Home > Articles > Security > Network Security

Ed Skoudis' Favorite Computer Books

  • Print
  • + Share This
Find out what books are sitting on renowned SANS security lecturer Ed Skoudis' bookshelf.
Like this article? We recommend

The Protocols (TCP/IP Illustrated, Volume 1)

by W. Richard Stevens
Addison Wesley

Here's one of those books that is so widely known, used, and revered, everyone refers to it by the name of the author. I frequently hear, and quite often say, "Just look it up in Stevens!" For network professionals, this expression is roughly the equivalent of a software jockey barking "RTFM" (Read the fine – or --*expletive* manual) to clueless users. The book is highly clueful for people needing to understand networks at a fundamental level. When confronted with a weird networking issue, there really are three sources that matter:

  • The Requests for Comments (RFCs) issued by the Internet Engineering Task Force defining how things *should* work,

  • Stevens, which maps how things should work into how they really do, and

  • The actual implementation of a particular vendor.

These three are listed in the order of increasing reality. Stevens takes tough issues, explains them in a reasonable manner without dumbing anything down, and goes beyond the RFCs to get close to the reality of how these protocols are implemented in the real world. The book is useful for learning the protocols and also makes an excellent reference guide. If I were stranded on a desert island and was allowed but one book to analyze my Island Area Network, I'd make sure Stevens was included along with my rations.

Linux Administration Handbook

by Evi Nemeth, Garth Snyder, Trent R. Hein, Adam Boggs (Contributor)
Prentice Hall

Don't let the freakishly cute pictures throw you. This book is quirky, fun, and, best of all, comprehensive. Throughout the last decade of my career in caring for and securing systems, I've heavily utilized the Red UNIX book, followed by the Purple UNIX book, and now, the Green *Linux* book, all from this same basic group of authors. I can't count how many times I've picked up the Red, Purple, or Green books and found exactly the item I need to know. Heck, a tattered version of the Red one belongs in the Smithsonian, as far as I'm concerned.

The latest (that's Green for those not paying attention) focuses on Linux and covers pretty much every topic I've been plagued with as a system administrator, from adjusting boot sectors to scheduling jobs to tweaking the kernel. It goes over the normal, day-to-day stuff, as well as all of the really bizarre items you never thought about asking until you were plagued with a pressing issue on the topic. I read it end-to-end and learned a bunch, and keep it on my shelf for reference. It's not a detailed book; no Linux book could cover as many topics as the Green book and remain less than 47,000 pages. Still, for the topics it does address, it gives you what you need to know right now, and enough insight to get the rest of the information on your own. What more could you ask for?

Honeypots: Tracking Hackers

by Lance Spitzner
Addison Wesley

Let's face it: Honeypots are cool. By setting up sacrificial systems with the intension that they get hacked, we can learn the bad guys' techniques, skill levels, and even motives. Honeypots are just plain fun to play with and learn. The best way to learn about Honeypots is to build one yourself and watch what happens. Lance's book covers all aspects of Honeypot construction, from the simplest tools like Back Officer Friendly to commercial products like ManTrap to complex monstrosities designed to track the most nimble of attackers. Lance is amazingly energetic and enthusiastic, two characteristics that seep through his writing in this book. This is also the first book I've seen that attempts to deal with the sticky (no pun intended) legal issues that arise when handling honeypots.

Incident Response: Investigating Computer Crime

by Chris Prosise, Kevin Mandia

This book is really solid, although its title kind of stinks. The book should have the word "Forensics" in its name, as it spends as much or even more time covering computer forensics analysis than plain old-fashioned incident handling. Title aside, it's written in an engaging style from two seasoned experts in handling computer crime investigations. I learned a bunch while reading it, and have referred back to it every couple of months. Reading about how Mr. Prosise and Mr. Mandia have handled various tricky cases has given me several ideas for improving my own processes for fighting the bad guys.

Hacking Linux Exposed

by Brian Hatch, et al

If you want a hacker's-eye view of Linux, this book delivers the goods. It gets into the guts of Linux and talks about how an attacker tears systems apart. It also provides solid recommendations for hardening systems to keep the attackers out in the first place. From the recommendations in this book, I've expanded my own arsenal of techniques for breaking into Linux systems (which I do from a professional penetration testing perspective only, of course!)

Hacker's Challenge

by Mike Schiffman, et al

When you were a kid, did you ever read the Encyclopedia Brown series of books? In those books, a boy genius would solve cases, Sherlock Holmes style, involving petty theft among his friends. I was an avid Encyclopedia Brown reader, trying to match wits with the junior master as he puzzled through various cases.

Hacker's Challenge is the Encyclopedia Brown book for the Information Security industry. Mr. Schiffman lays out challenges, spilling out a hint here and there along the way. The reader then gets to match wits with the attackers and try to figure out how the attack occurred. This is a marvelous formula for learning and having fun!

Counter Hack

by Ed Skoudis
Prentice Hall

Well, I figure I have to include my own book here, right? We worked extremely hard in creating a tome that would spell out the end-to-end process used by bad guys to break into a system. We included chapters to bootstrap readers on fundamental issues associated with networking, Windows, and UNIX. After getting the reader up to speed, we zoom in on various techniques used to break into systems. The most important aspects of the book, however, are the detailed recommendations for defenses. The most fun area deals with the movie-themed scenarios at the end of the book, including Dial-M for Modem, Death of a Telecommuter, and the Manchurian Contractor.

  • + Share This
  • 🔖 Save To Your Account