Book Review - Defend I.T. - Security By Example
I just finished reading an interesting book called Defend I.T. - Security By Example by Ajay Gupta and Scott Laliberte (Addison-Wesley). This is a series of real-life case studies of security issues faced by actual companies.
The chapter breakdown: Getting to Know the Enemy: Nmap the Target Network; Home Architecture; No Service For You!; Look, Ma, No Wires!; Virus Outbreak 1; Virus Outbreak 2: The Worm; Changing Face; Protecting Borders: Perimeter Defense with an IDS; Disaster All Around; Security Is the Best Policy; HIPAA: Security by Regulation; A War-Dialing Attack; A Low-Tech Path into the High-Tech World; Industrial Espionage; Executive Fraud; Cyber Extortion; Conclusion; Recommended Reading; Index
As you can tell from the chapter breakout, it's not all about hackers and crackers. Security is often the mundane task of writing policies and enforcing regulations. Gupta and Laliberte draw upon experience from their past consulting engagements to look at these various issues with a sense of realism that is often missing in these types of security books. Most companies that suffer some sort of security breach don't want any news whatsoever of the incident leaking out. While the authors don't use real company names, the actual incidents did happen. You can learn from them before you find yourself in the same position.
There is a reasonable balance between detail and concept in the various chapters. Management will be able to follow along and understand what type of issues are at stake. The techies will be able to glean enough technical detail to help prevent the same type of issues from occurring to their company. Overall an interesting and unique take on the subject of security...