|
General IT & Information Security
|
|
Practical Unix & Internet Security, 3rd Edition
by Gene Spafford, Simson Garfinkel, Alan Schwartz
|
|
Building Internet Firewalls (2nd Edition)
by Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman
|
|
Secure Coding: Principles and Practices
by Mark G. Graff, Kenneth R. Van Wyk
|
|
Mastering FreeBSD and OpenBSD Security
by Yanek Korff, Paco Hope, Bruce Potter
|
|
Security Warrior
by Cyrus Peikari, Anton Chuvakin
|
|
Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPNs), Routers, and Intrusion Detection Systems
by Stephen Northcutt, Lenny Zeltser, Scott Winters, Karen Fredrick, Ronald W. Ritchey
|
|
CISSP (Certified Information Systems Security Professional) All-in-One Exam Guide, 3rd Edition
by Shon Harris
|
|
Buffer Overflow Attacks
by James C. Foster, Vitaly Osipov, Nish Bhalla
|
|
Botnets: The Killer Web Applications
by Craig Schiller, Jim Binkley
|
|
Linux Firewalls
von Andreas G. Lessig
Als Latex Version: O'Reilly Open Book.
|
|
Das Firewall Buch
von Wolfgang Barth
|
|
Essential PHP Security
by Chris Shiflett
|
|
Secrets and Lies: Digital Security in a Networked World
by Bruce Schneier
|
|
Beyond Fear
by Bruce Schneier
|
|
The Art of Deception: Controlling the Human Element of Security
by Kevin D. Mitnick, William L. Simon, Steve Wozniak
Make sure you read
the original first chapter
and about the rumors surrounding it.
You might also be interested in Mitnick's
testimony before the U.S. Congress.
|
|
Information Security Management
|
|
Information Security Management Handbook, Sixth Edition
by Harold F. Tipton, Micki Krause
|
|
The Security Risk Assessment Handbook
by Douglas J. Landoll
|
|
Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management
by Thomas R. Peltier
|
|
Information Security Risk Analysis, Second Edition
by Thomas R. Peltier
|
|
Network Security Assessment
by Chris McNab
|
|
Writing Information Security Policies
by Scott Barman
|
|
Related Standards
|
|
ISO/IEC 27001:2005 Information Security Management Systems — Requirements
(aka BS 7799, Part 2)
ISO/IEC
|
|
|
ISO/IEC 13335-1:2004 Information technology -- Security techniques -- Management of information and communications technology security -- Part 1: Concepts and models for information and communications technology security management
ISO/IEC
|
|
NIST SP 800-100: Information Security Handbook: A Guide for Managers
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-30: Risk Management Guide for Information Technology Systems
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
BSI 100-1: Managementsysteme für Informationssicherheit (ISMS)
Bundesamt für Sicherheit in der Informationstechnik
|
|
|
BSI 100-3: Risikoanalyse auf der Basis von IT-Grundschutz
Bundesamt für Sicherheit in der Informationstechnik
|
|
Incident Response, Intrusion Detection & Forensics
|
|
Incident Response: A Strategic Guide to Handling System and Network Security Breaches
by Eugene Schultz and Russell Shumway
|
|
Network Intrusion Detection (3rd Edition)
by Stephen Northcutt, Judy Novak
|
|
Intrusion Signatures and Analysis
by Mark Cooper, Stephen Northcutt, Matt Fearnow, Karen Frederick
|
|
Forensic Discovery
by Dan Farmer, Wietse Venema
Freely available at http://www.porcupine.org/forensics/forensic-discovery/.
|
|
Managing Security with Snort and IDS Tools
by Christopher Gerg, Kerry J. Cox
|
|
Rootkits: Subverting the Windows Kernel
by Greg Hoglund, Jamie Butler
|
|
Cryptography
|
|
Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition
by Bruce Schneier
|
|
IT Security Culture
|
|
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage
by Cliff Stoll
|
|
Network Administration
|
|
TCP/IP Illustrated, Volume 1
by W. Richard Stevens
|
|
Linux Network Administrator's Guide (2nd Edition)
by Olaf Kirch (Author), Terry Dawson (Author)
In PDF, HTML or other formats: The Linux Documentation Project.
In Deutscher Sprache als O'Reilly Open Book.
|
|
Switching to VoIP
by Theodore Wallingford
|
|
Linux/UNIX System Administration
|
|
qmail
by John R. Levine
|
|
Postfix: The Definitive Guide
by Kyle D. Dent
|
|
SpamAssassin
by Alan Schwartz
|
|
LDAP System Administration
by Gerald Carter
|
|
SSH, The Secure Shell: The Definitive Guide
by Daniel J. Barrett, Richard Silverman
|
|
DNS and BIND, Fourth Edition
by Cricket Liu, Paul Albitz
|
|
UNIX Backup and Recovery
by W. Curtis Preston
|
|
Essential System Administration, Third Edition
by AEleen Frisch
|
|
The Complete FreeBSD, 4th Edition
Freely available at http://www.lemis.com/grog/Documentation/CFBSD/.
|
|
Solaris 10 Advanced User's Guide
Freely available at http://docs.sun.com/app/docs/prod/solaris.10.
|
|
Solaris 10 System Administration Guide: Basic Administration
Freely available at http://docs.sun.com/app/docs/prod/solaris.10.
|
|
Running Linux, Fourth Edition
by Matt Welsh, Lar Kaufman, Matthias Kalle Dalheimer, Terry Dawson
In Deutscher Sprache in der 3. Auflage als O'Reilly Open Book.
|
|
Linux System Administration, Second Edition (Craig Hunt Linux Library)
by Vicki Stanfield, Roderick W. Smith
|
|
Learning the vi Editor (6th Edition)
by Arnold Robbins, Linda Lamb
|
|
Learning the bash Shell, 2nd Edition
by Bill Rosenblatt, Cameron Newham
|
|
Learning Perl, Fourth Edition
by Randal Schwartz, Tom Phoenix, Brian Foy
|
|
Learning the UNIX Operating System, Fifth Edition
by Jerry Peek, Grace Todino-Gonguet, John Strang
|
|
Windows System Administration
|
|
Microsoft Windows 2000 Server Administrator's Companion, Second Edition
by Charlie Russel, Sharon Crawford, Jason Gerend
|
|
Programming/Software Development
|
|
Beginning Java 2
by Ivor Horton
|
|
Thinking in Java (3rd Edition)
by Bruce Eckel
This book is available for download at mindview.net.
personal note: that's how I learned programming and understoode the OO concept - it's my bible!
|
|
JavaServer Pages, 3rd Edition
by Hans Bergsten
|
|
Web Application Development with PHP 4.0 (with CD-ROM)
by Tobias Ratschiller, Till Gerken
Note: this one is really outdated by now
|
|
JavaScript: The Definitive Guide
by David Flanagan
|
|
Ajax in Action
by Dave Crane, Eric Pascarello, Darren James
|
|
Open Source Development with CVS, 3rd Edition
by Moshe Bar, Karl Fogel
In PDF, HTML or other formats (also in German): cvsbook.red-bean.com.
|
|
The C Programming Language, 2nd Edition
by Brian W. Kernighan, Dennis Ritchie, Dennis M. Ritchie
|
|
Professional Assembly Language
by Richard Blum
|
|
Data Modeling & Databases
|
|
Data Modeling Essentials, Third Edition
by Graeme Simsion, Graham Witt
|
|
MySQL, Second Edition
by Paul DuBois
|
|
Oracle9i: The Complete Reference
by Kevin Loney, George Koch, Tusc
|
|
Oracle9i PL/SQL Programming
by Scott Urman
|
|
Legal
This section only lists books that are also appropriate for laypersons.
|
|
FISMA Certification & Accreditation Handbook
by Laura Taylor
|
|
Sarbanes-Oxley Guide for Finance and Information Technology Professionals
by Sanjay Anand
|
|
GigaLaw Guide to Internet Law
by Doug Isenberg
Great introduction to US Internet law - from intellectual property rights to the First Amendment!
|
|
Open Source Licensing: Software Freedom and Intellectual Property Law
by Lawrence Rosen
|
|
A Practical Guide to Software Licensing for Licensees and Licensors
by H. Ward Classen
|
|
Computerstrafrecht im Überblick
von Susanne Reindl
|
|
IT Security Articles
|
|
Smashing The Stack For Fun And Profit, Phrack Magazine, Volume Seven, Issue Forty-Nine, File 14 of 16, 1996
by Aleph One
|
|
|
Once upon a free()..., Phrack Magazine, Volume 0x0b, Issue 0x39, Phile #0x09 of 0x12, 2001
by Anonymous
|
|
w00w00 on Heap Overflows, 1999
by Conover
|
|
|
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
by Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie and Jonathan Walpole,
Department of Computer Science and Engineering Oregon Graduate Institute of Science & Technology
|
|
|
IP-spoofing Demystified, Phrack Magazine, Volume 7, Issue 48, File 14 of 18, 1996
by daemon9
|
|
Inside the Buffer Overflow Attack: Mechanism, Method & Prevention, SANS GSEC Practical v.1.3, 2002
by Mark E. Donaldson
|
|
|
A Tour of TOCTTOUs, SANS GSEC Practical v.1.4b, 2002
by J. Craig Lowery
|
|
|
An Analysis of Some Software Vulnerabilities, 1998
by Ivan Krsul, Eugene Spafford and Mahesh Tripunitara, COAST Laboratory, Purdue University
|
|
|
An Empirical Study of the Reliability of UNIX Utilities, Communications of the ACM 33, December 1990, 32-44
by Barton P. Miller, Lars Fredriksen, Bryan So
|
|
|
Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services, 1995
by Barton P. Miller, David Koski, Cjin Pheow Lee, Vivekananda Maganty, Ravi Murthy, Ajitkumar Natarajan and Jeff Steidl,
Computer Sciences Department, University of Wisconsin
|
|
|
Virus Writers 360° - An analysis of virus writers, SANS GSEC Practical v1.4b, 2004
by Julie S. Newberry
|
|
|
Bots & Botnet: An Overview, SANS GSEC Practical v.1.4b, 2003
by Ramneek Puri
|
|
|
One View of A Critical National Need: Support for Information Security Education and Research, 1997
by Eugene H. Spafford
|
|
|
UNIX and Security: The Influences of History, 1995
by Eugene H. Spafford
|
|
|
An overview of common programming security vulnerabilities and possible solutions, 2003
by Yves Younan
|
|
Information Security Standards
|
Information Security Principles
|
|
GAISP - Generally Accepted Information Security Principles
ISSA - Information Systems Security Association
|
|
OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security
OECD
|
|
|
NIST SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
ISO/IEC Information Security Standards
|
|
|
ISO/IEC 27001:2005 Information Security Management Systems — Requirements
(aka BS 7799, Part 2)
ISO/IEC
|
|
|
ISO/IEC 17799:2005 Code of practice for information security management
(aka BS 7799, Part 1)
ISO/IEC
|
|
|
ISO/IEC 13335-1:2004 Information technology -- Security techniques -- Management of information and communications technology security -- Part 1: Concepts and models for information and communications technology security management
ISO/IEC
|
Common Criteria for Information Technology Security Evaluation (CC)
|
|
Common Criteria v3.1
ISO/IEC in participation with:
- Australia/New Zealand: The Defence Signals Directorate and the Government Communications Security Bureau respectively;
- Canada: Communications Security Establishment;
- France: Direction Centrale de la Sécurité des Systèmes d'Information;
- Germany: Bundesamt für Sicherheit in der Informationstechnik;
- Japan: Information Technology Promotion Agency
- Netherlands: Netherlands National Communications Security Agency;
- Spain: Ministerio de Administraciones Públicas and Centro Criptologico Nacional;
- United Kingdom: Communications-Electronics Security Group;
- United States: The National Security Agency and the National Institute of Standards and Technology.
|
DoD Trusted Computer System Evaluation Criteria
|
|
Department Of Defense Trusted Computer System Evaluation Criteria (TCSEC), 5200.28-STD
quite historic (December 26, 1985) but still a good read!
Note: it's better known as the "Orange Book"
|
FISMA - U.S. Federal Information Security Management Act of 2002 (Title III of the E-Government Act of 2002)
|
|
|
Title III of the E-Government Act of 2002
|
|
|
NIST FIPS 199: Standards for Security Categorization of Federal Information and Information Systems
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST FIPS 200: Minimum Security Requirements for Federal Information and Information Systems
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-37: Guide for the Security Certification and Accreditation of Federal Information Systems
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-53, Revision 2: Recommended Security Controls for Federal Information Systems
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-53A: Guide for Assessing the Security Controls in Federal Information Systems
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-59: Guideline for Identifying an Information System as a National Security System
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-60: Guide for Mapping Types of Information and Information Systems to Security Categories
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-18, Revision 1: Guide for Developing Security Plans for Federal Information Systems
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
Sarbanes-Oxley Act of 2002
|
|
|
Sarbanes-Oxley Act of 2002
|
Austrian Information Security Standards
|
|
Österreichisches IT-Sicherheitshandbuch
Stabsstelle IKT-Strategie des Bundes, Republik Österreich
|
German Information Security Standards
|
|
|
BSI IT-Grundschutz-Kataloge
Bundesamt für Sicherheit in der Informationstechnik
|
|
|
BSI 100-1: Managementsysteme für Informationssicherheit (ISMS)
Bundesamt für Sicherheit in der Informationstechnik
|
|
|
BSI 100-2: IT-Grundschutz-Vorgehensweise
Bundesamt für Sicherheit in der Informationstechnik
|
|
|
BSI 100-3: Risikoanalyse auf der Basis von IT-Grundschutz
Bundesamt für Sicherheit in der Informationstechnik
|
Miscellaneous NIST Information Security Standards
|
|
|
NIST SP 800-83: Guide to Malware Incident Prevention and Handling
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-12: An Introduction to Computer Security: The NIST Handbook
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-33: Underlying Technical Models for Information Technology Security
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-30: Risk Management Guide for Information Technology Systems
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-27 Rev A: Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-55: Security Metrics Guide for Information Technology Systems
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
|
|
NIST SP 800-100: Information Security Handbook: A Guide for Managers
NIST - National Institute of Standards and Technology, U.S. Department of Commerce
|
