[Courses] [Security] Books and mailing lists
Raven, corporate courtesan
raven at oneeyedcrow.net
Tue Mar 5 10:59:57 EST 2002
Heya --
One thing I forgot to mention, and definitely needs mentioning
-- I am not the all-knowing guru. I have a good amount of experience in
the field, but I'm not the be all and end all of network security. I'm
sure there will be times when y'all know more than I do about a given
topic -- I expect to learn from this class too. So please, the rest of
you, speak up with your own experiences, questions, and recommendations.
If someone twisted my arm and *made* me pick one generalist book
for Linux security, I'd probably have to go with "Hacking Linux
Exposed", by Brian Hatch, James B. Lee, and George Kurtz. (Not to
endorse Amazon -- they just have handy reviews and comments. Buy from
your vendor of choice.)
http://www.amazon.com/exec/obidos/ASIN/0072127732/qid=1015333988/sr=8-1/ref=sr_8_3_1/002-7843088-6228824
Lurid cover or not, it does an excellent job of covering the different
sorts of threats that you come up against, risk assessment, and security
theory as well as practice. They get right into configuration and
program use, and show you how to think both as an attacker and a
defender. (IMO, that's important.)
As far as mailing lists go, Bugtraq is pretty essential. That's
generally the first place I find out that I need to patch something.
It's relatively high-volume, but you can go on the digest version or
filter out anything inapplicable to you.
I also have a mailing list for every major OS I run. With the
exception of apt-get, I don't tend to use many distribution-specific
programs, so I can do with just one list (techtalk) for Linux. (I have
or help admin Debian, Mandrake, SuSE, Red Hat, and Slackware boxes
currently. I don't have time for that many lists.) But I am on
separate lists for BSD and Solaris sysadmin issues.
Many of the lists at securityfocus.com are good, and relatively
low traffic. Focus-linux, focus-sun, forensics, and Bugtraq are ones I
read.
Anyone else got any favorite resources that they'd like to
share?
Cheers,
Raven
"I am so very girly."
-- RavenBlack, on 'feminine' and 'masculine' traits
More information about the Courses
mailing list