request onsite demonstrations or send vendors an RFP (request for proposal).
¡§Tools and technologies¡¨ covers XML because it provides interoperability between applications. XML is not a set of tags that you apply to documents; it is a specification that sets rules for the creation of tag sets that you apply to documents. For instance, if you selected tools first and then designed your content, you might find that some of the content does not behave the way you expect it to. One solution would be to use XSLT to transform the content and move it around where you want it. While this may be an acceptable solution, it¡¦s not. The conversion costs time, money, and resources. There is no need to convert or transform content if it¡¦s modelled in XML from the start.
Rockley describes strategies for collaborative authoring, how to separate content from format, how to manage change and transition. An example is given to illustrate how the same product description is reused effectively to create a show catalog, brochure, press release and Web site. It¡¦s easy to understand that people find it hard to believe that content somebody else created could possibly meet their needs. After all, Rockley notes, it was written for a different purpose and media, and the author could not have known their customers/audience/requirements. However, if content is written for a different purpose, audience, or media without considering how the content can be reused, it¡¦ won¡¦t work.
Don¡¦t be optimistic that everybody will be willing to convert to a better way of authoring and managing content. Rockley presents issues to consider when planning your change management strategy such as overcoming resistance from opponents and descriptions of new and modified roles. She recommends creating a role for an enterprise project coordinator and information technologist; a change to existing roles business owners or analysts and information architects; and new skill sets (p. 413-415). Unintentionally overlooked are system administrators to maintain the content management system and to ensure that users adhere to standards.
Don¡¦t be overly optimistic that everybody will want morph into new roles and change their authoring habits. An XML system is best suited and ideal for a large documentation department for all content authoring or an organization where every author uses the XML authoring tool. A team of ten or fewer will be constrained to balance XML implementation and documentation project duties, and learn how to use the (new) content management system. Even if you assign the complex task of XML implementation and creation of information models, workflows and DTDs to a consultant, the consultant will require guidance from the team. These are only a few of the constraints to overcome to assure a successful unified content strategy that Rockley expertly describes how to overcome.
Managing Enterprise Content concludes with a checklist for implementing a unified content strategy, suggestions for writing for multiple media, sample questions to ask vendors, a checklist for the tools required to implement a unified content strategy, and the importance of content relationships in version control. Pay close attention to usability. The rollout of a content management system, authoring tools, and authoring standards affects every member of the organization. If it¡¦s not easy to learn, easy to use, easy to support, and easy to maintain, authors will revert to the traditional way of writing and managing content.
Read Managing Enterprise Content before you invest in a content management system and consulting fees. You will be an educated and informed customer and user when you begin shopping for a content management solution of your own.
A must for Content Management projects.......2004-02-02
This book is an absolute must for Content Management projects. It touches all of the important aspects: Technical, functional and process. There is something for all stakeholders in a EMS/CMS project.
Especially good about this book is that the parts that are not your direct job are still very readable, understandable and interesting. It provides valuable insights in other peoples jobs and reasoning.
Coming from the technical side and with a lot of experience in setting up systems and also information architecture and DTD design, for me this book contained several new insights and some very helpfull checklists.
I am in the middel of a CMS project now, but I wish I had read it sooner.
Amazon.com
This is the one book you ought to have if you want to expand your knowledge of online transaction processing (OLTP) and learn how to apply it to the real world. Transaction Processing completely covers the problems faced by OLTP systems and discusses fault tolerance and recovery--the ability of a system to withstand failures of various kinds without dropping the ball. Additionally, Gray and Reuter cover system architecture decisions, monitoring, concurrence (including locks and isolation), scheduling (including deadlock resolution), and file systems. The book concludes with a discussion (circa 1993) of the merits of various hardware and software used in OLTP systems. Although there is no companion CD-ROM with Transaction Processing, the authors do illustrate many of the book's concepts with C source code. As this is a college textbook, you can expect some dry prose and academic approaches to certain problems. Nonetheless, the authors' writing is clear and easy to follow.
Book Description
The key to client/server computing.
Transaction processing techniques are deeply ingrained in the fields of
databases and operating systems and are used to monitor, control and update
information in modern computer systems. This book will show you how large,
distributed, heterogeneous computer systems can be made to work reliably.
Using transactions as a unifying conceptual framework, the authors show how
to build high-performance distributed systems and high-availability
applications with finite budgets and risk.
The authors provide detailed explanations of why various problems occur as
well as practical, usable techniques for their solution. Throughout the book,
examples and techniques are drawn from the most successful commercial and
research systems. Extensive use of compilable C code fragments demonstrates
the many transaction processing algorithms presented in the book. The book
will be valuable to anyone interested in implementing distributed systems
or client/server architectures.
Customer Reviews:
This is the bible for Transaction Processing!.......2006-03-24
This book is the base for all who want to be a Gurus in a bigs systems OLTP with hundreds of TPS and hundreds or thousands of customes conected doing transactions or using a terminals. This is a book that you mast have mandatorily.
This book is a revelation.......2006-01-14
God himself has spoken. You will understand what is the difference between real computer science (Jim Gray) and changing configuration values at random in your MySQL setup (Jeremy Zawodny style)
Perfect.......2003-02-14
Well organized, complete, nontrivial, wealth of sample code, interesting historical notes, good index. Magnificent work. Definitely worth the money.
Showing its age, but still has a lot to offer.......2002-07-21
For nearly a decade this book has been the definitive reference on transaction processing. Although the more recent, May 2001 book titled "Transactional Information Systems: Theory, Algorithms, and the Practice of Concurrency Control" by Gerhard Weikum and Gottfried Vossen will probably supplant this book as the standard reference, there is still much material that makes this book useful.
In particular, this book covers the following topics in more depth than the newer boom cited above:
- Fault tolerance and availability, both topics are covered in depth from hardware and software perspectives. This is unique for a book on transaction processing in that most books on the subject confine their scope to software and databases.
- A wide and complete survey of transaction models. True, some of this material is about models that are falling into disuse, but the value is the way the authors go deeply into the mechanics. I've always felt that this part of the book is the most valuable because the principles can be refactored into hybrid models. Moreover, comparing this material with the newer book by Weikum and Vossen shows that these principles are still employed in today's TP solutions.
Material about transaction processing monitors is obviously out of date, but, like the TP models, the principles still apply to contemporary systems. My recommendation is if you are going to buy a single book on the topic get the Weikum and Vossen I cited in the first paragraph. However, if your budget allows, I also highly recommend this book as well because of the depth in which fault tolerance and TP models are covered. If you want to just learn the basics of TP I recommend that you consider "Principles of Transaction Processing" by Philip A. Bernstein and Eric Newcomer because it is less daunting than this or the Weikum and Vossen book (both of which are 1100+ pages).
The bible of transaction processing.......2001-11-22
I used this book as a CS grad student in college
for a class on transaction based systems and it covers
how to do transactions from top to bottom. Although
it was published in 1993 the techniques described in this
book are actually more advanced than techniques
used in a lot of real world systems today so it is not
out dated. I have yet to see a book as comprehensive as
this on how to actually implement transactions. Good
book for software engineers to read. My only complaint
is that the book has a lot of typos and some bugs in the
source code listings. Also because the book is so damn big
(i.e. lot of pages) they chose to use very thin paper which
makes it not very good for using hilight markers on. Still
this is the definitive book on how to implement transaction
processing.
Book Description
"The book you are about to read will arm you with the knowledge you need to defend your network from attackers—both the obvious and the not so obvious....If you are new to network security, don't put this book back on the shelf! This is a great book for beginners and I wish I had access to it many years ago. If you've learned the basics of TCP/IP protocols and run an open source or commercial IDS, you may be asking 'What's next?' If so, this book is for you."
—Ron Gula, founder and CTO, Tenable Network Security, from the Foreword "Richard Bejtlich has a good perspective on Internet security—one that is orderly and practical at the same time. He keeps readers grounded and addresses the fundamentals in an accessible way."
—Marcus Ranum, TruSecure "This book is not about security or network monitoring: It's about both, and in reality these are two aspects of the same problem. You can easily find people who are security experts or network monitors, but this book explains how to master both topics."
—Luca Deri, ntop.org "This book will enable security professionals of all skill sets to improve their understanding of what it takes to set up, maintain, and utilize a successful network intrusion detection strategy."
—Kirby Kuehl, Cisco Systems Every network can be compromised. There are too many systems, offering too many services, running too many flawed applications. No amount of careful coding, patch management, or access control can keep out every attacker. If prevention eventually fails, how do you prepare for the intrusions that will eventually happen? Network security monitoring (NSM) equips security staff to deal with the inevitable consequences of too few resources and too many responsibilities. NSM collects the data needed to generate better assessment, detection, and response processes—resulting in decreased impact from unauthorized activities. In The Tao of Network Security Monitoring, Richard Bejtlich explores the products, people, and processes that implement the NSM model. By focusing on case studies and the application of open source tools, he helps you gain hands-on knowledge of how to better defend networks and how to mitigate damage from security incidents. Inside, you will find in-depth information on the following areas. The NSM operational framework and deployment considerations. How to use a variety of open-source tools—including Sguil, Argus, and Ethereal—to mine network traffic for full content, session, statistical, and alert data. Best practices for conducting emergency NSM in an incident response scenario, evaluating monitoring vendors, and deploying an NSM architecture. Developing and applying knowledge of weapons, tactics, telecommunications, system administration, scripting, and programming for NSM. The best tools for generating arbitrary packets, exploiting flaws, manipulating traffic, and conducting reconnaissance. Whether you are new to network intrusion detection and incident response, or a computer-security veteran, this book will enable you to quickly develop and apply the skills needed to detect, prevent, and respond to new and emerging threats.
Customer Reviews:
Jump into NSM.......2007-06-13
This book is a great introduction to the world of NSM (Network Security Monitoring). The basic idea is that security defenses will fail at some point and that to realistically improve the security posture of an organization NSM is needed.
The book starts with an introduction to risk analysis. It then describes how to build an NSM platform using open source tools, FreeBSD, and network taps / SPAN ports. It also includes some case studies and a lot of material on the operational aspects of running a NSM team.
I really like Richard's style such as his footnotes with related papers.
Be sure to check out the author's blog at http://taosecurity.blogspot.com/.
Great book.......2007-05-17
Cuts right to the chase. Worthy addition to any serious network security library.
Great book to learn the Art of Network Monitoring!.......2006-02-07
I am not sure how I was first introduced to the author, Mr. Bejtlich. I cannot remember if I first noticed his work via his excellent blog or this, his first book. Either way, after reading "The Tao of Network Security" by Richard Bejtlich, I feel he has prepared and educated me in a way unlike any other author. The first item you must recognize is the tone that this book dictates right from the outset. The book begins by citing many different authors, their books and their value. I knew immediately that I was in for a treat. And I was right!
I will not attempt to offer a full review as I feel one can gather from other reviews the value of this book. The book is basically broken up into 5 sections. The first 100 pages is an intro to Network Security Monitoring (NSM). The second part is dedicated to the different ways to monitor - I particularly like (and agree) with how the author broke up the different ways of cataloguing NSM - full content, session, and alert. The third section describers NSM processes and the fourth section describes NSM people.
The book, overall, is a superb resource. Not a page goes by without some screenshots of TCPDump, UNIX configs or diagrams. I have heard others' mention they have been given this book to read in their classroom study and I can see why.
I give this book 5 pings out of 5:
!!!!!
Shows a disciplined approach to network security monitoring .......2005-05-29
A problem with the approach many people take to network and security monitoring is that they expect it to be plug and play. Install the software and then stop attackers in their tracks. If only it was so easy. But one can't simply install monitoring software or an IDS, collect data and expect it all to correlate and correct itself.
The beauty of The Tao of Network Security Monitoring : Beyond Intrusion Detection is that it shows how network monitoring requires a strong discipline to truly have an effect on security.
The book is written for the person; primarily a system administrator or security engineer whom truly wants to use an IDS to manage and secure their network. This is not an introductory text, rather it is written for someone not scared of downloading and compiling code. If you are looking for an intro to IDS usage, this is not the book for you. This is a book about someone who has an IDS, and needs to find a way to use it and tune it for maximum usage.
The book has a near endless supply of network traffic capture and analysis tools, techniques and network topologies. Beyond simply providing a list of software tools, the book shows how to install and configure a variety of these tools. Rather than wasting pages and screen shots detailing how to download and install the software mentioned; the book shows how to use the tool in the context or Tao of security monitoring.
In addition, the author emphasizes the point that the people are a crucial aspect of effective network monitoring. The ultimate success of any IDS is directly tied to the analyst behind the console. They are the ones making the decision on how to respond to an incident, and if they are not appropriately trained, all of the hardware and software will only provide a fraction of it potential.
With that, The Tao of Network Security Monitoring should be considered required reading for anyone using an IDS or responsible for its use. If you have staff using an IDS, ensure that they have read The Tao of Network Security Monitoring as it will educate them in truly understanding how to monitor a network.
One of a kind.......2005-02-21
This book has everyting as it pertains to network security monitoring. If you read this book from cover-to-cover, then you can consider yourself prepared to deal with anything that comes at you. This book presents material that would normally take years to learn in an easy-to-follow format. This book is a must have for anyone who is serious about their job and wants to make the jump to becoming an expert.
Book Description
Designed for senior and graduate-level business and information systems students who want to learn the management aspects of information security.
Customer Reviews:
Good to go.......2007-04-02
Product was delivered on time and in the condition as described. Good deal.
Need a InfoSec Book?.......2007-03-29
This book covers everything pertaining to managing Information Security. This book is very informative. I currently have this book in my library, where i still use it as a reference when writing information security related papers.
Boring, boring, boring.......2006-07-06
Did I tell you the book was boring?
The authors spend too much time providing the "how to" on developing paperwork (paper-tiger) security programs and nothing on the implementation of real security measures.
They borrow whole chapters out of books written by some guy -- Charles Cresson Wood -- heck, just buy that guy's book instead.
They introduce each chapter with a cursory view of "the threat" yet spend no time explaining how it applies to the chapter.
They do ensure that the reader understands the importance of "making sure your CISO is high enough up the management chain to be effective." Chapter after chapter after chapter!!!!
I've seen better strategic planning in a comic book.
Philosophical (Textbook) exposition of InfoSec.......2004-11-07
If you're looking to get down into the nitty-gritty of infosec, for ways and methods of securing networks and systems, then this probably isn't the book you need. This is a textbook and so it overs a fairly high level viewpoint, even philosophical approach, to infosec. The granualarity just isn't there for the practising person to gain much from this in a substantive way.
That said, the book does provide a readable and useful overview of all aspects of the infosec planning and administration process. Each chapter has questions yet no answers. Chapters include:
Introduction to the management of info sec
Planning for infosec
Planning for contingencies
Information security policy
Developing the security program
Security Management models and practices
Risk Management: identifying and assessning risk
RIsk Management: Assessing and controlling risk
Protectiion Mechanisms
Personnel and security
Law and Ethics
Information Security Project management (the weakest chapter in the book...meant as an introduction)
While the authors won't tell you how to configure a firewall for example, they will teach you who, how and why this must be done and what must be done to guide and support decisions like this in an organizational environment. This book is about top down security management. It teaches you to use policy, procedures, people, programs, projects and planning in a three dimenional security matrix: confidentiality, integrity, availability, security, transmission, processing, policy, technology and education/training with regard to people, data, hardware, software and procedures, all within the methodology of the secSDLC. So it is a philsophical journey thorugh the heart of the matter written by two guys who obviously know and enjoy their subject.
This books is well written and has a number inserts highlighting differrent things like different types of attacks, concepts like human firewalls and such that enhance the readability while leading a connection to reality that threatens to become a little tenuous when dealing with much abstraction.
SO, a good textbook. I used it for a subject I took and found it useful. WHile it may be a little dry at times, due to the technical nature of the material, if you are serious about learning information security then the need to be consistently entertained is probably just a little alien to your nature anyway. This book will give you an excellent grounding in the things you should be condisering and doing when planning, analyzing, designing, implementing and managing and maintaining infosec.
An excellent addition and support for the material presented in the book- as referred by the authors- is bunch of free materials published by the National Institute of Standards and Technology, found at the computer security resource center. These include papers such as SP 800-12, SP 800-14, and so forth. The website is http://csrc.nist.gov/publications/nistpubs/ It is important to check this out if you are serious about infosec. This book is a good starting point for deliving deeper into that world.
Amazon.com
Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about.
Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall
Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.
Book Description
The first quick reference guide to the do's and don'ts of creating high quality security systems.
Ross Anderson, widely recognized as one of the world's foremost authorities on security engineering, presents a comprehensive design tutorial that covers a wide range of applications. Designed for today's programmers who need to build systems that withstand malice as well as error (but have no time to go do a PhD in security), this book illustrates basic concepts through many real-world system design successes and failures. Topics range from firewalls, through phone phreaking and copyright protection, to frauds against e-businesses. Anderson's book shows how to use a wide range of tools, from cryptology through smartcards to applied psychology. As everything from burglar alarms through heart monitors to bus ticket dispensers starts talking IP, the techniques taught in this book will become vital to everyone who wants to build systems that are secure, dependable and manageable.
Customer Reviews:
Unique in its genre.......2007-07-05
The title is maybe misleading. It is not really a guide that will show you a procedure step by step 'how to do' to build secure systems as most engineering books do. It is rather a survey of the different security protocols used in various fields. Of course, you can learn from the success and errors described in the book and use this knowledge for developing a new system but you will have to connect the dots yourself.
The book is very dense in information and at first, its format was making it tedious for me to read. It did take around 3 chapters before I get accustomed to the format. Once, this aspect was out of the way, this book became amazingly interesting. It describes systems used in banking, by diplomats, military, for nuclear weapons, police, set-up box TV decoders smart cards and anti tampering devices in general, spies, biometric authentication, etc.. and focus on the security protocols used by these systems and then highlights the weaknesses of the systems and how people have figured out how to workaround these protocols.
The best quality of the book is that it will help you to better understand the mindset of a secure system designer and a system hacker.
Textbook for class........2007-03-18
The book is interesting but it's starting to show signs of it's age. I think the last revision of it was 2001, so the examples are good, yet aged. It would be great if they updated it. Still a useful and good book though.
More high-level concepts and less hands-on guidance.......2006-03-30
This is certainly a good book for getting introduced to most high-level architectural concepts related to Network security, cryptography, mandatory/multi-level access control etc. From a application development perspective, this book falls short on how to build architecure, design and implement them into your business applications which ultimately meets the end-user. The author justifies the high-level concepts well enough from a generalist perspective, but the industry-standards from OASIS leans towards standards-based application security protocols..which pushes a developer/architect like me to take those suggestions first and how to apply them in real world. The book also does'nt address on how-to build security for emerging application architectures based on Service-oriented architecture (SOA), Identity Management, Net-centric Federated applications. As a developer/architect using Java or Microsoft .NET or open-source based distributed applications, I need guidance on how to implement the recommended concepts (in the book) for example using biometrics or smartcards for building multi-factor access control at my application-level...unfortunately I don't find any answers for real-world implementation.
Best security book on the market.......2006-03-03
This book is a must own and a must read. Ross Anderson may tweak people's noses on occassion...but usually because they need tweaking. Get this book now. Really.
Excellent but biased.......2005-12-11
This is an excellent book on Security Engineering. While I don't mind the anti American anecdotes, I wasn't pleased to see Abdulrahman and terrorist being used close to each other. I think it places a huge bias on the Arabic people as terrorists.
Average customer rating:
- Helpfull at most.
- Excellent wireless network security guide and reference.
- A comprehensive, concise IT reference bible
- Wireless Frenzy
- Timely book- must read for IT professionals
|
Guide to Wireless Network Security
John R. Vacca
Manufacturer: Springer
ProductGroup: Book
Binding: Hardcover
Communications
| Skills
| Business & Investing
| Subjects
| Books
General
| Business & Investing
| Subjects
| Books
High-Tech
| Industries & Professions
| Business & Investing
| Subjects
| Books
Wireless Networks
| Networking
| Computers & Internet
| Subjects
| Books
Network Security
| Networking
| Computers & Internet
| Subjects
| Books
Networks
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
General
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
General
| Certification Central
| Computers & Internet
| Subjects
| Books
General
| Computers & Internet
| Subjects
| Books
Information Theory
| Computer Science
| Computers & Internet
| Subjects
| Books
Wireless Security
| Security & Encryption
| Computers & Internet
| Subjects
| Books
Look Inside Business Books
| Trip
| Specialty Stores
| Books
Look Inside Computer Books
| Trip
| Specialty Stores
| Books
All Deals
| Blowout Books
| Stores
| Books
Business & Investing
| Blowout Books
| Stores
| Books
Computers & Internet
| Blowout Books
| Stores
| Books
All Amazon Upgrade
| Amazon Upgrade
| Stores
| Books
Business & Investing
| Amazon Upgrade
| Stores
| Books
Computers & Internet
| Amazon Upgrade
| Stores
| Books
All Titles
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Business & Investing
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Computers & Internet
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Similar Items:
-
Real 802.11 Security: Wi-Fi Protected Access and 802.11i
-
802.11 Wireless Networks: The Definitive Guide, Second Edition (Definitive Guide)
-
802.11 WLAN Hands-On Analysis: Unleashing the Network Monitor for Troubleshooting and Optimization
-
Fundamentals of Wireless Networking
-
Cisco Wireless LAN Security (Networking Technology)
Accessories:
-
Pro SMS 2003
-
Grid Computing Security
-
Distributed Event-Based Systems
ASIN: 0387954252 |
Book Description
With the rapid deployment of wireless networks in business environments, IT professionals must implement security mechanisms that are equivalent to those existing today for wire-based networks. This volume is an authoritative, clearly-presented guide to key foundation topics and technology frameworks for designing and maintaining secure, reliable operations. From basic concepts to designing principles to deployment, all critical concepts and phases are explained in detail. The book also includes coverage of wireless security testing techniques and intrusion prevention techniques.
Through extensive hands-on examples, Guide to Wireless Network Security demonstrates how to install, configure and troubleshoot firewalls and wireless network security applications; evaluate, implement and manage wireless secure remote access technologies; and deploy a variety of Virtual Private Networks, intrusion detection systems and intrusion prevention systems, in conjunction with information warfare countermeasures.
Customer Reviews:
Helpfull at most........2007-08-03
I only gave this book three stars because the author is rather jaded, and I am not entirely sure how much of what he says does what he says.
As an example: He spoke of remotely erasing data from devices to prevent someone who stole the device from obtaining data somewhere in the first chapter. That is simply not going to help you. If some one steals a device for the data, erasing it is not going to help you, they are just going to use a utility to rewrite all the allocation table indexs back to 1's, and whalla the data is back (if there smart they wont even have to buy anything to do it, because DOS has that utility built in). When it comes to file protection, encryption is the only way to go... unfortunately when someone has the device, if there good enough they can get at the key.
Making data hard to get at is one thing, but believing that there is an absolute solution is obsurd.
The book was helpful in that it introduced me to many if not most or all of the concepts. As with every one else that is most likely reading or going to read this book, I have not messed with wireless to terably much, and I now have a good bases to start researching the topics further... because I definitely do not trust this mans judgement.
The author also often feels that he can predict the future and tell you with in a good 3-6 month period of when certain vulnerabilities are going to be exploited... such as wireless viruses being written on a regular basis in mid 2006. That one has already been proven false... I suppose that is more of an annoying writing style though, I am sure that at some point they will start poping up more readily... just not in mid 2006!
Excellent wireless network security guide and reference........2006-09-12
This book provides the knowledge necessary to master wireless technology quickly and, more importantly, guide an individual/organization through the pitfalls of deploying the technology securely and rapidly.
A comprehensive, concise IT reference bible.......2006-09-01
John Vacca has brought to light, and more importantly, into focus all the underlying issues related to securing a wireless network in his new book Guide to Wireless Network Security. This all encompassing book belongs in the hands of all active IT professionals and "C" level executives needing to keep abreast of our ever changing technical environment.
A comprehensive, concise IT reference bible.
Wireless Frenzy.......2006-08-23
As a professional consultant, increasingly I have to deal with wireless networks. This book provides for me the details about wireless networking, all at my fingertips.
No, it's not a complete guide on how to setup and install a wireless network, but it's not supposed to be. A book like that would be out of date before it went to print! Rather, this book lays out the necessary information for integrating wireless platforms into corporate and business enterprise--securely! It's all about the tools to use and what job to use them for. Knowing the right tool for the right job is half of what this book is about. The other half is about scenarios and procedures and security and the theory behind the technology. Everything you need to know whether you are involved in corporate firewalling of wireless networks, security, integration, etc. This book is a must-read for anyone involved in network architecture and planning.
Timely book- must read for IT professionals.......2006-08-15
I couldn't put the book down. Vacca's Guide to Wireless Network Security is the one-stop-shopping reference to everything you need to know about the security impacts associated with wireless technology. Just back from a roadtrip across the US, I was astonished to find almost every motel/hotel now equipped with wireless access. Upon use, I would always wonder about their implementations regarding the *real* protection of my data exchanges. This book has educated me and frankly has scared me quite a bit. IT professionals, this is a terrific read. Highly readable and highly recommended
Average customer rating:
- Disappointing
- 1/4 good
- Great book on SNMP starts from the beginning
- Essential SNMP, Second Edition, Review
- Good book, but where is there one for idiots?
|
Essential SNMP, Second Edition
Douglas Mauro , and
Kevin Schmidt
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback
Privacy
| Business & Culture
| Computers & Internet
| Subjects
| Books
Intranets & Extranets
| Networking
| Computers & Internet
| Subjects
| Books
Network Security
| Networking
| Computers & Internet
| Subjects
| Books
SNMP
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
General
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
Network Administration
| Networking
| Computers & Internet
| Subjects
| Books
General
| Programming
| Computers & Internet
| Subjects
| Books
General
| Languages & Tools
| Programming
| Computers & Internet
| Subjects
| Books
General
| Computers & Internet
| Subjects
| Books
General
| Programming
| O'Reilly
| By Publisher
| Books
Network Administration
| O'Reilly
| By Publisher
| Books
Internet Security
| O'Reilly
| By Publisher
| Books
Look Inside Computer Books
| Trip
| Specialty Stores
| Books
Similar Items:
-
SNMP, SNMPv2, SNMPv3, and RMON 1 and 2 (3rd Edition)
-
Understanding SNMP MIBs
-
Nagios: System and Network Monitoring
-
LDAP System Administration
-
Pro Nagios 2.0 (Expert's Voice in Open Source)
ASIN: 0596008406 |
Amazon.com
Without Simple Network Management Protocol (SNMP), network administrators might have to actually get out of their chairs and go see what's up with all of the network-connected equipment under their authority. Perish the thought. Essential SNMP explains how the management protocol works and how it's implemented by several operating systems and pieces of equipment. More importantly, this book shows its reader--who should be a network administrator who's familiar with the problems of running a distributed network--how SNMP can earn its place as a network administration tool. In other words, this book examines SNMP as a strategic resource as well as a technical phenomenon.
Because it's oriented toward SNMP as a tool, much of the coverage in this book has to do with software that uses SNMP to provide network monitoring and control services. After a strengths-and-weaknesses overview of a number of SNMP packages, the authors use mainly HP OpenView, Castle Rock SNMPc, and Net-SNMP (the last in combination with Perl scripting) to demonstrate how SNMP works and how to take advantage of it. It's the scripting that really distinguishes this book from other SNMP books, by the way. It's integral to the authors' presentation, and the latter half of this book is packed with shell and Perl listings. --David Wall
Topics covered: Simple Network Management Protocol (SNMP) and its applicability as a network management tool. Details like object identifiers (OIDs), management information bases (MIBs), traps, and community strings are defined and explained. The configuration of SNMP agents is detailed for several software packages and operating systems, and the integration of SNMP and scripts (in shell languages and in Perl) is covered nicely.
Book Description
Simple Network Management Protocol (SNMP) provides a "simple" set of operations that allows you to more easily monitor and manage network devices like routers, switches, servers, printers, and more. The information you can monitor with SNMP is wide-ranging--from standard items, like the amount of traffic flowing into an interface, to far more esoteric items, like the air temperature inside a router. In spite of its name, though, SNMP is not especially simple to learn.
O'Reilly has answered the call for help with a practical introduction that shows how to install, configure, and manage SNMP. Written for network and system administrators, the book introduces the basics of SNMP and then offers a technical background on how to use it effectively. Essential SNMP explores both commercial and open source packages, and elements like OIDs, MIBs, community strings, and traps are covered in depth. The book contains five new chapters and various updates throughout. Other new topics include:
- Expanded coverage of SNMPv1, SNMPv2, and SNMPv3
- Expanded coverage of SNMPc
- The concepts behind network management and change management
- RRDTool and Cricket
- The use of scripts for a variety of tasks
- How Java can be used to create SNMP applications
- Net-SNMP's Perl module
The bulk of the book is devoted to discussing, with real examples, how to use SNMP for system and network administration tasks. Administrators will come away with ideas for writing scripts to help them manage their networks, create managed objects, and extend the operation of SNMP agents.
Once demystified, SNMP is much more accessible. If you're looking for a way to more easily manage your network, look no further than Essential SNMP, 2nd Edition.
Customer Reviews:
Disappointing.......2007-05-25
Most of the books in this series are very technical and go into serious details. This one reads like a compendium of owner's manuals. A really good book on SNMP is needed and this one is not it.
1/4 good.......2007-05-03
This book is good up till you get 1/4 of the way through it. The first quarter of the book is good and it goes over general SNMP stuff then history different versions etc. The last 3/4 of this book cover configuring proprietary monitoring systems like open view and solar winds.
I dont care about open view.. or solar winds.. i wanted to learn about snmp... not some vendors software package. Im suprised that this got published with such a general title.. when really the book is an snmp intro, followed by how to setup a proprietary monitoring tool.
Great book on SNMP starts from the beginning.......2007-02-21
I hadn't seen a new book on SNMP come out in some time, and the older ones I had read were so abstract and unhelpful that I was reluctant to try another one. This book, though not perfect, is much better than the older books I have looked at on the subject. For one thing, it just didn't dive into the subject with a bunch of confusing graphs and object trees assuming I already knew the big picture.
Chapter one is just a general introduction to SNMP and network management. Chapter 2 goes into details on both SNMPv1 and SNMPv2. It talks about how SNMP sends and receives information, how to read MIB files, and about SNMP communities. It looks in detail at three MIB's - MIB-II, Host Resources, and RMON. MIB-II is a very important management group because every device that supports SNMP must also support MIB-II, thus objects from MIB-II are used in examples through the whole book. Chapter 3 introduces SNMPv3, which addresses the security problems present in v1 and v2.
Next the book introduces the idea of a network management architecture. It stresses that you need a plan that helps you use Network Management Stations (NMS's) effectively in order to effectively manage your network. This section includes how to properly choose your hardware and what questions you need to ask yourself. Next the book discusses actually installing and running your software. Specifically HP's OpenView Network Node Manager and Castle Rock's SNMPc Enterprise Edition are discussed. Included are detailed instructions along with screenshots of the application. Next there are instructions on how to configure SNMP agents. You are walked through some standard configuration parameters plus some advanced parameters that sometimes crop up. Once again there are plenty of screen shots to help you know you are on the right path.
Now that you've been walked through the configuration of your system and the installation of software, the book shows you how to use the three basic SNMP operations of snmpget, snmpset, and snmpwalk. A group of Perl scripts are shown that set, get, and walk objects. Next HP OpenView and Net-SNMP are used to perform the same operations from the command line. A third alternative is demonstrated that uses OpenView's graphical MIB Browser. Next is a discussion of how to set up SNMP to poll your devices at certain intervals and to set thresholds that require action if crossed. Again Perl scripts enter the discussion for configuring this set-up. SNMPc and OpenView screen shots show you how to configure this using graphical interfaces, and what to expect. Next the book discusses traps, which are how an agent sends a monitoring station asynchronous notification about certain key conditions that may require action. The book demonstrates how to handle traps using OpenView and Perl scripts. Next the book shows how to read, configure, and even define your own traps.
The book now turns to the problem of agents that need to be extended in their abilities. The book discusses the answer to this problem - extensible SNMP agents - and three of them in particular - the OpenView, Net-SNMP, and SystemEdge agents. Next are some interesting scripts for automating common system administration tasks. Issues covered by these little scripts include determining who is logging into your machine, a port monitor, service monitoring, and switching port control, among others. There is then a discussion on MRTG (Multi Router Traffic Grapher), a trend analysis tool that generates image files and whose output is viewable from a web browser. Complete instructions on installing and using the tool are given. The next tool discussed is RRDtool, which in network management will most likely be used to store and process data collected via SNMP. However RRDtool can be used for many diverse purposes that have nothing to do with computer networks. The last chapter in the book is an odd one on using Java with SNMP. Specifically, the book presents the Java SNMP API known as SNMP4J. It doesn't really seem to add any functionality other than being an alternative for people who don't like to use Perl.
I liked this book very much. It had many good examples and it answered all of the questions I had previously had on SNMP starting from the beginning with what is SNMP and what can it do for you? I would highly recommend it to any network administrator who is planning on workng with SNMP.
Essential SNMP, Second Edition, Review.......2007-01-17
An excellent book that can help not only network engineers but Unix system administrators.
A lot of doubts that I had about SNMP went away and I feel much more relaxed with this topic in technical circles.
Good book, but where is there one for idiots?.......2007-01-11
I pretty much hate SNMP. It's stems from not understanding it. This book has given me a grasp on some of the concepts, but has refered to a few things that I am supposed to already know. It's not for beginners.
Books:
- Teach Yourself VISUALLY Windows Vista (Teach Yourself VISUALLY (Tech))
- The Bible for Dummies
- The Complete Cisco VPN Configuration Guide (Networking Technology)
- The Customer-Driven Company: Managerial Perspectives on QFD
- The Data Warehouse Toolkit: The Complete Guide to Dimensional Modeling (Second Edition)
- The Guru's Guide to Transact-SQL
- The Little SAS Book: A Primer, Third Edition
- The PMP Exam: How to Pass On Your First Try (Test Prep series)
- The Usability Engineering Lifecycle: A Practitioner's Handbook for User Interface Design (Interactive Technologies)
- The World Is Flat [Updated and Expanded]: A Brief History of the Twenty-first Century
Books Index
Books Home
Recommended Books
- Event Planning : The Ultimate Guide to Successful Meetings, Corporate Events, Fundraising Galas, Con
- Blackwater: The Rise of the World's Most Powerful Mercenary Army
- Spanish All Talk Basic Language Course
- The Rough Guide to Opera
- Wiley GAAP 2007: Interpretation and Application of Generally Accepted Accounting Principles
- Body of Lies: A Novel
- A Deeper Blue: Passion Marks II
- Century 21 Accounting, Texas Multicolumn Journal
- The Transfer Society: Economic Expenditures on Transfer Activity
- Where I Live Now
