C.2 Other Computer References
The following books and articles are of general interest to all
practitioners of computer security, with Unix or other operating
C.2.1 Computer Crime and Law
David H., and Charles C. Mann. @ Large; New
York, NY, 1997. A story about a huge computer crime spree caused
entirely by two people. This incident spawned the FBI Computer Crime
Squad, some FIRST teams, and the writing of the Tripwire tool at
and William VonStorch, Computer Crime: A
Crimefighter's Handbook , Sebastopol, CA:
O'Reilly & Associates, 1995. A popular rewrite
of an FBI training manual. Dated and out of print (though available
as used), but with some worthy material.
Tangled Web; Indianapolis, IN, Que, 2002. A collection of stories of
cybercrime and investigation. Cites a number of statistics to give a
snapshot of the problem.
C.2.2 Computer-Related Risks
Leveson, Nancy G. Safeware: System Safety and Computers. A Guide to
Preventing Accidents and Losses Caused by Technology.
Reading, MA: Addison-Wesley, 1995. This textbook contains a
comprehensive exploration of the dangers of computer systems, and
explores ways in which software can be made more fault-tolerant and
G. Computer Related Risks.
Reading, MA: Addison-Wesley, 1995. Dr. Neumann moderates the Internet
RISKS mailing list. This book is a collection of the most important
stories passed over the mailing list since its creation.
C.2.3 Computer Viruses and Programmed Threats
Communications of the
ACM , Volume 32, Number
6, June 1989 (the entire issue). This whole issue was devoted to
issues surrounding the Internet Worm incident.
J. Computers Under Attack: Intruders, Worms and
Viruses. Reading, MA: ACM Press/Addison-Wesley, 1990. A
comprehensive collection of readings related to these topics,
including reprints of many classic articles. Mainly of historical
Ferbrache, David. The
Pathology of Computer Viruses. London, England:
Springer-Verlag, 1992. This was probably the best all-around book on
the technical aspects of computer viruses.
Hoffman, Lance J., Rogue
Programs: Viruses, Worms and Trojan Horses. New York, NY:
Van Nostrand Reinhold, 1990. A comprehensive collection of readings
on viruses, worms, and the like. Mainly of historical interest.
The Virus Bulletin.
Virus Bulletin CTD. Oxon, England. A monthly international
publication on computer virus prevention and removal. This is an
outstanding publication about computer viruses and virus prevention.
It is likely to be of value only to sites with a significant PC
population, however. The publication also sponsors conferences that
have good papers on viruses (see http://www.virusbtn.com).
C.2.4 Cryptography Books
Dorothy E. R. Cryptography and Data Security . Reading, MA:
Addison-Wesley, 1983. The classic textbook in the field. Now out of
print but worth having.
Garfinkel, Simson. PGP: Pretty Good Privacy . Sebastopol, CA:
O'Reilly & Associates, 1994. Describes the
history of cryptography, the history of the program PGP, and explains
F.H., and Alan
Stripp. Code Breakers: The Inside Story of Bletchley
Park. Oxford, England: Oxford University Press, 1993. Full
of interesting historical vignettes.
Hoffman, Lance J. Building
in Big Brother: The Cryptographic Policy Debate. New York,
NY: Springer-Verlag, 1995. An interesting collection of papers and
articles about the Clipper Chip, Digital Telephony legislation, and
public policy on encryption. Mainly of historical interest.
Kahn, David. The
Codebreakers: The Story of Secret Writing. New York, NY:
Macmillan Company, 1996. The definitive history of cryptography.
Schneier, Bruce. Applied
Cryptography: Protocols, Algorithms, and Source Code in C,
Second Edition. New York, NY: John Wiley & Sons, 1996. A
comprehensive, unclassified book about computer encryption and
The Code Book: The Science of Secrecy from Ancient Egypt to
Quantum Cryptography. NY: Anchor Books, 2000. A
compelling, popular account of code making and code breaking. Singh
focuses on Turing's cracking of the German codes,
the use of the Rosetta Stone to crack the code of the ancient
Egyptian language, and the modern development of the RSA encryption
system. This book has much insight and many stories that are missing
from other popular accounts of cryptography. Highly recommended.
Wayner, Peter. Disappearing
Cryptography; Boston, MA: Academic Press, 1996. Contains good
coverage of steganography.
C.2.5 Cryptography Papers and Other Publications
Computing Machinery. "Codes, Keys, and Conflicts:
Issues in U.S. Crypto Policy." Report of a
Special Panel of the ACM U.S. Public Policy Committee.
Location: USACM, June 1994. (http://info.acm.org/reports/acm_crypto_study.html)
"The First Ten Years of Public-Key
Cryptography." Proceedings of the
IEEE 76 (1988), 560-76. Whitfield
Diffie's tour-de-force history of public key
cryptography, with revealing commentaries.
and M.E. Hellman. "New Directions in
Cryptography." IEEE Transactions on
Information Theory IT-22 (1976). The article that
introduced the concept of public key cryptography.
Lai, Xuejia. "On the
Design and Security of Block Ciphers." ETH
Series in Information Processing 1 (1992). The article
describing the IDEA cipher.
LaMacchia, Brian A. and Andrew M.
Odlyzko. "Computation of Discrete Logarithms in
Prime Fields." Designs, Codes, and
Cryptography. (1991), 46-62.
Lenstra, A. K.,
H. W. Lenstra, Jr., M.S. Manasse, and J. M. Pollard.
"The Number Field Sieve."
Proceedings of the 22nd ACM Symposium on the Theory of
Computing. Baltimore MD: ACM Press, 1990, 564-72.
"Secure Communication Over Insecure
Channels." Communications of the
ACM 21 (1978), 294-99 (submitted in
1975). The article that should have introduced the concept of public
Ralph, and Martin E. Hellman. "On the Security of
Multiple Encryption." Communications of
the ACM 24 (1981), 465-67.
Merkle, Ralph, and Martin
E. Hellman. "Hiding Information and Signatures in
Trap Door Knapsacks." IEEE Transactions on
Information Theory 24
Rivest, Ron, A.
L. Adleman. "A Method for Obtaining Digital
Signatures and Public Key Cryptosystems."
Communications of the ACM
C.2.6 General Computer Security
Edward. Fundamentals of Computer Security
Technology. Englewood Cliffs, NJ: Prentice Hall, 1994. A
very readable and complete introduction to computer security at the
level of a college text.
Ross. Security Engineering. New York, NY: John
Wiley & Sons, 2001. A comprehensive book on end-to-end system
design with security in mind.
Rebecca. Intrusion Detection. Indianapolis, IN:
Macmillan, 2000. An excellent book on the history and structure of
intrusion detection systems for hosts and networks.
Computers & Security
. This is a
journal published eight times each year by Elsevier Press, Oxford,
England. (Order from Elsevier Press, +44-(0) 865-512242.) It is one
of the main journals in the field. This journal is priced for
institutional subscriptions, not individuals. Each issue contains
pointers to dozens of other publications and organizations that might
be of interest, as well as referenced articles, practicums, and
correspondence. (The URL for the web page is included in
Gasser, Morrie. Building a
Secure Computer System. New York, NY: Van Nostrand
Reinhold, 1988. A solid introduction to issues of secure system
design. Most of the principles still aren't followed
in modern systems (unfortunately).
Dieter. Computer Security. Chichester, UK: John Wiley & Sons,
1999. A good survey textbook, widely used in academic settings.
Hunt, A. E., S.
D. B. Hoyt, eds. Computer Security Handbook,
Third Edition. New York, NY: John Wiley & Sons, 1995. A massive
and thorough collection of essays on all aspects of computer
Charles P. Security in Computing, Third Edition.
Englewood Cliffs, NJ: Prentice Hall, 3rd edition. 2002. Another good
introduction to computer security.
Russell, Deborah, and G. T. Gangemi,
Sr. Computer Security Basics. Sebastopol, CA:
O'Reilly & Associates, 1991. An excellent
introduction to many areas of computer security and a summary of
government security requirements and issues. Somewhat dated, but
still of value.
Schneier, Bruce. Secrets
and Lies: Digital Security in a Networked World. New York,
NY: John Wiley & Sons, 2000. Experts who really understand
security know that people and processes are often the weak link, and
that even the best technology is insufficient in the face of careless
operation. Schneier is well-known for his writing in the subject of
cryptography, and this book presents the epiphany when he finally
understood a few of the deeper truths of security.
"Reflections on Trusting Trust."
Communications of the ACM, Volume 27, Number 8,
August 1984. This is a "must-read"
for anyone seeking to understand the limits of computer security and
Viega, John and
Gary McGraw. Building Secure
Software. Indianapolis, IN: Pearson/Addison-Wesley, 2002.
An excellent book about how to code secure software, and the pitfalls
of haphazard coding and deployment.
Wood, Charles Cresson, et al.
Computer Security: A Comprehensive Controls
Checklist. New York, NY: John Wiley & Sons, 1987.
Contains many comprehensive and detailed checklists for assessing the
state of your own computer security and operations.
C.2.7 Network Technology and Security
Steve and Bill Cheswick.
Firewalls and Internet Security. Reading, MA:
Addison-Wesley, 1994. The classic book on firewalls. This book will
teach you almost everything you need to know about how firewalls
work, but it will leave you without implementation details unless you
happen to have access to the full source code to the Unix operating
system and a staff of programmers who can write bug-free code.
Douglas E. Internetworking with TCP/IP, Fourth
Edition. Englewood Cliffs, NJ: Prentice Hall, 2000. A complete,
readable reference that describes how TCP/IP networking works,
including information on protocols, tuning, and applications.
Costales, Bryan with Eric Allman. Sendmail,
Third Edition. Sebastopol, CA: O'Reill &
Associates, 2002. The definitive guide to configuring the most
popular mailer on the planet, co-authored by the
Garfinkel, Simson with Gene Spafford. Web Security, Privacy
& Commerce. Sebastopol, CA: O'Reilly
& Associates, 2001. The definitive guide to securing web servers.
Hunt, Craig. TCP/IP Network
Administration, Third Edition.
Sebastopol, CA: O'Reilly & Associates, 2002.
This book is an excellent system administrator's
overview of TCP/IP networking (with a focus on Unix systems), and a
very useful reference to major Unix networking services and tools
such as BIND (the standard Unix DNS server) and
sendmail (the standard Unix SMTP server).
Perlman, and Mike Speciner. Network Security: Private
Communications in a Public World, Second Edition.
Englewood Cliffs, NJ: Prentice Hall, 2002. This book provides
outstanding coverage of the various protocols, mechanisms, and
algorithms used in securing network access and communication. It
contains particularly good presentations on network authentication
and access control systems.
Stallings, William. Cryptography and Network Security: Principles and
Practice s. Englewood Cliffs, NJ: Prentice Hall, 2003. A
good introductory textbook.
Stevens, Richard W. Unix Network Programming.
Englewood Cliffs, NJ: Prentice Hall, 1995. Covers the basic and
advanced features of programming with sockets on Unix systems.
Zwicky, Elizabeth D., D., Simon Cooper, and Brent
Chapman . Building
Internet Firewalls . Sebastopol, CA:
O'Reilly & Associates, 1995. A good how-to book
that describes in clear detail how to build your own firewall.
C.2.8 Security Products and Services Information
Computer Security Buyer's
Security Institute, San Francisco, CA. (Order from CSI,
415-905-2626.) Contains a comprehensive list of computer security
hardware devices and software systems that are commercially
available. The guide is free with membership in the Institute. The
URL is http://www.gocsi.com.
C.2.9 Understanding the Computer Security "Culture"
All of these publications describe the historical and future views of
computer networks that are much discussed (and emulated) by system
Shockwave Rider. New York, NY: A Del Ray Book,
published by Ballantine, 1975. One of the first descriptions of a
Underground. Australia: Reed Books, 1997. A book
about the exploits of several Australian hackers relatively early on.
Some of the story is incorrect, however, as the author failed to
contact all parties to verify the facts.
Burning Chrome , Neuromancer , Count Zero , Mona Lisa Overdrive
, Virtual Light , Idoru , and All Tomorrow's Parties
. New York, NY: Bantam Books. Cyberpunk
books by the science fiction author who coined the term
Hafner, Katie and
John Markoff. Cyberpunk:
Outlaws and Hackers on the Computer Frontier. New York,
NY: Simon & Schuster, 1991. Tells the stories of three
Mitrick, Pengo, and Robert T. Morris.
Steven. Hackers: Heroes of the Computer
Revolution. New York, NY: Dell Books, 1984. One of the
original publications describing the "hacker
Littman, Jonathan, The
Fugitive Game: Online with Kevin Mitnick. Boston, MA:
Little, Brown, 1996. A year prior to his capture in 1995, Jonathan
Littman had extensive telephone conversations with Kevin Mitnick and
learned what it was like to be a computer hacker on the run. This is
Mitnick, Kevin D. and William L. Simon. The Art of
Deception: Controlling the Human Element. New York, NY:
John Wiley & Sons, 2002. A revealing collection of fictional
stories loosely based on this famed criminal's
personal experiences in subverting computer systems by exploiting
human foibles. Be sure to read the unauthorized preface on the
Internet that Mitnick's publisher forced him to
John Markoff. Takedown: The
Pursuit and Capture of Kevin Mitnick, America's Most
Wanted Computer Outlaw—By the Man Who Did it. New
York, NY: Hyperion, 1995. On Christmas Day, 1994, an attacker broke
into Tsutomu Shimomura's computer. A few weeks
later, Shimomura was asked to help out with a series of break-ins at
two major Internet service providers in the San Fransisco area.
Eventually, the trail led to North Carolina, where Shimomura
participated in the tracking and capture of Kevin Mitnick. This is
the story, written by Shimomura and Markoff. Markoff is
the New York Times journalist who covered the
Sterling, Bruce. The
Hacker Crackdown : Law and Disorder on the
Electronic Frontier. This book is available in several
places on the Web. http://www-swiss.ai.mit.edu/~bal/sterling/contents.html
is one location; other locations can be found in the CERIAS hotlist.
Stoll, Cliff. The
Cuckoo's Egg. Garden City, NY: Doubleday,
1989. An amusing and gripping account of tracing a computer intruder
through the networks. The intruder was later found to be working for
the KGB and trying to steal sensitive information from U.S. systems.
Press Enter. Reprinted in several collections of
science fiction, including Blue Champagne, Ace
Books, 1986; Isaac Asimov's Science
Fiction Magazine, 1984; and Tor SF
Doubles, Tor Books, October 1990.
True Names and Other Dangers. New
York, NY: Baen, distributed by Simon & Schuster, 1987. This is a
classic science fiction story that presages both virtual reality and
the use of "handles" in online
communications. Reading the story now may result in a
"so what?" response, but when it
was originally published, these concepts were not generally known.
Some of the story has yet to come to pass, and it is still worth
C.2.10 Unix Programming and System Administration
Paul and Cricket
Liu. DNS and BIND , Fourth Edition.
Sebastopol, CA: O'Reilly & Associates, 2001. An
excellent reference for setting up DNS nameservers.
Bach, Maurice. The Design of
the UNIX Operating System. Englewood Cliffs, NJ: Prentice
Hall, 1986. Good background about how the internals of Unix work.
Basically oriented toward older System V Unix, but with details
applicable to every version.
Bolsky, Morris I. and David G. Korn. The New Kornshell Command and Programming
Language , Second Edition. Englewood Cliffs, NJ: Prentice
Hall, 1995. This is a complete tutorial and reference to
ksh—the only shell some of us use when
given the choice, and the inspiration for the POSIX shell standard
used by bash and others.
Harbison, Samuel P. and Guy L. Steele
Jr.. C, a Reference Manual. Englewood Cliffs,
NJ: Prentice Hall, 1984. The classic description of the C programming
Dennis Ritchie, and Rob Pike. The UNIX
Programming Environment. Englewood Cliffs, NJ: Prentice
Hall, 1984. A nice guide to the Unix philosophy and how to build
shell scripts and command environments under Unix.
McKusick, Marshall Kirk,
Bostic, Michael Karels, and John
Quarterman. The Design and Implementation of the 4.4 BSD
UNIX Operating System. Reading, MA: Addison-Wesley, 1996.
This book can be viewed as the BSD version of Maurice
Bach's book. It is a readable and detailed
description of how and why the BSD Unix system is designed the way it
Scott Seebass, and Trent R. Hein.
UNIX System Administration Handbook, Third
Edition. Englewood Cliffs, NJ: Prentice Hall, 2000. An excellent
reference on the various ins and outs of running a Unix system. This
book includes information on system configuration, adding and
deleting users, running accounting, performing backups, configuring
networks, running sendmail, and much more.
Welsh, Matt, Lar
Kaufman, Matthias K. Dalheimer, and
Terry Dawson. Running Linux, Fourth Edition.
Sebastopol, CA: O'Reilly & Associates, 2002. A
practical and readable guide to the Linux operating system.
C.2.11 Miscellaneous References
Stephen W. A Brief History
of Time: From the Big Bang to Black Holes. New York, NY:
Bantam Books, 1988. Want to know the age of the universe?
It's in here, although Unix is not.
Barton P., Lars Fredriksen,
and Bryan So. "An Empirical Study of the Reliability
of UNIX Utilities." Communications of the
ACM, Volume 33, Number 12, December 1990, 32-44. A
thought-provoking report of a study showing how Unix utilities behave
when given unexpected input. See the Fuzz archive at http://www.cs.wisc.edu/~bart/fuzz/ for recent
papers and source code.
Salus, Peter H. A Quarter Century of Unix.
Reading, MA: Addison-Wesley, 1994. The definitive history of the Unix
operating system and the attempts to commercialize it.
L. and Tom Phoenix. Learning Perl,
Third Edition. Sebastopol, CA: O'Reilly &
Associates, 2001. A painless way to learn the Perl language from the
Wall, Larry, Tom Christiansen, and Jon
Orwant. Programming Perl, Third Edition.
Sebastopol, CA: O'Reilly & Associates, 2000. The
definitive reference to the Perl scripting language. A must for
anyone who does much shell, awk, or
sed programming or would like to quickly write
some applications in Unix.
C.2.12 Security Periodicals
- Computer Audit Update
- Computer Fraud & Security Update
- Computer Law & Security Report
- Computers & Security
- Elsevier Advanced Technology
- Crown House, Linton Rd.
- Barking, Essex I611 8JU
- Voice: 44 81 5945942
- Fax: 44 81 5945942
- Telex: 896950 APPSCI G
- North American Distributor:
- P.O. Box 882
- New York, NY 10159
- Voice: (212) 989-5800
- Computer Security Alert
- Computer Security Journal
- Computer Security Buyers Guide
- Computer Security Institute
- 600 Harrison Street
- San Francisco, CA 94107
- Voice: (415 ) 905-2626
- CSO Magazine
- CXO Media, Inc.
- 492 Old Connecticut Path
- Framingham, MA 01701
- Voice: (508) 935-4591
- Disaster Recovery Journal
- P.O. Box 510110
- St. Louis, MO 63151
- Voice: (314) 894-0276
- Information Security
- 85 Astor Ave., Suite 2
- Norwood, MA 02062
- Voice: (314) 894-0276
- SC Magazine (InfoSecurity News)
- West Coast Publishing, Inc.
- 161 Worcester Roac, Suite 201
- Framingham, MA 01701
- Voice: (508) 879-9792