The following books contain good information on security for network and system administrators:
Bragg, Roberta. Windows 2000 Security. New Riders, 2001. ISBN 0735709912.
This book provides an excellent overview of Windows 2000 security concepts, tools, and best practices, and draws heavily on her experience as the security editor for MCP Magazine.
Cox, Philip and Tom Sheldon. Windows 2000 Security Handbook. Osborne McGraw-Hill, 2000. ISBN 0072124334.
Philip Cox did an excellent job of updating Tom Sheldon's Security Handbook for Windows 2000, keeping what was already a good resource in great condition. This book contains lots of workplace tips and advice, and deals as well with practical policies and procedures as it does with Windows security topics.
Andress, Mandy.Surviving Security. SAMS, 2001. ISBN 0672321297.
Mandy Andress covers the work involved in analyzing business processes and security requirements, and explains how to use that information to guide (or check) an organization's security policy. Whereas most of the other books mentioned here focus on security tools and technologies, this book provides valuable information on integrating security into business planning and processes.
Schmidt, Jeff. Microsoft Windows 2000 Security Handbook. Que, 2000. ISBN: 0789719991.
Jeff Schmidt' book stands alone in this crowd in its focus on designing and implementing security policies and procedures, and in integrating people, processes, and technology to make them work. A must-have reference for anyone charged with handling security on a "big picture" basis.
McClure, Stuart, Joel Scambray and George Kurtz. Hacking Exposed, 2nd Edition: Network Security Secrets and Solutions. Osborne/McGraw-Hill, 1999. ISBN: 0072121270.
The McClure, Scambray, and Kurtz book provides the best insight into the hacker mindset, and some of the best coverage of hacking tools and techniques we've ever seen anywhere. If you want to understand how most penetration attempts proceed, and learn how to foil them, this book is a must-read.
Cheswick, William R. and Steven M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, 1994. ISBN: 0201633574.
The 2nd Edition is due whenever it's finished (currently 10/2001)! If the 2nd edition of this book (we currently have only the 1st) is as good as its predecessor, it will be another standout for anybody's security bookshelf. Although the 1st edition is a bit dated by now (especially in its coverage of firewall features and functions and IP protocol-level security topics), it's still a useful reference today.
Zwicky, Elizabeth, et al. Building Internet Firewalls, 2nd Edition. O'Reilly & Associates, 2000. ISBN: 1565928717.
In the early 90's, Brent Chapman and Elizabeth Zwicky recounted their understanding of how to construct an Internet firewall from scratch. Although the 2nd edition of the book remains developer-focused, those who seek to plumb the inner workings of firewalls and proxies could do worse than to read this excellent book.
Shinder, Thomas, et al. Configuring Windows 2000 Server Security. Syngress Media, 1999. ISBN 1928994024.
Tom Shinder's book aims to help people prepare for the 70-220 Designing Secure Windows 2000 Networks exam, but also provides lots of useful information on securing Windows 2000 along the way.
Northcutt, Stephen and Judy Novak. Network Intrusion Detection: An Analyst's Handbook, 2nd Edition. New Riders, 2000. ISBN: 0735710082.
Before becoming the director of training and certification for SANS, Stephen Northcutt ran the DoD's Shadow Intrusion Detection Team, then worked as the Chief for Information Warfare at the ballistic missile defense organization. This book reflects his outstanding knowledge and experience in detecting and dealing with network and system intrusions and with handling related security incidents.