Bibliography
I'll add further references and reviews to this page as the session progresses.
Feel free to add any books or references you find useful to the Student Bibliography. Also feel free to write your own reviews for any of the references listed here (just click on the name) - in your review copy the format I used in the Applied Cryptography, Bruce Schneier review. If there are already reviews for a reference just append yours to the bottom.
Books
| Author/Title click title to read/write reviews | When | Topic | Rating | notes |
| Applied Cryptography, Bruce Schneier | 1996 | General Crypto | 5 | good coverage of crypto and practical security |
| Building Internet Firewalls, D. Zwicky, S. Cooper, D. Chapman | 2000 | Firewalls | 3.5 | O'Reilly handbook on firewalls |
| Basic Methods of Cryptography, JC van der Lubbe | 1997 | General Crypto | 4 | concise, well explained, rigerous. Aimed at advanced students and researchers. Nice coverage of IDEA. Predates AES. |
| Corporate Computer and Network Security, R Panko | 2004 | General Security | 5 | nice overview. clearly written |
| Counter Hack, Ed Skoudis | 2002 | Security | 4 | good intro to tcp/ip and practical security |
| Cryptology, A Beutelspacher | 1994 | Crypto | 4.5 | very clear & gentle intro to simple cryptology |
| Firewalls and Internet Security, W. Cheswick, S. Bellovin, A. Rubin | 2003 | Firewalls | 4 |
As you'd expect from cheswick's famous paper this is detailed and clever. However not so well designed and patchy in coverage. If I was getting just one firewall book this wouldn't be it. Two of the best chapters are available online: ![[WWW]](/~cs3441cgi/2004/wiki/course/img/moin-www.png){kind=small} upper layer protocols lower layer protocols |
| Honeypots, Lance Spitzner | 2003 | Honeypots | 4 | the definititive honeypot book |
| Inside Network Perimeter Security, S. Northcutt, et al | 2003 | Firewalls | 4 | great reference from SANS |
| Internetworking with TCP/IP vol1, Douglas Comer | 2000 | TCP/IP | 5 | the definitive reference |
| Introduction to Cryptography with java applets, D. Bishop | 2003 | Crypto | ||
| Know your enemy, the Honeynet project | 2002 | Honeypots | 4 | bit waffly and light on detail but a great coverage of a great project |
| Making, Breaking Codes, P. Garrett | 2001 | Cryptanalysis | ? | |
| Modern Cryptography: Theory and Practice, W. Mao | 2004 | General Crypto | 3.5 | OK, comprehensive and up to date, but bit dull |
| Network Security, Kaufman et al | 2002 | Covers everything | 4 | nice overview |
| Network Security Essentials, W. Stallings | 2003 | Covers everything | 4.5 | |
| Practical Cryptography, N Ferguson, B Schneier | 2003 | Crypto | 4.5 | strong practical focus |
| Security Engineering, Ross Anderson | 2001 | General Security | 4.5 | nice overview. clearly written |
| Security in Computing 3rd Ed, C&S Pfleeger | 2003 | General Security | ? | |
| The Art of Deception, K Mitnick | ? | Social Engineering | 5 | ? |
Online
| What | Rating | Topic | Details | cached |
|
Smashing The Stack For Fun And Profit |
4 | Stack Overflow info/howto | a famous summary by hacker aleph1 |
smashingTheStack.pdf |
|
An Evening With Berferd, in which a Hacker is Lured, Endured, and Studied |
5 | Famous history | The first honeypot! |
berferd.pdf |
|
The strange tale of the denial of service attacks against grc.com |
4 | Famous history | Analysing a 13yr old script kiddie attack. A fun read. |
grcdos.pdf |
|
DRDoS: Distributed Reflection Denial of Service (GRC) |
4 | Famous history | Analysing a reflected DOS attack |
drdos.htm |
|
EU report on ECHELON |
4 | Sniffing | The US worldwide evesdropping network (australia is a vital and government sanctioned part of this) |
rapport_echelon_en.pdf |
|
IP hijack attack |
3.5 | network protocol attacks | Simple Active Attack Against TCP |
iphijack.txt |
|
Intercepting Mobile Communications: The insecurity of 802.11 |
3.5 | WEP attacks | an overview |
mobicom.pdf |
|
Undeniable Signatures |
3.5 | Protocols | a summary |
undsigs.pdf |
|
The INTEL RNG |
3.5 | Random Number Generators | The crypto RNG built into intel chips |
IntelRNG.pdf |
|
The Ping of Death |
3.5 | DOS attack | big ICMP packets used to bring down hosts | - |
|
Shields Up! |
3.5 | port scanner | check your firewall online (click the "shields up!" link miles down the page) | - |
|
online man pages |
- | reference | look up man pages of unix commands | - |
|
RFCs |
- | reference | look up RFCs | - |
Useful Sites
| http://www.insecure.org/ | Insecure.org | hacker site |
| Bugtraq | ||
| CERT control center | ||
| GRC | steve gibson's site | |
| Crime statistics | ||
| online privacy | ||
| counterpane | bruce schneier's site | |
| SANS | ||
| DShield | ||
| rootshell |
Fun
| Author/Title click title to read/write reviews | When | Topic | Rating | notes |
| An Evening with Berferd, Bill Cheswick | Catching a hacker with a honeypot | 5 | fantastic read and interesting | |
| The Cuckoo's Egg, Clifford Stoll | 70's | Catch a hacker | 5 | fantastic read and interesting |
| The Code Book, Simon Singh | 1999 | History of codes | 4 | Gentle intro but well done. Has modern content too |
| Codes Ciphers and Secret Writing, Martin Gardner | 1972 | puzzles | 4 | some of the more simple mathematics of coding. Fun and very readable in the normal garnder style. Based on The Codebreakers |
| The Puzzle Palace, James Bamford | 1982 | History of NSA and US SIGINT | 5 | |
| Body of Secrets, James Bamford | 2001 | History of NSA and US SIGINT | 4.5 | very detailed and very interesting |
| The Codebreakers, David Kahn | ? | History of Cryptanalysis | ? | ? |
| Takedown, Shimimura | ? | hacker bio | 2.5 | One version of the kevin mitnick story |
| The Watchman, Jonathan Littman | 1997 | hacker bio | ? | ? |
| Hacker Cracker, E. Nuwere | 2002 | a "real life" story | ? | ? |
| The Fugitive Game, Jonathan Littman | 1996 | hacker bio | 5 | One version of the kevin mitnick story |
| The hacker diaries, D. Verton | 2002 | Hacker stories | ? | ? |
| The hacker crackdown, B. Sterling | 1992 | Early hacker stories | ? |
the early days of phreakers and hackers available online |
| Crypto, Steven Levy | 2001 | light history | ? | ? |
| The Art of War, Sun Tzu | 500BC | Strategy | ? | ? |
| Hackers, Steven Levy | 1984 | Hacker stories | ? | ? |
| Masters of deception, M Slatalla J Quittner | 1996 | Hacker stories | ? | ? |
| The daVinci Code, Dan Brown | 2003 | beats me | 0 | don't read this expecting any crypto content (or writing ability...) |
| FILM - Three days of the condor | thriller | 5 | robert redford as a researcher for the CIA | |
| FILM - Tron | SCI-FI | 4 | personified processes take on the evil operating system - fun | |
| FILM - Sneakers | action | 4.5 | robert redford leads a team of crackers - fun | |
| FILM - Hackers | fluff | 3 | largely hollywood hacking but a few interesting bits | |
| FILM - War games | hacking | 4 | teenager hacks into military computer - fun | |
| FILM - The Sting | social engineering | 4.5 | robert redford as a grifter (social engineer) | |
| FILM - Spy Games | social engineering | 4 | robert redford vs the cia |
Your Suggestions
-
Student Bibliography - add here any additional relevent books/movies/web resources you've found interesting or useful.
