Recommendations for a newbie?

[Fatale]

Hey guys,
I orginally posted this in the wrong forum: I was wondering if any you guys could recommend a good book to help me pick up on some key computer security fundamentals, especially pertaining to Windows 9x and XP. I'm looking for info on explotation concepts (i.e. most revolve around I've seen revolve around concepts like (buffer overrun) and appropriatecountermeasures. Where can I find good info on this stuff?

Thanks,

Steve

[ss2chef]

Google

[amitverma0311]

Hacking Exposed (Most versions)
Maximum Security
The Unofficial Guide to Ethical Hacking
Network Security: A Hacker's Perspective
The Ethical Hacking Guide to Corporate Security

[;TT]

Since buffer overflows and preventing them are a part of coding, I'd look into an advanced book and/or book that describes proper coding syntax of whatever coding language you're interested in.

Since I have no real world expierence, maybe chsh or Juridian can shed some more light on how they learned about situations like these.

[chsh]

I'm not exactly the best person to ask for book resources, as a lot of my learning has been done through other means. Much of my experience comes in software development, but unfortunately one of the problems out there that's existed for a long time is a lack of focus on best practices. I found after reading "The C++ Programming Language: Special Edition" by Bjarne Stroustrup (the guy at AT&T who first developed the language) that he covers pretty well how to write C++ with an eye towards best practices. It's not completely brand spanking new, but it was a refreshing change of pace from most other development books I've read.

That being said, the OP didn't really ask about programming security, but more generic use security. I honestly can't say I've ever read an astounding desktop security book. My understanding came from a trial and error approach at home, as well as a logically dictated thought process of what was sensible given my knowledge of the environment. It was further developed after I started working as a Sys/Netadmin -- there really are some things that just won't seem important until you are on the job.

My advice would be to read the resources people here recommend to you now, and have recommended in the past (especiallly MsMittens, Hogfly, HTRegz, and Juridian, IMO). This will require making use of the forum search function, but something along the lines of "book recommendations" should pull up quite the list.
Additionally, as you broaden your understanding, form a set of security principles, but understand that they are principles and sometimes circumstance dictates breaking them.

[Juridian]

Building Secure Software - John Viega/Gary McGraw - http://www.amazon.com/exec/obidos/AS...175044-2669568

Secure Coding - Principles and practices - http://www.amazon.com/exec/obidos/tg...books&n=507846

Secure programming cookbook for c and c++ - http://www.amazon.com/exec/obidos/AS...175044-2669568

Writing Secure Code - http://www.amazon.com/exec/obidos/tg...glance&s=books

[skiddieleet]

w00t, I checked out building secure software from my uni library before I read this. It looked pretty good. Haven't looked at it much because I also have the shellcoder's handbook which seemed more interesting. Can anyone give a comparison. Is there one I should focus more on? Thanks.

[MrLinus]

The Unofficial Guide to Ethical Hacking
Network Security: A Hacker's Perspective
The Ethical Hacking Guide to Corporate Security

I'd stay away from these ones. The book Hacking: The Art of Exploitation is actually quite good. In addition, some specific OS security you might want to take a gander at the Hacking Exposed series or even Microsoft's security books (for each OS).

I have to agree with chsh in that you will find that it might be necessary to widen your view a bit. (e.g., firewalls, IDS, wi-fi security, etc.). And don't be afraid to look online, not just at Antionline. SANS reading room actually has quite a few good papers that might be what you're looking for (I think you need to register to access them but that's free IIRC).