5 comments about Honeypots: Tracking Hackers.

1. Honeypots: Tracking Hackers By Lance Spitzner (Senior Security Architect for Sun Microsystems, Inc.) is an advanced computer science text to understanding and making use of "honeypots" (technological systems specifically designed to be compromised by online attackers) as burglar alarms, incident response systems, or tools for gathering information about hackers in order to better guard the security of one's compter data. Technical know-how, advanced theory, guidance from three legal experts, and more fill the pages of this excellent and very strongly recommended resource for anyone invested with cyber security responsibilities. An accompanying CD-ROM contains white papers, source code, and data captures of real attacks to facilitate the deployment of honeypot solutions to serious computer problems.



2. Honeypots is an excellent introduction to the subject of honeypots, useful as a reference for experts as well as for beginners to the subject. It is written very clearly and provides step-by-step instructions with plenty of examples and screenshots. It covers commercial, open source, and do-it-yourself solutions, from very simple low-interaction detection honeypots to very high-interaction research honeypots. A CD-ROM is included with software and example data collected by honeypots. One defect is a fairly large number of typos.



3. This book did a great job of presenting the concepts of modern honeypot technology. It begins by covering the basic concepts of what the different types of honeypots can do, the different design concepts of production honeypots vs. research honeypots and how honeypots can be an aid to network security in any organization. The one thing I did'nt like was the "flow" of the book and the way some chapters were written. There was an exessive amount of fluff, some topics were beat like a dead horse. The book could easily have shaved off 50 pages making it a better read. Overall, it was a great book, I learned a lot, and would recomend it to anyone looking for an intro to honeypots. The included CD was a plus as well.



4. This book is written with obvious passion towards honeypots as the author obviously believes in the power of honeypots in making the corporate network a safe place. The discussion cover simple and advanced topics in honeypot motives, creation and trapping hacker information. In all, a well researched book that evangelises the use of honeypot intrusion detection



5. I bought this to help perform research on a security course that I'm preparing. Even though the information on some of the honeypot programs is a bit outdated, I still found the book very helpful. It's well-written, and gives a very good explanation of how to implement honeypots. It was a tremendous help in my research.

5 comments about The Fugitive Game: Online with Kevin Mitnick.

1. Face it, whether you're a white hat or a black hat - hacking is hacking. Alas, the term "ethical hacker" is merely a way for those breaking the law to rationalize their behavior. Littman did a great job of exposing this great debate in the book. In the field of information security, Mitnick is known to all of us as the king of social engineering. Let's be completely honest (even Mitnick and Littman exposed this in the book)... Kevin is not good at hacking but rather at exploiting the human factor. That is - humans are the weakest link in this whole information security thing - not the systems themselves. You want to design a secure system? - educate your users, administrators, managers and executives on how to be wise and vigilant and adhere to a sound security policy.
   
   Thank you to Mr. Littman for showing us the many sides of Mitnick's life. I look forward to reading about Poulsen next in "The Watchman".



2. This is the best book I read about Kevin Mitnick's exploits, time on the run, and eventual arrest. It reads like a thriller, is true to it's subject material, and is informative too. If you want to know the story behind one of the country's most noted computer hackers, this is the book to read. (Until of course he publishes his memoirs :-)).



3. Well, maybe it's because I always wanted to live the new economy revolution that happened there in that time and I always wanted to be "connected" even if I was too young and my parents could not understand my point. I'm a bit "obsessed" by this story and not just because there's still something to be clarified, but because the scenario and the period where these events are based mean something in the Internet history. I've red the books, the documents, the reports, the old post messages and nearly everything that is available on the net, and I can say that definitely this book add something more to all of that. I like the author's perspective as well because he wants to understand what's really behind. Of course, as the author's himself said, the book is based mainly on dialogues and interviews with all the people involved in the story, but at the end I hoped there was the chance to extract more details about who really attacked Shimo and why Kevin was handling Shimo's files. I got the feeling that all the phone calls reported were at the end too dispersive and distant from the real secrets of the story. But I believe the author did that to point out what was really behind Kevin's way of behaving, and what really was his point of view, and the book is really successfull in that. Probably what left me a bit disappointed is that I hoped at the very end the author could ask Kevin something more to get more light on all the story after his capture, but probably just my expectations were too high.



4. I saw the movie "Track Down" with Skeet Ulrich and that intrigued me enough to want to read this book.
   
   I really enjoyed this book and found it very informative and fair to the subjects, since it is a true story.
   
   highly recommend if you are interested in computers and those that hack, just from the vicarious thrill, as well as how to protect yourself online!



5. The same author wrote "The Watchman" which is about Kevin Poulsen. I loved that book and this book.
   
   It's good to read a more reliable story on Mitnick than what came from garbage that John Markoff wrote. You actually get to hear the stories the way Mitnick explains them. He trusted Littman (the author) enough during his hiding time to call him and talk to him for hours at a time and explain what he's done, what he didn't do and his life on the run. You also get to see snippets of how corrupt John Markoff sounds during this entire thing and I don't think Littman even meant to do that.
   
   I do like "The Watchman" a bit better... at times reading the long conversations between Mitnick and Littman can get a bit repetitive or boring... However, most of the time it's very interesting.
   
   I'd suggest reading "The Watchman" first and then reading this book, as you'll notice a whole bunch of tie-in's from the characters in that book and how they relate to Mitnick. I found that fascinating how everyone was linked in one way or another...

5 comments about Hacker's Challenge 3 (Hacking Exposed).

1. What struck me about this book is that the attacks are all brand new. This isn't just a rehash of the same old attacks we read about over and over again, nor is it a rehash of the attacks - but on steroids - from the previous Hacker's Challenge books. The day of the simple port scan and null session enumeration are long gone. Today's world is much more complicated and scarier. Hacker's Challenge 3 proves it.
   
   And these aren't off-the-wall attacks cooked up in hidden computer labs by researchers. They're the type of threats now, unfortunately, becoming more commonplace to any one in information security.
   
   The chapters on phishing are real-life and could've been taken right out of the playbook of an actual attack perpetrated against a real bank. The steps for investigating, tracking down and bringing down malicious phishing sites closely follow those actually taken by information security professionals on the job.
   
   Another attack presented is pharming, a new and frightening type of DNS poisoning that threatens financial and e-commerce web sites. The description of the attacks is very accurate. It's almost as if you were working with the team trying to block the attack.
   
   Hacker's Challenge 3 is written by a star-studded cast of well-known industry players, each a top notch expert in their specialty in the field.
   
   For each attack, this book provides a complete set of steps for detection, resolution, prevention and evasion of future attacks. There are detailed examples of the forensics examination used to track down both the attack and its offending attackers, including samples of analyzed logs and data that would be used by an actual threat and incident management team in action on a case.
   
   Each chapter has a series of questions that add to the material and provide thought-provoking points for further discussion.
   
   This is a digest of the new world of Twenty-First Century attacks that should be read by every information security professional.



2. One of the best ways to teach is via the use of examples. This book is chock full of real world forensic scenarios along with their solutions. As the author of a forensics book myself, I understand and appreciate the hard work that these four brilliant individuals have put into this excellent text. We need to see more books like this in the future!



3. I read and reviewed HC1 in Nov 01, and HC2 in Jan 03. Now in Aug 06, I'm happy to be reading Hacker's Challenge 3 (HC3). Like its predecessors, HC3 is the sort of book that needs to be used when interviewing new hires or promoting technical staff. If the candidate has read the book and knows the answers to the challenges, she at least demonstrates her commitment to learning, as well as an ability to remember what she reads. If she can solve the challenges without having read the book, she shows a higher level of skill. If she has no clue how to respond to the challenges, you can move on to the next candidate.
   
   The 20 challenges cover the following: phishing, DNS cache poisoning, Web app hacking (multiple), anonymous FTP abuse, wireless misconfigurations and abuse, social engineering, disgruntled soon-to-be-ex-employees, malware, password reuse, p2p abuse, router exploitation, XSS, and an iSCSI compromise. The last of these was my favorite because I have not seen this in the field yet. Almost all of the other exploits will seem familiar to anyone performing security consulting.
   
   I believe all of the HC books are wonderful learning and discussion tools for junior security analysts. I would caution them to not accept the "approved solutions" as the proper way to conduct incident response and forensics, however. In 4 or perhaps 5 of the 20 cases, the IR process commenced with direct examination of suspected systems. In other words, admins or security folks jumped right onto possibly compromised hosts and began searching for clues of intrusion.
   
   This is not the proper way to perform IR, yet I saw it demonstrated in Chs 4, 6, 9, and 12. Ch 12, p 119 was especially disappointing -- "the obvious place to begin the investigation is the Oracle server." Wrong -- unless you want to contaminate evidence, tip off the intruder, or introduce other problems into the security equation.
   
   One of Anton Chuvakin's cases demonstrated a better way to approach the IR problem -- look for application logs, firewall records, and network traces first. Avoid touching suspected victims until there is no other option, and then do so carefully.
   
   I do not intend to say through my comments that this process was universally ignored in HC3. Several times proper host-based IR procedures are followed, when using forensic live CDs or obtaining hard drive images. However, please keep my comments in mind while reading HC3. Since the book claims to be based on real events, it's possible the authors are retelling flawed investigations by their customers!
   
   Overall, I definitely recommend reading HC3 if you are new to security or if you need to quiz your newer employees. The book is technically sound (except for a mention of Windows 2002 on p 265) and entertaining. Kudos for the HC3 team for sharing their creative ideas with us.



4. HACKER'S CHALLENGE 3: 20 BRAND-NEW FORENSIC SCENARIOS AND SOLUTIONS comes from too-tier security experts who offer 20 new real-world network security incidents to allow readers to test computer forensics skills and responses. From phishing and internal corporate hacking to wireless and Linux hacks, each challenge includes an in-depth explanation of the incident, how it was detected, and provides technical logs and network maps: everything needed for readers to test their skills at solving the incident. And yes, detailed analysis of successful results appear at the end.
   
   Diane C. Donovan
   California Bookwatch



5. The stories were entertaining but they lacked the detail I had been looking for. It would be a great book for non-technical managers to read so they know their techs are just over-bearing security freaks.
   
   I also feel that several of the investigations were flawed in how they were conducted. It is possible that the book is just being faithful to the 'real' story, but it would have been good to see comments on what could have been done better at the end of each one.
   
   If you are looking for a broad picture of the types of attacks you might face and some procedures for what to do during or after an attack the book can be a helpful starting point (wake up call for some).

5 comments about Secrets of Computer Espionage: Tactics and Countermeasures.

1. Joel McNamara's book is one of the very, very, few books that I classify as a "Must Read" for anyone involved in business or technology. This book does an amazing job of avoiding the "paranoia for paranoia's sake" tone seen so often in computer security books while still taking the issues seriously and discussing them intellegently.

   The conversational tone is fun and often quite funny while not making the user feel talked down to. And Mr. McNamara does an equally great job of explaining very complex topics in way that works for both extremely sophisticated computer technology professionals and non-techies alike. I've brought this book around for side-discussions in the seminars I've given since it came out and my students, ranging from small business owners to 30+ year professional tech veterans in Fortune 50s have learned new and important lessons from it. For a book to address all these audiences is rare. For a book to succeed and be invaluable for all of them is virtually unheard of. This book succeeds amazingly well.

   I've not only read the book through in one sitting, I keep referring back to it and it's incredibly useful web site on a regular basis.

   Joel, thank you for writing one of the key books of the year!




2. You and your computer face a dizzying array of security threats, writes tech consultant Joel McNamara. Competitors, cops, crooks and even disgruntled kin would love a peek at your hard drive. But don't hyperventilate just yet. If you calmly analyze the desirability and vulnerability of your secrets, you can figure out how to protect yourself. McNamara's prose is surprisingly clear given the degree of difficulty of his topic, and he offers a number of useful sidebars, charts and examples from inside the tech business to juice up his instructional tome. We suggest this practical book to managers charged with protecting corporate data, and to people who are unsure just how safe their computers are.



3. The "Secrets of Computer Espionage" by Joel McNamara unveils what every PC user should know before they hop on to the internet Bandwagon. If you can read this review, then you need to purchase this book. Cyber Crime is the number one precursor to identity theft and the simple thruth is -- Internet Security is YOUR responsibility.

   Joel McNamara makes you walk a mile in the bad guys shoes, forcing you to see both sides of the story. You will learn the real threats behind internet worms (such as Sasser) and trojan horses (like MyDoom). Discover why Windows(tm) isn't safe and learn who's after your PII (Personally Identifiable Information).

   View the world through the eyes of an internet private eye and see that everything really is an open book, it just depends on where you look. Let Joel be your guide. Buy the ticket, take the ride... then go to www.pcpitbull.com and see what's really inside.




4. Judging from the title, Secrets of Computer Espionage: Tactics and Countermeasures would appear to be geared to governments, security agencies, or high-level corporations. In fact, as the author makes clear, anyone with an Internet connection is a potential target of online espionage-even by such "mundane" means as viruses, worms, and phishing attacks-and this book is addressed to that huge audience.
   
   Just who is spying on whom? The author explains that the typical person might be a target of bosses, friends, family members, hackers, and many others. Even people with nothing confidential or of value on their computers risk getting caught up in espionage and other cyber capers. For instance, hackers can use their computers as vehicles for staging attacks or as a location for storing illicit files, such as child pornography. And as more cell phones and PDAs connect to the Internet, the risks multiply.
   
   What may be disturbing to some readers is that every computer device and peripheral provides at least one avenue of attack. The author explains many of these schemes, such as keystroke loggers and cleartext file transfers via file transfer protocol (FTP). In addition, operating-system and application-level vulnerabilities constitute even more ways that systems can be compromised.
   
   Despite the grim picture painted by the author, the book isn't intended to make readers paranoid, but rather to acquaint them with the many risks posed by the Internet. This excellent book shows that someone quite possibly is out to get you, but it provides the tools to protect yourself.



5. Secrets of Computer Espionage: by Joel McNamara is a must for any PC user. Staffed with so many examples (with a conversational funny tone) the book does a really good job. The book stresses the vulnerabilities and threats, explains in details the evolution of spy tactics, network eavesdropping and provide countermeasures as well.
   
   It's good to know what's around us and be in the know!
   
   Recommend ****
   Guzman, Dror

5 comments about The Masters of Deception: Gang That Ruled Cyberspace, The.

1. THIS BOOK IS SIMPLY IN MY LIST OF ''BEST BOOKS OF ALL TIME''. I HAD STARTED READING IT AND JUST CAN'T STOPED !! IT'S FASCINATING TO LEARN ABOUT THE WAR BETWEEN ''THE MASTERS OF DECEPTION'' AND ''THE LEGION OF DOOM'' AND THE WIDE RANGE OF VULNERABILITY OF TELECOMUNICATIONS WORLDWIDE. I HARDLY RECOMEND THIS BOOK. A MUST HAVE !!!



2. Great book going behind the scenes of computer hackers in teh late 80's early 90's. It really takes you back to the time. Not overly complex. A fantastic read for anyone with an interest in computer crime or within the "IT" community. Easy enough to read for someone not technicle savy to understand the basics. For $10 USD you cant go wrong.



3. This is not a book about hackers; it's a book about some specific hackers who happen to come after much of the action was concluded. Even more than that, it's a book biased toward New York which contains every implied slander of Texas that one can meld into a narrative about hackers. I like the description of MOD, and thought the authors did an excellent job of building up the character of these kids, but find that for the size of this book, it missed an absolute raft of important knowledge. Why do people hack? What, besides damaged egos, makes it thrilling to have forbidden knowledge? How could our society be so incompetent as to leave these giant security holes everywhere? And finally: what was the global hacking culture like, outside of the spacy little land of New York City? The boys from LOD are treated as props and their contributions ignored, which is infuriating to someone who is familiar with the goings-on in the computer underground at that time. Also, technical writing is not difficult, and while this book tries to stay non-technical, I have to ask "why?" There are interesting details which are overlooked and could have been conveyed in English. These authors do a credible job of buildup, but then hype a few incidents into some metaphor for cyberspace, and consequently halve the strength of their book. I would recommend this to people who cannot simply pick up a copy of "2600" magazine or "Phrack" and figure it out for themselves, but not to anyone who cares about the heart, soul or brains of hacker culture.



4. Actually this is a great book about the hacker sub-culture, indeed one of the bests I have ever read. This book describes very well the whole story and social aspects of New York City hackers but fails when dealing with technical aspects or lacks it. I can afirm it's a good book for people who are intersted to know how poor guys in Queens, NY, rised from nothing to create one of the most notorious hacker gang ever and to improve knowledge about the late 80's and early 90's american hacker scene.



5. At 225 pages you can breeze through it rather quickly, enjoying a fascinating look at young people with the commitment, energy and intelligence it took to hack and learn new systems. It was a time when the phone company was deregulated but Ma Bell's offspring still held quite a lot of power and were irresistible to phone phreaks and hackers. If you don't expect too much you'll enjoy a look into the hacker sub-culture. They were explorers and not criminals. I attended several conferences with these guys in later years and can report that their pursuit of knowledge is still fascinating. Social engineering is still the best hack for me. Plik!

3 comments about Computer Forensics and Cyber Crime: An Introduction.

1. This would have been a superb book if it had been published in 2001 or so. Coverage is wide and quite detailed -- unfortunately, it appears the research for the book was done in 2000 (that's the publication date of the msot recent references in the bibliography)and a lot of things have changed since then.
   The chapters on case law and the actual process of collecting and analyzing evidence are excellent and serve to whet our appetite for an up-to-date book with that kind of detailed coverage.
   Insofar as many of the best principles in evidence collection and anlysis are the old ones, this book is quite useful but it is certainly not a state of current practice presentation.



2. "Computer Forensics and Cyber Crime," written by Marjie T. Britz and, publish by Pearson Education Inc., seems to be a very well balance book, why? It just took me few minutes, between reading the introductory notes and "browsing" to its chapters, to understand that this book is well sequenced and organized.
   
   This author explains in rather a pleasant way this subject and gradually internalizes the students by attracting them to a more extensive regions of Computer forensics, as it is data analysis, reporting or computer investigations.
   
   This is an important and interesting field, that is capturing the
   attention of many professionals and envolves many disciplines, I just read the other day in one of those infamous blogs, "Computer Archeologists are using new and powerful computer forensics tools to examine and gain understanding of 'lifted data' that apparently was written 25 years ago." Nevertheless, this author seems to have made all the efforts to bring comprehensiveness by illuminating fundamental relationships,** not only between computer history and cyber crime, if not among many issues surrounding the applications of the fourth amendment and the understanding of the limits of government decency.
   
   The management of these seemingly intricate relationships is crucial for our immediate future, as a nation, experiencing a yet unexplored global economy which is using extensively and intensively the eCommerce over intranets, internets and the Internet, and as a nation, which some how needs to preserve the individual freedoms and leadership that rightly so, has been acquired through all its years of existence, with hard work, determination and within the framework of its fundamental democratic values.
   
   The author closes this book by looking at the world's future issues with respect to cyber crime and even gives us routes by which we could answers most of the urgent and pressing dilemmas of our digital epoch. Do you want to know the answer, well read the book yourself and find out what this book offers.
   
   In conclusion, this book is readable, manages and balances many aspects of this new subject, besides it seems as a good starting point and a splendid reference, from which any student can continue to build their expertise on computer forensics and Cyber crime.
   
   ** [even the use of technology to commit crimes is well referenced by this book, I observed a photograph of Bonnie and Clyde, who used then the recently invented automobile for outsmart the police of their times, p.
   31]



3. This particular book by Britz, is but one more example of her commitment to detail in all of her works. Like her previous books, this book is both readable and comprehensive. It is one that I myself have adopted in my computer crime course, and I am anxiously awaiting the second edition. The chapters on the legal issues and the history of computer crime are unparalleled in the extant literature. More succinctly, the greatest strength of the book is its' sheer readibility. Designed for undergraduates, this particular text is a must read for any beginner interested in computer crime and computer investigations. Unlike other books in the field which prove to be far too advanced for novices, Britz's book allows even the most unsophisticated reader to appreciate and understand the problems associated with the investigation of computer crime, as well as recognize emerging trends in this area. Please, please, provide a second edition as soon as possible!!

5 comments about Cybernation (Tom Clancy's Net Force, No. 6).

1. I wrote my review about 40 pages from the end of the book. I must now revise it and remove all points. This has got to be about the worst book I have ever read!!!

   I picked this book up because it was sitting there, I was out of reading material, and it had Tom Clancy's name on it. I was skeptical when Clancy hadn't written the book, but I thought that if he put his name on it, he believed in it.

   There is no story here. Nothing happened. Nothing! ... A few disconnected scenes of people practicing martial arts, some guy drinking beer in virtual reality bars looking for clues (ridiculously stupid angle), and a conclusion that must have been written in one afternoon because the author was bored. The problem is, as is customary, I read to the end of the book to find that out.

   ... There were some parts that held some promise, but there is no coherency, and the conclusion is so bad that I wanted to destroy the book and any credibility it has. ...




2. overall i thought the book was excelent. the book kept me on my toes thinking about what was going to happen. the book was action packed with not only the whole gun slinging scene but also in the scence of how Tom portrayed the world years from now. I love how he made everything electonic. and how everything was made into a thechnologicaly advanced system.
   the plot kept moving making the book a page turner. the only thing i disliked about the book, but made it flow however, was how it would jump between charators. beyond that i loved it.



3. Up to this point, I have loved all the Clancy books I have read. This one was simply horrible. Please note that the author of this book is Steve Perry, not Tom Clancy, and it is not up to par with the works Clancy is known for.

   The story line is very simplistic and they characters are very one dimensional. About 50 pages from the end you could predict the ending with a good degree of accuracy.

   If you haven't read any of Clancy's books (the ones HE wrote), then pick one of those up. This one isn't worth the time or the money. Too bad 0 stars isn't an option.




4. I had thought, in the beginning, that CyberNation would be pretty good because Tom Clancy wrote a ton of really good books and many great video games are created based on his stories. However, as I read along, there was hardly anything to enjoy. Obviously, I had not read any of the other reviews, so I had no idea what trap I was falling into. The storyline of this book is devoid meaning and completely boring, the complete opposite of what Tom Clancy would normally write.
   The "storyline" about Gridley, Howard, Michaels, Santos, Chance, and Keller is completely disjointed. One of the few reasons why this story is connected is that they are fighting against each other in the internet world, and using the VR, or "Virtual Reality", to track things down or to mess things up. In fact, the whole story is covered up with sex, crime, and violence that there is hardly any connection shown. Of course, if I had not been able to follow the storyline, I would not be able to write this, but it was still quite confusing.
   So I ask, again, why did Steve Perry write this? He has no sense of what Mr Clancy writes, nor of his style, elegance, and flair. One cannot imitate a type of writing without being the type of person, obviously, so why did Mr Perry try to do so? Mr Clancy truly should write more of his own books, even if he thinks he is too important and too proud to do the writing. Mr Clancy and Mr Perry must have decided to play a prank on loyal fans of Mr Clancy (not that I am one) because this has disappointed many enthusiastic readers. Of course, these questions I am not really able to answer, but I would not be surprised if Mr Clancy's name was written in huge, bold letters on the book for the profit.



5. The language used in the book is full of slangs.
   But I do not think that the book is so bad as the reviewers say.
   May be a good read for teenagers but not recommended for adults.

5 comments about Investigative Data Mining for Security and Criminal Detection, First Edition.

1. I read "Investigative Data Mining for Security and Criminal Detection" (IDM) after attending the 2003 Recent Advances in Intrusion Detection (RAID) conference. Researchers at RAID mentioned "self-organizing maps," "neural networks," "machine learning," and other unfamiliar topics. Mena's book helped me understand these subjects in the context of performing data mining. If you steer clear of the author's discussion of intrusion detection in chapter 10, you'll find IDM enlightening and a little scary.
   
   Author Jesus Mena defines investigative data mining as "the visualization, organization, sorting, clustering, segmenting, and predicting of criminal behavior" (p.1). His book strays from this definition, as he also covers simply discovering patterns of activity for responding to events. Accomplishing this task requires investigative data warehousing, link analysis, software agents, text mining, neural networks, and machine learning. Mena addresses each technique in its own chapter, offering descriptions, case studies, and tools. Two types of data mining analysis exist: descriptive, such as a chart, graph, or decision tree; and predictive, obtained via neural networks and machine learning (p.261). Mena also describes mining via "top-down" vs "bottom-up" approaches. The first involves an analyst exploring data to support his theories. The second relies on software to find patterns in data not imagined by a human analyst (p.343).
   
   Mena is most effective when he writes about what he knows best. I loved chapter 9, where he explains cell phone, insurance, and financial frauds. Much of what he wrote applied directly to my interest in network security monitoring and intrusion detection. Chapter 10 (Intrusion Detection), however, is best ignored. Mena does not appear to understand computer security, and neither do his editors. He calls Snort a "freeware site-based system IDS," in contrast with "network-based IDSs such as RealSecure" (p.306). He labels tcpdump an "attack" tool and says "this is utility for eavesdropping for passwords" (his typos) (p.307) and describes "rhosts" in a "stealth" attack phase as "this utility will evaluate hosts and lists hosts and users who are trusted by the local host" (p.308). Mena isn't a "security guy," either; he lumps "threats and vulnerabilities" together as "weaknesses or flaws in a system, such as a hole in security or a back door" (p.14). A threat is one or more entities with capabilities and intentions sufficient to exploit vulnerabilities in information resources, while a vulnerability is a weakness in design, configuration, or deployment which allow threats to abuse, subvert, or break information resources.
   
   Overall, I really enjoyed IDM. Mena makes numerous fascinating insights. While his prose is somewhat repetitive, he explains the key points needed to get data mining newbies up to speed. In light of the recent revelations of jetBlue sharing data with the government, the techniques Mena describes are both powerful and disturbing.



2. Are you interested in IDS's?
   
   If yes, perhaps you may already know that there are two main kinds of IDS's: based on "known bad behavior or abuse" or based on "behavior deviation".
   
   The first kind is very well known after several popular implementations like SNORT.On the plus side they are not prone to "false positives" but, however,on the minus side they are almost useless with new forms of attacks.
   
   The second kind, in turn, is very prone to false positives and not yet well implemented, but eventually can handle quite well unexpected or new forms of attacks.
   
   If you are interested in this second type of IDS's then "Investigative Data Mining for Security and Criminal Detection" is a MUST.
   
   From basic definitions to a case study, you are leaded through a wonderful tour that includes among others:
   
   Intelligent Agents
   Text Mining
   Neural Networks
   Machine Learning
   Criminal Patterns
   Intrusion Detection
   
   So, if you are just casually interested in "behavior deviation" based IDS's or a true researcher in related areas, this book undoubtedly will be useful and of great help.



3. I was very excited when I bought the book, but was somewhat disappointed. The reason for that is the book is very light on details and tends to talk about things rather then on how things are done and how they work. The book does cover some tools but with no connection to concepts and with few details on how the tools do what they do. It does contain a lot of interesting material and s generally well written.

   Of the most interest to me was the intrusion detection chapter, but in addition to a well-known facts on IDS technology it provided few details on how exactly data mining helps. MITRE case study seems to mostly hint at things rather then show how they were done in this project. I did pick up some ideas from it.

   Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org




4. It's the second book of Jesus Mena that I read. The subject of this new one is a little bit opportunistic in the world and US actuality. The book is a sort of general presentation of applications in fraud investigation in terms of models, tools and usages. Of course to build such models the book is not enough detailed to do it but all the elements are given to you to go deeper in the subject. In cas this book is to read absolutly.



5. This easy to read book is about the prevention of crime using Advanced Data Mining technologies, tools and techniques. The book explains in plain English the technologies, how they work and how they can be used to prevent crime or terrorism. The audience can be anybody interested in the prevention of crime or terrorism such as security specialist, law enforcement, intelligence agents, fraud investigators and public in general since no intricate math is involved. White House's national strategy for homeland security involves Data Mining.
   
   There is a huge amount of disperse information that needs to be gathered, integrated and analyzed. Data mining can assist analysts in sorting through hundreds of thousands of records and can help investigator to reach conclusions in less time. This amazing book covers the latest data mining technologies including Data Integration, Link Analysis, Software Agents, Text Mining, Neural Networks and Machine Learning. Throughout the book there are many case studies, references and Web links to illustrate real world applications of Data Mining. This is a excellent reference book.

2 comments about Information Warfare Principles and Operations.

1. This book presents an information warfare framework that is more aligned to national infrastructure and military systems protection than commercial enterprises. However, the framework and systematic discussion of all of the relevant elements of information warfare can be applied to any environment - commercial, government or military.

   The framework itself is sound and is the foundation of any infowar readiness posture. The book emphasizes a readiness posture that is defensive in nature, and the approach set forth addresses both strategic and tactical defense considerations.

   There are a three of interesting viewpoints provides, which is consistent with the systems engineering approach taken: (1) hierarchy of strategic components. These are presented topdown with defense and deterrence paths as follows: Policy, Strategy and Operational levels and Operational Influence Relationships. (2) A strategic process that encompasses development of strategy, threat analysis and assessment of effectiveness. (3) Operational model, comprised of perceptual, information and physical layers.

   Issues such as MEII (Minimum Essential Information Infrastructure deployment and modes of operations are cogently discussed along with associated tactical responses (surveillance, mode control, auditing/forensic analysis and reporting). The conceptual and process framework is augmented by a solid discussion of security technologies that are still in the large as accurate and valid today as when the book was written in 1998.

   What I especially like about this book, aside from the systems engineering approach and viewpoints, is the complete coverage of the full spectrum of information warfare, including more subtle issues such as data and knowledge analysis, the cursory examination of offensive operations (seeing the info war from a hostile's viewpoint), and the copious amount of detail provided for each of the topics and subjects associated with infowar.

   This book is an excellent starting point for corporate security organs that have matured to the point where infowar defensive measures can be effectively addressed. Although infowar is an element of information security, the mindset for defense requires a vastly more mature security program than normal network and system security practices because the threats may not be strictly technical in nature. This book will prepare you for the realities of infowar and give you insights about how it can be incorporated into your security posture.




2. Starts out a little dry, but it's the necessary building blocks for the rest of the book. This is a great end-to-end description of the science of IW. Good buy!

5 comments about EnCase Computer Forensics: The Official EnCE: EnCase Certified Examiner Study Guide.

1. This book is not for beginners in the IT world, but you will need it in the long run.



2. The first edition is a great book, but this item is the SECOND EDITION.
   Hopefully, reveiws of Ed.2 will soon be included (and discernable)
   in the Amazon reviews.



3. I'm taking Computer Forensics. Just what I needed. And its in great condition.



4. The first edition was quite good and this is an update. The changes reflect the addition of Vista and changes to the EnCE exam. The few errors in the first edition appear to have been fixed.
   
   All in all a great text to learn/polish EnCase.



5. "EnCE The Official EnCase Certified Examiner Study Guide(2nd Edition)" is not only an excellent study guide for taking the EnCE test, but is a an excellent book for those who, like myself, cannot afford to go to all of the basic and advance classes that Guidance Software offers. In just about every chapter I learned many new features about EnCase that I never realized existed. If you are now using EnCase Version 6 you definitely want this book!
   
   And no, I am not anyway connected to Mr. Bunting, but am looking for the day I can personally meet him and thank him for publishing this learning tool.
   Dep. L. "Jake" Jacobsen (Ret) CFCE
   Sentry Data Systems LLC
   EnCase Computer Forensics, includes DVD: The Official EnCE: EnCase Certified Examiner Study Guide