Great Circle Associates Firewalls
(December 1997)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Building my library
From: Doug Wellington <ddw @ NSMA . Arizona . EDU>
Date: Tue, 02 Dec 1997 18:36:52 -0700
To: firewalls @ greatcircle . com
Cc: Jason Terwilliger <jlt8903 @ osfmail . isc . rit . edu>, ddw @ cortex . NSMA . Arizona . EDU
In-reply-to: Your message of "Tue, 02 Dec 1997 15:44:12 EST." <Pine . OSF . 3 . 95 . 971202153717 . 22597A-100000 @ grace . isc . rit . edu>

>  I was wondering if any of you could give some reccomendations on
>building my computer security library.  Right now, I have the most well
>known books as the cornerstone of my collection:
>	Essential System Administration (Frisch)

Add (or replace with, as the case may be):
Unix System Administration Handbook (Nemeth, Snyder, Seebass and Hein)

>	Internet Security Professional Reference (Hare, et. al)
>	Internet Firewalls and Network Security (Siyan and Hare)

Don't know anything about those...

>	Practicle UNIX and Internet Security (Garfinkel and Spafford)
>	Building Internet Firewalls (Chapman and Zwicky)

Good books.  Add:
Cheswick and Bellovin - my old brain can't remember the actual title.
(Something about tracking the wiley hacker or some such - should be
the first book on your list though, IMHO...)

>I'd appreciate any other reccomendations (books, magazines, etc) that
>would expand on the basics.

Hmmm, those last couple go way past the basics...  If you want to add
anything, get Rich Stevens' three TCP/IP, Illustrated books and maybe
the Design and Implementation of 4.4BSD OS and The Magic Garden books.
Oh, and don't forget John Lyons' commentary on the Unix source code...

Get the O'Reilly book on NIS and NFS, and then a couple of the O'Reilly
books on X windows - #8, the Administrator's Guide, and #0, the
Protocol Reference Manual.  Get O'Reilly's book on Sendmail and Fred
Avolio's (Hmm, hope I spelled that right Fred...) book on Sendmail.
Oh, yeah, don't forget O'Reilly's book on DNS and BIND.  Hell, just
buy the whole damn O'Reilly line!

Also get The Web Security Handbook.  (Apologies to the other authors,
but the only author name I remember on that is Marcus Ranum...)  Get
the apache source code and read it...

Cruise the COAST web site and read all the public papers, hit the
CERT web site and do the same.  Wander down to the Auscert site,
then hit your favorite web index and search for unix and security.
Oh yeah, don't forget to go to the ATT site and read their other papers
about security.  Look for "Berford".  Don't forget the site security
handbook, which is RFC 2196, available free at any RFC site near you.
Get all the RFCs that you can stand and read them.  Sign up for the
LACC, BOS, Bugtraq, NTbugtraq, etc email lists...

Get all the freebee firewall tools and read all the source code.  For
starters, get the tcp wrappers, socks, ipfw, ipfilter and maybe fwtk
and freestone...  Get the Linux, FreeBSD, NetBSD and OpenBSD source
code and read the networking code...  Get a cisco router and learn how
to program it...  Learn SNMP and RMON...

If you're interested in the encryption side, get pgp and kerberos and
of course skey and opie...  Buy Bruce Schneier's book on crypto and
maybe the books from CRC press and that really good German publisher
that I can never remember the name of... ...oh, yeah, Springer Verlag!

Then again, the best way to find out about security is to put your own
Unix box on the Internet and wait for it to be broken into.  Use a plain
vanilla SunOS, SGI or Linux box and don't try to secure it first.  If
you want to draw hackers to your site, but up a provocative web page on
it...  ;-)  (If you really want to see how the hacking is done, have a
second box grabbing all the packets off the wire as it's happening...)

>Also, I would like reccomendations on UNIX Scripting books..

Shell scripting?  Check out the man pages or the documentation that
comes with bash, pdksh or tcsh...  Or scripting languages?  Check out
the O'Reilly books on Perl and Python and Brent Welch's Practical
Programming in Tcl and Tk.  Also Exploring Expect by Don Libes.

If you really want to get into Unix, get The Unix Programming
Environment, Twenty Five Years of Unix, The Unix Philosophy,
and Life With Unix...  Once you get past The Unix Programming
Environment, get Rich Stevens' Advanced Programming in the
Unix Environment.  If you like his TCP/IP books, you might also
want to get his Unix Network Programming book, which he just

...just a few things off the top of my head.  I'm pretty sure I
didn't get all the names and/or titles right, but they should be
close enough...

Let me know when you've gotten through all that.  There will be
a quiz...!  ;-)


Doug Wellington
ddw @
 nsma .
 arizona .
Network and System Administrator
ARL, Division of Neural Systems, Memory and Aging
The University of Arizona, Tucson, AZ
(520) 626-6023
(520) 291-0481 pager
(520) 626-2618 fax

I DON'T buy anything from spammers, and I KEEP TRACK OF WHO SPAMS ME.

I put up with ads on the TV because they pay for programming.  When
spammers pay for the Internet, then I'll start putting up with spam.

Indexed By Date Previous: Re: Growing trend..
From: Anton J Aylward <anton @ Toronto . com>
Next: Securing a Linux Kernel
From: Richard Hakim <richard @ kokoro . com>
Indexed By Thread Previous: Building my library
From: Jason Terwilliger <jlt8903 @ osfmail . isc . rit . edu>
Next: Re: Building my library
From: Fyodor <fygrave @ freenet . bishkek . su>

Search Internet Search