-
January 27th, 2004, 02:05 AM
#11
You have written mutiply tuts on honeypots and we have spoken about tarpits. Why not include a chapter/s on those subjects. Defiently would make for an interesting read. I am looking foward to any possibilite of a book written by you. Congrads and hope it turns out as you like it to!!!
hjack
"Where the tree of knowledge stands, there is always paradise": thus speak the oldest and the youngest serpents.
- Friedrich Nietzsche
-
January 27th, 2004, 02:17 AM
#12
If you are attempting to reach those of intermediate skill and knowledge, please remember that not everybody is at the same leval. One person might be just a knowledgeable beginner, while another would be close to an expert. But, even the person close to the expert leval is probably missing some basics.
I would be interested in an intermediate book that would also reference good beginning material. Not to lay it out right there, but to at least reference where I can go to fill in the gaps I might have. That way a beginner could also benifit from your work, although they would probably be reading double what the true intermediate student would be.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
January 27th, 2004, 03:21 AM
#13
Senior Member
A walkthough and how to make and use an exploit.
-
January 27th, 2004, 03:29 AM
#14
Stress the use of google
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
January 27th, 2004, 05:06 AM
#15
Member
Originally posted here by qod
A walkthough and how to make and use an exploit.
Then Show how to Defend Against it and variations of it...and Server Security in general..
HTH
P.S. I Too Would Like a Copy, When it is finished..
Cheers
[gloworange]The Only Way to be Safe is To Never Be Secure. [/gloworange]
Benjamin Franklin
-
January 27th, 2004, 05:13 AM
#16
Senior Member
If looking at a book for Newbied to Intermediate .. I suggest
* Thorough explanation of avaiable Network Protocols (There vulnerabilities and means to identify the same and defense against the known vulnerabilities in Depth. A detailed explanation on how to make meaning out of packets captured by sniffer.. before that good guide on where to place the sniffer....
* Explanation of various Security Architechture and focus on Designing a Secure Network. What should be the consideration before placing a firewall... where should the firewall be places... how many firewalls is it sufficient to secure my network..... Again similar details abt IDS / IPS
* Secured Communications.... Use of VPN , PGP and other such technologies
* Cryptography......
* Honey Net .... Diffrent deployment techniques
* Future attack trends
* Future Defense trends
* Support the book with many real life case studies....
I guess this is what I would particularly like to see from a SECURITY BIBLE..... but again look for a better name also.........
Regards
kalp
****** Any man who knows all the answers most likely misunderstood the questions *****
-
January 27th, 2004, 05:49 AM
#17
Someone said in another forum in this site that identity theft has become a trend. Yes, I think Security and Privacy should go hand in hand...
CONFIDENTIALITY is a security issue primarily concerned with protecting information from disclosure, while...
PRIVACY relates to the careful and ethical secondary use of personal information (using consumer information in ways unknown or unapproved by the consumer)
You can have good, effective, SECURITY (CONFIDENTIALITY) without PRIVACY, but...
You cannot manage PRIVACY without good SECURITY!
Peace always,
<jdenny>
Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds
-
January 27th, 2004, 06:06 AM
#18
How about including stories at the beginning of each chapter which of course will be related to the topic that will be talked about ? Maybe along the line of how the cracker manage to crack the system. But yet the admin manage to trace him down with the tools that were available to him. Does that even make any sense ?
Then you could go in-depth about the tools which were used, and the sort etc etc ...
I personally would really love to learn more about SQL injection. So it would be pretty cool if you could talk about that.
P.S. I would sure like a copy of the book once it's out. Hope that everything goes well.
-
January 27th, 2004, 06:41 AM
#19
The Agent is on the right with that idea. I'm tired of case studies. Write the book with a kind of Cloak and Dagger feel, blackhat vs. whitehat. (that's how it is in the real world...isn't it )
Of course explain the exploit in brutal detail and what vulnerability it exploits. (I wouldn't give the exploit code...I favor Full Disclosure, just not that full). Then, If the blackhat succeeds, explain why (Admin did't patch MS flaw and patch file was out for 6 months).
When the blackhat fails, .....well I think you get the idea. (I hope so because now I'm confused!)
Anyhow...It' will make the book more enjoyable to read, and at the same time, you'll have fun writing it. I'm sure most of us will be glad to proof it for you when you get a draft going.
----------------------------------Tear Here to Redeem Coupon------------------------------------
Coupon Good for one autographed copy of MsMittens Security Bible upon publication
certain restrictions may apply, see www.MsMittens.com for details
-
January 27th, 2004, 11:00 AM
#20
----------------------------------Tear Here to Redeem Coupon------------------------------------
Coupon Good for one autographed copy of MsMittens Security Bible upon publication
certain restrictions may apply, see www.MsMittens.com for details
LOL ... Thank all for your suggestions, ideas and comments. It is giving me something to consider. At this point, as I mentioned at the beginning, this is just ideas being tossed about. I don't know if they will go for it but part of the reason for my wanting to do this was a lack of a decent text. Most of the texts that I've seen or used are either too dry, too basic (too beginner), too high level (too advanced) or out-dated.
Keeping up to date will be hard because much like computers, once bought, it's out of date (for the most part).
Case studies or "stories" are something I use in class anyways. I have a feeling if I go ahead with this, it will be somewhat like my "lectures" or discussions rather than a step-by-step thing.
Definately how blackhats get in and how to defend would be the basics of the book (whether we talk about exploits, script kiddie tools, virus, worms, social engineering) and perhaps a break down along those lines.
Hrmmm.. more to think about.
Oh.. and title is the last thing I'm thinking about right now. First, I have to get the book idea approved with the publisher. Then write the book. When that's done (which won't be a short time, I think), I'll come back for some title ideas. So let's not put the cart before the horsey just yet.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|