Publications Catalog Historical Documents CERT Statistics Meet CERT

Other Sources of Security Books and Articles

Page contents

General Information about Network Security
Network Security Guides
Managers and Policy Makers
Handling Intrusions
Computer Forensics
Cryptography
Firewalls
System Survivability
Web
AS/400
PC
Windows NT
UNIX
Other

General Information about Network Security

Abrams, Marshall D.; Podell, Harold J.; and Jajodia, Sushil. Information Security: An Integrated Collection of Essays. Los Alamitos, CA: IEEE Computer Society Press, 1995.

Ahuja, Vijay. Network and Internet Security. Boston, MA: AP Professional, 1996.

Allen, Julia H. The CERT^® Guide to System and Network Security Practices. Boston, MA: Addison-Wesley, 2001.

Anderson, Ross J. Security Engineering: A Guide to Building Dependable Distributed Systems . New York, NY. John Wiley & Sons, 2001.

Atkinson, Randall J. "Toward a More Secure Internet." IEEE Computer 30, 1 (Jan. 1997): 57-61.

Bosselaers, Antoon, Preneel, Bart. Integrity Primitives for Secure Information Systems: Final Report of RACE Integrity Primitives Evaluation RIPE-RACE 1040. Lecture Notes in Computer Science: 1007. Berlin and New York: Springer, 1995.

Cohen, Frederick B. Protection and Security on the Information Superhighway. New York, NY: Wiley, 1995.

Comer, Douglas E. Internetworking with TCP/IP, volume 1: principles, protocols, and architecture. Third Edition. New York, NY: Prentice-Hall, 1995.

Davis, Peter T., ed. Securing Client/Server Computer Networks. New York, N.Y.: McGraw-Hill, 1996.

Denning, D.E. Information Warfare and Security. New York, N.Y: Addison-Wesley Publishing Company, Inc., 1999.

Denning, P.J. and Denning, D.E. Internet Besieged: Countering Cyberspace Scofflaws. New York, N.Y: Addison-Wesley Publishing Company, Inc., 1998.

F-Secure Corporation. F-Secure Corporation's Data Security Summary for 2004. Available at http://www.f-secure.com/2004/.

Gollmann, Dieter. Computer Security. Chichester, England: John Wiley & Sons, 1999.

Howard, Michael & LeBlanc, David. Writing Secure Code. Redmond: Microsoft Press, 2002.

Kaufman, C.; Perlman, R.; and Speciner, M. Network Security: Private Communication in a Public World. Englewood Cliffs, NJ: PTR Prentice-Hall, Inc., 1995.

Kyas, O. Internet Security, Risk Analysis, Strategies and Firewalls. Boston, MA: Int'l Thompson, 1997.

McGraw, Gary, and Felten, Edward W. Java Security. New York: John Wiley and Sons, Inc., 1996.

Mirkovic, Dietrich, Dittrich, and Reiher. Internet Denial of Service Attack and Defense Mechanisms. New York, NY: Prentice Hall PTR, 2005. Available at http://www.phptr.com.

NCSCGlossary of Computer Security Terms. Ft. George G. Meade, MD: National Computer Security Center: Washington, DC: For sale by the Supt. of Docs., U.S. G.P.O., 1989.

National Research Council. Computers at Risk: Safe Computing in the Information Age. Washington, D.C.: National Academy Press, 1991

Pfleeger, Charles P. Security in Computing (Second Edition). Upper Saddle River, NJ: Prentice Hall, 1997.

Ryan Peter, Steve Schneider, et al. Modelling and Analysis of Security Protocols. Harlow, England: Addison-Wesley, 2001.

Schneider, Fred B. ed. Trust in Cyberspace. Washington, DC: National Academy Press, 1999.

Schwartau, Winn. Time-Based Security. Seminole, FL: Interpact Press, 1999.

Stevens, W. Richard. TCP/IP Illustrated,Volume 1: The Protocols. Reading, MA: Addison-Wesley, 1994.

Summers, Rita C. Secure Computing. New York, NY: McGraw-Hill, 1997.

Wadlow, Thomas A. The Process of Network Security. Reading, MA: Addison-Wesley, 2000.

Network Security Guides

Internet Engineering Task Force, Network Working Group. Guidelines for the Secure Operation of the Internet, (RFC 1281). ftp://ftp.isi.edu/in-notes/rfc1281.txt (1991)

Internet Engineering Task Force, Site Security Policy Handbook Working Group. Site Security Handbook, (RFC 2196, FYI 8). ftp://ftp.isi.edu/in-notes/rfc2196.txt (1997)

Kabay, Michel E. The NCSA Guide to Enterprise Security: Protecting Information Assets. New York, NY: McGraw-Hill, 1996.

Northcutt, Stephen. Network Intrusion Detection: An Analyst's Handbook. Indianapolis, IN: New Riders Publishing, Macmillan, 1999.

Wireless Network Security: 802.11, Bluetooth, and Handheld Devices. Washington, DC: National Institute of Standards and Technology, 2003. Available at http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf.

Guides For Managers and Policymakers

Dijker, Barbara L., ed. Short Topics in System Administration. Vol. 2, A Guide to Developing Computing Policy Documents. Berkeley, CA: The USENIX Association for SAGE, the System Administrators Guild, 1996.

Howard, John; and Longstaff, Tom. A Common Language for Computer Security Incidents. (SAND98-8997). Albuquerque, NM: Sandia National Laboratories, 1998.

Kimmins, John; Dinkel, Charles; and Walters, Dale. Telecommunications Security Guidelines for Telecommunications Management Network. NIST Special Publication: 800-13. Organization National Institute of Standards and Technology (U.S.). Gaithersburg, MD: U.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology, 1995.

Kuncicky, D.; and Wynn, B. A. Short Topics in System Administration, Vol 4, Educating and Training System Administrators: A Survey. Berkeley, CA: The USENIX Association for the System Administrators Guild (SAGE), 1998.

Oppenheimer, David L.; Wagner, David A.; and Crabb, Michele D. Short Topics in System Administration, Vol. 3, System Security: A Management Perspective. Berkeley, CA: The USENIX Association for the System Administrators Guild (SAGE), 1997.

Phillips, G. Short Topics in System Administration, Vol. 5, Hiring System Administrators. Berkeley, CA: The USENIX Association for the System Administrators Guild (SAGE), 1999.

Schweitzer, James A. Protecting Business Information: A Manager's Guide. Boston, MA: Butterworth-Heinemann, 1996.

Handling Intrusions

Amoroso, Edward. Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response. Sparta, NJ: Intrusion.Net Books, 1999.

Base, Rebecca Gurley. Intrusion Detection. Indianapolis, IN: MacMillan Technical Publishing, 2000.

Computer Security Incident Handling Step By Step Guide, v1.5. Bethesda, MD: The SANS Institute. May, 1998.

Escamilla, Terry. Intrusion Detection: Network Security Beyond the Firewall. New York, NY: Wiley Computer Publishing, 1998.

Maiwald, Eric. "Automating Response to Intrusions," Proceedings of the Fourth Annual UNIX and NT Network Security Conference. Orlando, FL: The SANS Institute, October 24-31, 1998.

Marchany, Randy. "Incident Response: Scenarios and Tactics." Proceedings of the Fourth Annual UNIX and NT Network Security Conference. Orlando, FL: The SANS Institute, October 24-31, 1998.

Northcutt, Stephen. Network Intrusion Detection: An Analyst's Handbook. Indianapolis, Indiana: New Riders Publishing, 1999.

Schultz, Eugene. "Effective Incident Response." Proceedings of The Fourth Annual UNIX and NT Network Security Conference. Orlando, FL: The SANS Institute, October 24-31, 1998.

Toigo, Jon William. Disaster Recovery Planning for Computers and Communication Resources. New York, NY: John Wiley, 1996.

Computer Forensics

Casey, Eoghan. Digital Evidence and Computer Crime, Second Edition San Diego, CA: Academic Press, 2000.

Nelson, Bill. Guide to Computer Forensics and Investigations Boston, MA: Thomson Course Technology, 2004.

Cryptography

Bauer, F.L. Decrypted Secrets, Methods and Maxims of Cryptology. New York: Springer-Verlag, 1996.

Garfinkel, Simpson. PGP: Pretty Good Privacy. Sebastopol, CA: O'Reilly and Associates, Inc., 1995.

Internet Engineering Task Force, Network Working Group. The MD5 Message-Digest Algorithm, (RFC 1321). ftp://ftp.isi.edu/in-notes/rfc1321.txt (1992)

Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2^nd ed. New York, NY: John Wiley and Sons, 1996.

National Institute of Standards and Technology (U.S.). "Secure Hash Standard." Gaithersburg, MD: Computer Systems Laboratory, National Institute of Standards and Technology, U.S. Dept. of Commerce, Technology Administration: Springfield, VA: http://www.itl.nist.gov/fipspubs/fip180-1.htm (1995)

Stallings, William. Practical Cryptography for Data Internetworks. Los Alamitos, CA.: IEEE Computer Society Press, 1996.

Stallings, William. Protect Your Privacy: The PGP User's Guide. Englewood Cliffs, N.J.: Prentice Hall PTR, 1995.

Sutherland, Ivan Edward. A View of the Task You Face: A Report to the NRC Committee on Cryptography. Series Title Perspectives (Sun Microsystems Laboratories): 96-2. Mountain View, CA: Sun Microsystems Laboratories, 1996.

Wayner, Peter. Disappearing Cryptography: Being and Nothingness on the Net. Boston, MA: AP Professional, 1996.

Firewalls

Chapman, D. Brent, Cooper, Simon, Russell, Deborah, and Zwicky, Elizabeth D. Building Internet Firewalls (2^nd edition). Sebastopol, CA: O�Reilly and Associates, 2000.

Cheswick, William R. and Bellovin, Steven M. Firewalls and Internet Security. Reading, MA: Addison-Wesley, 1994.

"Firewalls Market Survey." SC Magazine, Framingham, MA: West Coast Publishing, Inc., April, 1999. Available at http://www.infosecnews.com.

Avolio, Blask. "Application Gateways and Stateful Inspection: A Brief Note Comparing and Contrasting." Trusted Information Systems, Inc., 1998. Available at http://www.avolio.com/papers/apgw+spf.html.

Cooper, Deborah and Pfleeger, Charles. "Firewalls: An Expert Roundtable." IEEE Software, New York, NY (September/October 1997).

Goncalves, Marcus. Firewalls: A Complete Guide. New York, NY: McGraw Hill, 2000.

Grennan, Mark. Firewalling and Proxy Server HOWTO. Version 1.0.8. July 4, 2000. Available at http://metalab.unc.edu/LDP/HOWTO/IPCHAINS-HOWTO.html.

Hall, Eric. "Internet Firewall Essentials." Network Computing Online. Manhasset, NY: CMP Media, Inc., November, 1996. Available at http://www.networkcomputing.com/netdesign/wall1.html.

Lodin, Steve and Schuba, Christoph. "Firewalls Fend Off Invasions from the Net." IEEE Spectrum. New York, NY: IEEE, February, 1998.

Luk, Ellis, et al. Protect and Survive: Using IBM Firewall 3.1 for AIX, 3^rd edition. Research Triangle Park, NC: IBM, 1998. Available at http://www.redbooks.ibm.com.

Web Security

Garfinkel, S.; Spafford, G. Web Security and Commerce. Sebastopol, CA: O'Reilly and Associates, Inc., 1997.

Larson, Eric & Stephens, Brian. Web Servers, Security & Maintenance. Upper Saddle River, NJ: Prentice Hall, 2000.

Rubin, A. D.; Geer, D.; and Ranum, M. Web Security Sourcebook. New York: John Wiley and Sons, Inc., 1997.

Spainhour, Stephen & Quercia, Valerie. Webmaster in a Nutshell. Sebastopol. CA: O'Reilly and Associates, 1996.

Stein, Lincoln. Web Security: A Step-by-Step Reference Guide. Reading, PA: Addison-Wesley, 1998.

World Wide Web Consortium. W3C Security Resources. http://www.w3.org/Security/.

System Survivability

Salter, Chris; Saydjari, O. Sami; Schneier, Bruce; Wallner, Jim. "Toward a Secure System Engineering Methodology." New Security Paradigms Workshop, 1998. http://www.counterpane.com/secure-methodology.html.

For Specific Computers or Operating Systems

AS/400

Park, Joseph S. AS/400 Security in a Client/Server Environment. New York, NY: J. Wiley, 1995.

PC

Alexander, Michael. The Underground Guide to Computer Security: Slightly Askew Advice on Protecting Your PC and What's on It. Reading, Mass.: Addison-Wesley Pub. Co., 1996.

Cobb, Stephen. The NCSA Guide to PC and LAN Security. New York: McGraw-Hill, 1996.

Park, Joseph S. AS/400 Security in a Client/Server Environment. New York, NY: J. Wiley, 1995.

Windows NT

Rutstein, Charles B. Windows NT Security: A Practical Guide to Securing Windows NT Servers and Workstations. New York: McGraw-Hill, 1997.

Securing Windows NT Installation. Microsoft. http://www.microsoft.com/ntserver/techresources/security/Secure_NTInstall.asp (1999)

Sheldon, Tom. Windows NT Security Handbook. Berkeley, CA: Osborne McGraw-Hill, 1997.

Sutton, Stephen A. Windows NT Security Guide. Reading, MA: Addison-Wesley Developers Press, 1997.

Windows NT Security Guidelines. Trusted Systems Services, Inc. http://www.trustedsystems.com/NSAGuide.htm (1998)

Windows NT Security Step by Step. SANS NT Security, https://store.sans.org/store_item.php?item=20 (1998)

Unix

Curry, Dave. Improving the Security of Your UNIX System (Technical Report ITSTD-721-FR-90-21). Menlo Park, CA: SRI International, April 1990.

Curry, David A. UNIX System Security: A Guide for Users and System Administrators. Reading, MA: Addison-Wesley Publishing Co., Inc., 1992.

Ellis, Jim; Fraser, Barbara; and Pesante, Linda. "Keeping Internet Intruders Away." UNIX Review, vol. 12, no. 9 (September 1994), pp. 35-44.

Garfinkel, Simson, and Spafford, Gene. Practical UNIX and Internet Security, 2nd ed. Sebastopol, CA: O'Reilly and Associates, Inc., 1996.

Other

Barrett, Daniel J. Bandits on the Information Superhighway. Sebastopol, CA: O'Reilly and Associates, 1996.

Best, Reba A. and Piquet, D. Cheryl. Computer Law and Software Protection: A Bibliography of Crime, Liability, Abuse, and Security, Jefferson, N.C.: McFarland, 1993.

Cappel, James J.; Vanecek, Michael T.; and Vedder, Richard G. "CEO and CIO Perspectives on Competitive Intelligence." Communications of the ACM. (August 1999).

Ermann, D. M.; Williams, M. B.; and Shauf, M. S. Computers, Ethics, and Society (Second Edition). New York: Oxford University Press, 1997.

NIST Federal Information Processing Standards (FIPS) on Computer Security. http://csrc.nist.gov/publications/fips/index.html

Regan, Priscilla M. Legislating Privacy: Technology, Social Values, and Public Policy. Chapel Hill: University of North Carolina Press, 1995.

Sterling, Bruce. The Hacker Crackdown: Law and Disorder on the Electronic Frontier. New York, NY: Bantam Books, 1992.

Stoll, Cliff. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. New York, NY: Doubleday, 1989.

CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark Office