-
September 26th, 2004, 05:56 AM
#1
Junior Member
Recommendations for a newbie?
Hey guys,
I orginally posted this in the wrong forum: I was wondering if any you guys could recommend a good book to help me pick up on some key computer security fundamentals, especially pertaining to Windows 9x and XP. I'm looking for info on explotation concepts (i.e. most revolve around I've seen revolve around concepts like (buffer overrun) and appropriatecountermeasures. Where can I find good info on this stuff?
Thanks,
Steve
-
September 26th, 2004, 06:06 AM
#2
-
September 30th, 2004, 01:25 AM
#3
Junior Member
Hacking Exposed (Most versions)
Maximum Security
The Unofficial Guide to Ethical Hacking
Network Security: A Hacker's Perspective
The Ethical Hacking Guide to Corporate Security
-
September 30th, 2004, 01:32 AM
#4
Since buffer overflows and preventing them are a part of coding, I'd look into an advanced book and/or book that describes proper coding syntax of whatever coding language you're interested in.
Since I have no real world expierence, maybe chsh or Juridian can shed some more light on how they learned about situations like these.
-
September 30th, 2004, 02:42 AM
#5
I'm not exactly the best person to ask for book resources, as a lot of my learning has been done through other means. Much of my experience comes in software development, but unfortunately one of the problems out there that's existed for a long time is a lack of focus on best practices. I found after reading "The C++ Programming Language: Special Edition" by Bjarne Stroustrup (the guy at AT&T who first developed the language) that he covers pretty well how to write C++ with an eye towards best practices. It's not completely brand spanking new, but it was a refreshing change of pace from most other development books I've read.
That being said, the OP didn't really ask about programming security, but more generic use security. I honestly can't say I've ever read an astounding desktop security book. My understanding came from a trial and error approach at home, as well as a logically dictated thought process of what was sensible given my knowledge of the environment. It was further developed after I started working as a Sys/Netadmin -- there really are some things that just won't seem important until you are on the job.
My advice would be to read the resources people here recommend to you now, and have recommended in the past (especiallly MsMittens, Hogfly, HTRegz, and Juridian, IMO). This will require making use of the forum search function, but something along the lines of "book recommendations" should pull up quite the list.
Additionally, as you broaden your understanding, form a set of security principles, but understand that they are principles and sometimes circumstance dictates breaking them.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
September 30th, 2004, 02:48 AM
#6
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
September 30th, 2004, 04:42 AM
#7
w00t, I checked out building secure software from my uni library before I read this. It looked pretty good. Haven't looked at it much because I also have the shellcoder's handbook which seemed more interesting. Can anyone give a comparison. Is there one I should focus more on? Thanks.
-
September 30th, 2004, 09:46 AM
#8
The Unofficial Guide to Ethical Hacking
Network Security: A Hacker's Perspective
The Ethical Hacking Guide to Corporate Security
I'd stay away from these ones. The book Hacking: The Art of Exploitation is actually quite good. In addition, some specific OS security you might want to take a gander at the Hacking Exposed series or even Microsoft's security books (for each OS).
I have to agree with chsh in that you will find that it might be necessary to widen your view a bit. (e.g., firewalls, IDS, wi-fi security, etc.). And don't be afraid to look online, not just at Antionline. SANS reading room actually has quite a few good papers that might be what you're looking for (I think you need to register to access them but that's free IIRC).
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|