Which one of these two books is the best?
Computadora
Member Posts: 69 ■■□□□□□□□□
Comments
-
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
I'd vote Tao (you're going to be hard-pressed to find a better book on the subject).
Did you notice that Bejtlich as reviewed the other one? It's here: https://www.amazon.com/review/R1QGLSYCK38L3Z/ref=cm_cr_pr_perm?ie=UTF8&ASIN=0735708681&nodeID=&tag=&linkCode=
That's clearly referring to an older edition (1999), but a lot of it still holds true. I have it and read through it quickly. Tao is a little more up-to-date and goes a bit more in-depth.
O'Reilly's Security Monitoring is another decent book I've gone through (but it's a bit expensive, given it's small size): Amazon.com: Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks (9780596518165): Chris Fry, Martin Nystrom: Books
I'd read all three if you're really interested in the subject; they all bring something unique to the table. Don't forget about Bejtlich's Extrusion Detection either... -
Computadora
Member Posts: 69 ■■□□□□□□□□
Which one of the books do you think does a good job at giving examples of various firewall/IDS events/alerts showing examples, like malware/root-kits calling home/port scans/DDos/etc ?
-
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
Probably Tao. I remember thinking Security Monitoring was OK but could have included more, and Network Intrusion Detection seemed light. It's been awhile since I went through those though, so take that with a grain of salt.
Honestly though, nothing's going to be substitution for just playing around in a lab. You might also like the Hackers Challenge books. 1 and 2 are pretty dated, but they're still interesting to go through. You can pick them all up for cheap if you get them used: Amazon.com: hackers challenge