rainbow books

Printable View

June 13th, 2002, 01:01 AM
geepod

rainbow books

as a security newbie i was wondering are the rainbow books worth a read at the moment or are they likely to be too intense and indeed are they worthy of a read anyway. i am aware that you can no longer get them in hard copy like you use to but have i have links to get them electronically, also is there an order in which i should read them if at all ?
June 13th, 2002, 01:02 AM
huntx7

They had a thread before saying that they were boring. I have never read one myself, but I plan to.
June 13th, 2002, 01:08 AM
geepod

well i havent obviously read them yet but i as NSA publications from a security point of view i dont imagine them to be boring just wondered at what level they are really? I wouldnt of said that any publication on security was boring as all expands are knowledge which certainly is what i am after, but thanx for the input anyway
June 13th, 2002, 01:13 AM
casper3699

i think to many people have seen the movie hackers too many times. Never read them but heard they were all out of date.
June 13th, 2002, 01:18 AM
geepod

well i thought that the film hackers was crap and totally unrealistic as are most hacking related films. The rainbow books i believe get updated and i actually new about them before i saw hackers !
the site i am to get them from is as followshttp:

www.fas.org/irp/nsa/rainbow.htm
June 13th, 2002, 01:30 AM
casper3699

didnt mean to sound rude.
But it looks like they havent been updateed for a while
NCSC-TG-001 [Tan Book]
A Guide to Understanding Audit in Trusted Systems [Version 2 6/01/88]
NCSC-TG-002 [Bright Blue Book]
Trusted Product Evaluation - A Guide for Vendors [Version 1 3/1/88]
NCSC-TG-003 [Orange Book]
A Guide to Understanding Discretionary Access Control in Trusted Systems [Version 1, 9/30/87]
NCSC-TG-004 [Aqua Book]
Glossary of Computer Security Terms [Version 1, 10/21/88]
NCSC-TG-005 [Red Book]
Trusted Network Interpretation [Version 1 7/31/87]
NCSC-TG-006 [Orange Book]
A Guide to Understanding Configuration management in Trusted Systems [Version 1, 3/28/88]
NCSC-TG-007 [Burgundy Book]
A Guide to Understanding Design Documentation in Trusted Systems
NCSC-TG-008 [Lavender Book]
A Guide to Understanding Trusted Distribution in Trusted Systems [Version 1 12/15/88]
NCSC-TG-009 [Venice Blue Book]
Computer Security Subsystem Interpretation of the Trusted Computer System Evaluation Criteria
June 13th, 2002, 01:37 AM
geepod

ok i accept you werent being rude but i just thought that you thought i was some script kiddie nebie who watches too much tv. as i understood it if you obtained the hard copies you were eligible for updates as they became available if it ws deemed that they needed to be updated. i am not sure how it works with electronic versions but i get your point as some of them are pretty historic although i would imagine that alot if it is recommendations ad hence hasnt needed to be updated, i dont know ?
anyway thanx for your contribution
June 14th, 2002, 11:39 AM
pwaring

The rainbow books can be an interesting read, although they are outdated and unlikely to be of much use today. You can also download them from Wiretapped, along with many other textfiles that you might find to be of interest.
June 14th, 2002, 02:44 PM
lord_darkside_x

some of them are hard for newbies to understans and are slightly out of date. many require extensive knowledge about puters or about the subject it covers. i wouldn't say it is boring, as long as you are really into it and understand it
June 14th, 2002, 03:08 PM
emrys

well i have read most of them and they seem ot bore me some....they are interesting for a history point of view but when it comes down to knowledge it really isnt much ....but if u have the tiem go ahead it is like being n history class :) (/me likes history class)
June 14th, 2002, 03:18 PM
Noia

The thing with these book's it that they are out of date...the technology mentioned is Old, but the consept is well worth it, I have stored many of the Rainbow book's for a rainy day ;) If you want to, read them, if not, don't....it is true that they are rather intense....but with some luck and coffee, you should get through it....
- Noia
June 14th, 2002, 03:20 PM
souleman

They are not updated at all. They are old unclassified DOD/NSA standards. They can tend to be really boring to read, but they do have interesting points. Yes, the material is rather dated, but if you can read them, they give you a good grasp of security issues. Actually boring is quite the word for it. It is really "dry" More about how things should be in a general sence then how things are implemented.

As a security newbie, read everything you can get your hands on. If you can find a book on programming ENIAC, read it. It may be outdated, and completely impractical, but there are always ideas that may come in to practice down the road.