C.2 Other Computer References

The following books and articles are of general interest to all practitioners of computer security, with Unix or other operating systems.

C.2.1 Computer Crime and Law

  1. Freedman, David H., and Charles C. Mann. @ Large; New York, NY, 1997. A story about a huge computer crime spree caused entirely by two people. This incident spawned the FBI Computer Crime Squad, some FIRST teams, and the writing of the Tripwire tool at Purdue.

  2. Icove, David, Karl Seger, and William VonStorch, Computer Crime: A Crimefighter's Handbook , Sebastopol, CA: O'Reilly & Associates, 1995. A popular rewrite of an FBI training manual. Dated and out of print (though available as used), but with some worthy material.

  3. Power, Richard. Tangled Web; Indianapolis, IN, Que, 2002. A collection of stories of cybercrime and investigation. Cites a number of statistics to give a snapshot of the problem.

C.2.2 Computer-Related Risks

  1. Leveson, Nancy G. Safeware: System Safety and Computers. A Guide to Preventing Accidents and Losses Caused by Technology. Reading, MA: Addison-Wesley, 1995. This textbook contains a comprehensive exploration of the dangers of computer systems, and explores ways in which software can be made more fault-tolerant and safety-conscious.

  2. Neumann, Peter G. Computer Related Risks. Reading, MA: Addison-Wesley, 1995. Dr. Neumann moderates the Internet RISKS mailing list. This book is a collection of the most important stories passed over the mailing list since its creation.

C.2.3 Computer Viruses and Programmed Threats

  1. Communications of the ACM , Volume 32, Number 6, June 1989 (the entire issue). This whole issue was devoted to issues surrounding the Internet Worm incident.

  2. Denning, Peter J. Computers Under Attack: Intruders, Worms and Viruses. Reading, MA: ACM Press/Addison-Wesley, 1990. A comprehensive collection of readings related to these topics, including reprints of many classic articles. Mainly of historical interest.

  3. Ferbrache, David. The Pathology of Computer Viruses. London, England: Springer-Verlag, 1992. This was probably the best all-around book on the technical aspects of computer viruses.

  4. Hoffman, Lance J., Rogue Programs: Viruses, Worms and Trojan Horses. New York, NY: Van Nostrand Reinhold, 1990. A comprehensive collection of readings on viruses, worms, and the like. Mainly of historical interest.

  5. The Virus Bulletin. Virus Bulletin CTD. Oxon, England. A monthly international publication on computer virus prevention and removal. This is an outstanding publication about computer viruses and virus prevention. It is likely to be of value only to sites with a significant PC population, however. The publication also sponsors conferences that have good papers on viruses (see http://www.virusbtn.com).

C.2.4 Cryptography Books

  1. Denning, Dorothy E. R. Cryptography and Data Security . Reading, MA: Addison-Wesley, 1983. The classic textbook in the field. Now out of print but worth having.

  2. Garfinkel, Simson. PGP: Pretty Good Privacy . Sebastopol, CA: O'Reilly & Associates, 1994. Describes the history of cryptography, the history of the program PGP, and explains PGP's use.

  3. Hinsley, F.H., and Alan Stripp. Code Breakers: The Inside Story of Bletchley Park. Oxford, England: Oxford University Press, 1993. Full of interesting historical vignettes.

  4. Hoffman, Lance J. Building in Big Brother: The Cryptographic Policy Debate. New York, NY: Springer-Verlag, 1995. An interesting collection of papers and articles about the Clipper Chip, Digital Telephony legislation, and public policy on encryption. Mainly of historical interest.

  5. Kahn, David. The Codebreakers: The Story of Secret Writing. New York, NY: Macmillan Company, 1996. The definitive history of cryptography.

  6. Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition. New York, NY: John Wiley & Sons, 1996. A comprehensive, unclassified book about computer encryption and data-privacy techniques.

  7. Singh, Simon. The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography. NY: Anchor Books, 2000. A compelling, popular account of code making and code breaking. Singh focuses on Turing's cracking of the German codes, the use of the Rosetta Stone to crack the code of the ancient Egyptian language, and the modern development of the RSA encryption system. This book has much insight and many stories that are missing from other popular accounts of cryptography. Highly recommended.

  8. Wayner, Peter. Disappearing Cryptography; Boston, MA: Academic Press, 1996. Contains good coverage of steganography.

C.2.5 Cryptography Papers and Other Publications

  1. Association for Computing Machinery. "Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy." Report of a Special Panel of the ACM U.S. Public Policy Committee. Location: USACM, June 1994. (http://info.acm.org/reports/acm_crypto_study.html)

  2. Diffie, Whitfield. "The First Ten Years of Public-Key Cryptography." Proceedings of the IEEE 76 (1988), 560-76. Whitfield Diffie's tour-de-force history of public key cryptography, with revealing commentaries.

  3. Diffie, Whitfield, and M.E. Hellman. "New Directions in Cryptography." IEEE Transactions on Information Theory IT-22 (1976). The article that introduced the concept of public key cryptography.

  4. Lai, Xuejia. "On the Design and Security of Block Ciphers." ETH Series in Information Processing 1 (1992). The article describing the IDEA cipher.

  5. LaMacchia, Brian A. and Andrew M. Odlyzko. "Computation of Discrete Logarithms in Prime Fields." Designs, Codes, and Cryptography. (1991), 46-62.

  6. Lenstra, A. K., H. W. Lenstra, Jr., M.S. Manasse, and J. M. Pollard. "The Number Field Sieve." Proceedings of the 22nd ACM Symposium on the Theory of Computing. Baltimore MD: ACM Press, 1990, 564-72.

  7. Merkle, Ralph. "Secure Communication Over Insecure Channels." Communications of the ACM 21 (1978), 294-99 (submitted in 1975). The article that should have introduced the concept of public key cryptography.

  8. Merkle, Ralph, and Martin E. Hellman. "On the Security of Multiple Encryption." Communications of the ACM 24 (1981), 465-67.

  9. Merkle, Ralph, and Martin E. Hellman. "Hiding Information and Signatures in Trap Door Knapsacks." IEEE Transactions on Information Theory 24 (1978), 525-30.

  10. Rivest, Ron, A. Shamir, and L. Adleman. "A Method for Obtaining Digital Signatures and Public Key Cryptosystems." Communications of the ACM 21 (1978).

C.2.6 General Computer Security

  1. Amoroso, Edward. Fundamentals of Computer Security Technology. Englewood Cliffs, NJ: Prentice Hall, 1994. A very readable and complete introduction to computer security at the level of a college text.

  2. Anderson, Ross. Security Engineering. New York, NY: John Wiley & Sons, 2001. A comprehensive book on end-to-end system design with security in mind.

  3. Bace, Rebecca. Intrusion Detection. Indianapolis, IN: Macmillan, 2000. An excellent book on the history and structure of intrusion detection systems for hosts and networks.

  4. Computers & Security . This is a journal published eight times each year by Elsevier Press, Oxford, England. (Order from Elsevier Press, +44-(0) 865-512242.) It is one of the main journals in the field. This journal is priced for institutional subscriptions, not individuals. Each issue contains pointers to dozens of other publications and organizations that might be of interest, as well as referenced articles, practicums, and correspondence. (The URL for the web page is included in "Security Periodicals.")

  5. Gasser, Morrie. Building a Secure Computer System. New York, NY: Van Nostrand Reinhold, 1988. A solid introduction to issues of secure system design. Most of the principles still aren't followed in modern systems (unfortunately).

  6. Gollmann, Dieter. Computer Security. Chichester, UK: John Wiley & Sons, 1999. A good survey textbook, widely used in academic settings.

  7. Hunt, A. E., S. Bosworth, and D. B. Hoyt, eds. Computer Security Handbook, Third Edition. New York, NY: John Wiley & Sons, 1995. A massive and thorough collection of essays on all aspects of computer security.

  8. Pfleeger, Charles P. Security in Computing, Third Edition. Englewood Cliffs, NJ: Prentice Hall, 3rd edition. 2002. Another good introduction to computer security.

  9. Russell, Deborah, and G. T. Gangemi, Sr. Computer Security Basics. Sebastopol, CA: O'Reilly & Associates, 1991. An excellent introduction to many areas of computer security and a summary of government security requirements and issues. Somewhat dated, but still of value.

  10. Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World. New York, NY: John Wiley & Sons, 2000. Experts who really understand security know that people and processes are often the weak link, and that even the best technology is insufficient in the face of careless operation. Schneier is well-known for his writing in the subject of cryptography, and this book presents the epiphany when he finally understood a few of the deeper truths of security.

  11. Thompson, Ken. "Reflections on Trusting Trust." Communications of the ACM, Volume 27, Number 8, August 1984. This is a "must-read" for anyone seeking to understand the limits of computer security and trust.

  12. Viega, John and Gary McGraw. Building Secure Software. Indianapolis, IN: Pearson/Addison-Wesley, 2002. An excellent book about how to code secure software, and the pitfalls of haphazard coding and deployment.

  13. Wood, Charles Cresson, et al. Computer Security: A Comprehensive Controls Checklist. New York, NY: John Wiley & Sons, 1987. Contains many comprehensive and detailed checklists for assessing the state of your own computer security and operations.

C.2.7 Network Technology and Security

  1. Bellovin, Steve and Bill Cheswick. Firewalls and Internet Security. Reading, MA: Addison-Wesley, 1994. The classic book on firewalls. This book will teach you almost everything you need to know about how firewalls work, but it will leave you without implementation details unless you happen to have access to the full source code to the Unix operating system and a staff of programmers who can write bug-free code.

  2. Comer, Douglas E. Internetworking with TCP/IP, Fourth Edition. Englewood Cliffs, NJ: Prentice Hall, 2000. A complete, readable reference that describes how TCP/IP networking works, including information on protocols, tuning, and applications.

  3. Costales, Bryan with Eric Allman. Sendmail, Third Edition. Sebastopol, CA: O'Reill & Associates, 2002. The definitive guide to configuring the most popular mailer on the planet, co-authored by the program's owner.

  4. Garfinkel, Simson with Gene Spafford. Web Security, Privacy & Commerce. Sebastopol, CA: O'Reilly & Associates, 2001. The definitive guide to securing web servers.

  5. Hunt, Craig. TCP/IP Network Administration, Third Edition. Sebastopol, CA: O'Reilly & Associates, 2002. This book is an excellent system administrator's overview of TCP/IP networking (with a focus on Unix systems), and a very useful reference to major Unix networking services and tools such as BIND (the standard Unix DNS server) and sendmail (the standard Unix SMTP server).

  6. Kaufman, Charles, Radia Perlman, and Mike Speciner. Network Security: Private Communications in a Public World, Second Edition. Englewood Cliffs, NJ: Prentice Hall, 2002. This book provides outstanding coverage of the various protocols, mechanisms, and algorithms used in securing network access and communication. It contains particularly good presentations on network authentication and access control systems.

  7. Stallings, William. Cryptography and Network Security: Principles and Practice s. Englewood Cliffs, NJ: Prentice Hall, 2003. A good introductory textbook.

  8. Stevens, Richard W. Unix Network Programming. Englewood Cliffs, NJ: Prentice Hall, 1995. Covers the basic and advanced features of programming with sockets on Unix systems.

  9. Zwicky, Elizabeth D., D., Simon Cooper, and Brent Chapman . Building Internet Firewalls . Sebastopol, CA: O'Reilly & Associates, 1995. A good how-to book that describes in clear detail how to build your own firewall.

C.2.8 Security Products and Services Information

  1. Computer Security Buyer's Guide. Computer Security Institute, San Francisco, CA. (Order from CSI, 415-905-2626.) Contains a comprehensive list of computer security hardware devices and software systems that are commercially available. The guide is free with membership in the Institute. The URL is http://www.gocsi.com.

C.2.9 Understanding the Computer Security "Culture"

All of these publications describe the historical and future views of computer networks that are much discussed (and emulated) by system attackers.

  1. Brunner, John. Shockwave Rider. New York, NY: A Del Ray Book, published by Ballantine, 1975. One of the first descriptions of a computer worm.

  2. Dreyfus, Suelette. Underground. Australia: Reed Books, 1997. A book about the exploits of several Australian hackers relatively early on. Some of the story is incorrect, however, as the author failed to contact all parties to verify the facts.

  3. Gibson, William. Burning Chrome , Neuromancer , Count Zero , Mona Lisa Overdrive , Virtual Light , Idoru , and All Tomorrow's Parties . New York, NY: Bantam Books. Cyberpunk books by the science fiction author who coined the term "cyberspace."

  4. Hafner, Katie and John Markoff. Cyberpunk: Outlaws and Hackers on the Computer Frontier. New York, NY: Simon & Schuster, 1991. Tells the stories of three hackers?Kevin Mitrick, Pengo, and Robert T. Morris.

  5. Levy, Steven. Hackers: Heroes of the Computer Revolution. New York, NY: Dell Books, 1984. One of the original publications describing the "hacker ethic."

  6. Littman, Jonathan, The Fugitive Game: Online with Kevin Mitnick. Boston, MA: Little, Brown, 1996. A year prior to his capture in 1995, Jonathan Littman had extensive telephone conversations with Kevin Mitnick and learned what it was like to be a computer hacker on the run. This is the story.

  7. Mitnick, Kevin D. and William L. Simon. The Art of Deception: Controlling the Human Element. New York, NY: John Wiley & Sons, 2002. A revealing collection of fictional stories loosely based on this famed criminal's personal experiences in subverting computer systems by exploiting human foibles. Be sure to read the unauthorized preface on the Internet that Mitnick's publisher forced him to remove.

  8. Shimomura, Tsutomu, with John Markoff. Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw?By the Man Who Did it. New York, NY: Hyperion, 1995. On Christmas Day, 1994, an attacker broke into Tsutomu Shimomura's computer. A few weeks later, Shimomura was asked to help out with a series of break-ins at two major Internet service providers in the San Fransisco area. Eventually, the trail led to North Carolina, where Shimomura participated in the tracking and capture of Kevin Mitnick. This is the story, written by Shimomura and Markoff. Markoff is the New York Times journalist who covered the capture.

  9. Sterling, Bruce. The Hacker Crackdown : Law and Disorder on the Electronic Frontier. This book is available in several places on the Web. http://www-swiss.ai.mit.edu/~bal/sterling/contents.html is one location; other locations can be found in the CERIAS hotlist.

  10. Stoll, Cliff. The Cuckoo's Egg. Garden City, NY: Doubleday, 1989. An amusing and gripping account of tracing a computer intruder through the networks. The intruder was later found to be working for the KGB and trying to steal sensitive information from U.S. systems.

  11. Varley, John. Press Enter. Reprinted in several collections of science fiction, including Blue Champagne, Ace Books, 1986; Isaac Asimov's Science Fiction Magazine, 1984; and Tor SF Doubles, Tor Books, October 1990.

  12. Vinge, Vernor. True Names and Other Dangers. New York, NY: Baen, distributed by Simon & Schuster, 1987. This is a classic science fiction story that presages both virtual reality and the use of "handles" in online communications. Reading the story now may result in a "so what?" response, but when it was originally published, these concepts were not generally known. Some of the story has yet to come to pass, and it is still worth reading.

C.2.10 Unix Programming and System Administration

  1. Albitz, Paul and Cricket Liu. DNS and BIND , Fourth Edition. Sebastopol, CA: O'Reilly & Associates, 2001. An excellent reference for setting up DNS nameservers.

  2. Bach, Maurice. The Design of the UNIX Operating System. Englewood Cliffs, NJ: Prentice Hall, 1986. Good background about how the internals of Unix work. Basically oriented toward older System V Unix, but with details applicable to every version.

  3. Bolsky, Morris I. and David G. Korn. The New Kornshell Command and Programming Language , Second Edition. Englewood Cliffs, NJ: Prentice Hall, 1995. This is a complete tutorial and reference to ksh?the only shell some of us use when given the choice, and the inspiration for the POSIX shell standard used by bash and others.

  4. Harbison, Samuel P. and Guy L. Steele Jr.. C, a Reference Manual. Englewood Cliffs, NJ: Prentice Hall, 1984. The classic description of the C programming language.

  5. Kernighan, Brian, Dennis Ritchie, and Rob Pike. The UNIX Programming Environment. Englewood Cliffs, NJ: Prentice Hall, 1984. A nice guide to the Unix philosophy and how to build shell scripts and command environments under Unix.

  6. McKusick, Marshall Kirk, Keith Bostic, Michael Karels, and John Quarterman. The Design and Implementation of the 4.4 BSD UNIX Operating System. Reading, MA: Addison-Wesley, 1996. This book can be viewed as the BSD version of Maurice Bach's book. It is a readable and detailed description of how and why the BSD Unix system is designed the way it is.

  7. Nemeth, Evi, Garth Snyder, Scott Seebass, and Trent R. Hein. UNIX System Administration Handbook, Third Edition. Englewood Cliffs, NJ: Prentice Hall, 2000. An excellent reference on the various ins and outs of running a Unix system. This book includes information on system configuration, adding and deleting users, running accounting, performing backups, configuring networks, running sendmail, and much more. Highly recommended.

  8. Welsh, Matt, Lar Kaufman, Matthias K. Dalheimer, and Terry Dawson. Running Linux, Fourth Edition. Sebastopol, CA: O'Reilly & Associates, 2002. A practical and readable guide to the Linux operating system.

C.2.11 Miscellaneous References

  1. Hawking, Stephen W. A Brief History of Time: From the Big Bang to Black Holes. New York, NY: Bantam Books, 1988. Want to know the age of the universe? It's in here, although Unix is not.

  2. Miller, Barton P., Lars Fredriksen, and Bryan So. "An Empirical Study of the Reliability of UNIX Utilities." Communications of the ACM, Volume 33, Number 12, December 1990, 32-44. A thought-provoking report of a study showing how Unix utilities behave when given unexpected input. See the Fuzz archive at http://www.cs.wisc.edu/~bart/fuzz/ for recent papers and source code.

  3. Salus, Peter H. A Quarter Century of Unix. Reading, MA: Addison-Wesley, 1994. The definitive history of the Unix operating system and the attempts to commercialize it.

  4. Schwartz, Randal L. and Tom Phoenix. Learning Perl, Third Edition. Sebastopol, CA: O'Reilly & Associates, 2001. A painless way to learn the Perl language from the beginning.

  5. Wall, Larry, Tom Christiansen, and Jon Orwant. Programming Perl, Third Edition. Sebastopol, CA: O'Reilly & Associates, 2000. The definitive reference to the Perl scripting language. A must for anyone who does much shell, awk, or sed programming or would like to quickly write some applications in Unix.

C.2.12 Security Periodicals

Computer Audit Update
Computer Fraud & Security Update
Computer Law & Security Report
Computers & Security
Elsevier Advanced Technology
Crown House, Linton Rd.
Barking, Essex I611 8JU
Voice: 44 81 5945942
Fax: 44 81 5945942
Telex: 896950 APPSCI G
North American Distributor:
P.O. Box 882
New York, NY 10159
Voice: (212) 989-5800
Computer Security Alert
Computer Security Journal
Computer Security Buyers Guide
Computer Security Institute
600 Harrison Street
San Francisco, CA 94107
Voice: (415 ) 905-2626
CSO Magazine
CXO Media, Inc.
492 Old Connecticut Path
Framingham, MA 01701
Voice: (508) 935-4591
Disaster Recovery Journal
P.O. Box 510110
St. Louis, MO 63151
Voice: (314) 894-0276
Information Security
85 Astor Ave., Suite 2
Norwood, MA 02062
Voice: (314) 894-0276
SC Magazine (InfoSecurity News)
West Coast Publishing, Inc.
161 Worcester Roac, Suite 201
Framingham, MA 01701
Voice: (508) 879-9792

    Part VI: Appendixes