Books about Encryption from Amazon.com

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:

• Program computers using C, assembly language, and shell scripts



• Corrupt system memory to run arbitrary code using buffer overflows and format strings



• Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening



• Outsmart common security measures like nonexecutable stacks and intrusion detection systems



• Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence



• Redirect network traffic, conceal open ports, and hijack TCP connections



• Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity..
Price: $28.44 [Notify me when price goes down.]

People love secrets Ever since the first word was written, humans have sent coded messages to each other. In The Code Book, Simon Singh, author of the bestselling Fermat's Enigma, offers a peek into the world of cryptography and codes, from ancient texts through computer encryption. Singh's compelling history is woven through with stories of how codes and ciphers have played a vital role in warfare, politics, and royal intrigue. The major theme of The Code Book is what Singh calls "the ongoing evolutionary battle between codemakers and codebreakers," never more clear than in the chapters devoted to World War II. Cryptography came of age during that conflict, as secret communications became critical to both sides' success.

Confronted with the prospect of defeat, the Allied cryptanalysts had worked night and day to penetrate German ciphers. It would appear that fear was the main driving force, and that adversity is one of the foundations of successful codebreaking.

In the information age, the fear that drives cryptographic improvements is both capitalistic and libertarian--corporations need encryption to ensure that their secrets don't fall into the hands of competitors and regulators, and ordinary people need encryption to keep their everyday communications private in a free society. Similarly, the battles for greater decryption power come from said competitors and governments wary of insurrection.

The Code Book is an excellent primer for those wishing to understand how the human need for privacy has manifested itself through cryptography. Singh's accessible style and clear explanations of complex algorithms cut through the arcane mathematical details without oversimplifying. --Therese Littleton.
Price: $6.23 [Notify me when price goes down.]

<>The Definitive Guide to Quantifying, Classifying, and Measuring Enterprise IT Security Operations

Security Metrics is the first comprehensive best-practice guide to defining, creating, and utilizing security metrics in the enterprise.

Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization’s unique requirements. You’ll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management.

Security Metrics successfully bridges management’s quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. It brings together expert solutions drawn from Jaquith’s extensive consulting work in the software, aerospace, and financial services industries, including new metrics presented nowhere else. You’ll learn how to:

• Replace nonstop crisis response with a systematic approach to security improvement

• Understand the differences between “good” and “bad” metrics

• Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk

• Quantify the effectiveness of security acquisition, implementation, and other program activities

• Organize, aggregate, and analyze your data to bring out key insights

• Use visualization to understand and communicate security issues more clearly

• Capture valuable data from firewalls and antivirus logs, third-party auditor reports, and other resources

• Implement balanced scorecards that present compact, holistic views of organizational security effectiveness

Whether you’re an engineer or consultant responsible for security and reporting to management–or an executive who needs better information for decision-making–Security Metrics is the resource you have been searching for.

Andrew Jaquith, program manager for Yankee Group’s Security Solutions and Services Decision Service, advises enterprise clients on prioritizing and managing security resources. He also helps security vendors develop product, service, and go-to-market strategies for reaching enterprise customers. He co-founded @stake, Inc., a security consulting pioneer acquired by Symantec Corporation in 2004. His application security and metrics research has been featured in CIO, CSO, InformationWeek, IEEE Security and Privacy, and The Economist.

Foreword

Preface

Acknowledgments

About the Author

Chapter 1 Introduction: Escaping the Hamster Wheel of Pain

Chapter 2 Defining Security Metrics

Chapter 3 Diagnosing Problems and Measuring Technical Security

Chapter 4 Measuring Program Effectiveness

Chapter 5 Analysis Techniques

Chapter 6 Visualization

Chapter 7 Automating Metrics Calculations

Chapter 8 Designing Security Scorecards

Index

.
Price: $29.00 [Notify me when price goes down.]

Get the definitive reference for deploying, configuring, and supporting Microsoft Windows Vistawith expert insights from Microsoft Most Valuable Professionals (MVPs) and the Windows Vista Team. This official Microsoft Resource Kit provides more than 1,500 pages of in-depth technical guidance on automating deployment; implementing security enhancements; administering group policy, files and folders, and programs; and troubleshooting for Windows Vista. In addition, you get detailed information on Microsoft Internet Explorer 7, Microsoft Windows Firewall, and Windows Defender. You also get more than 150 timesaving scripts to help automate administrative tasks, additional job aids, and an eBook of the entire Resource Kit on CD..
Price: $29.86 [Notify me when price goes down.]

According to Microsoft, Exchange Server delivers over 75% of all corporate e-mail. The 2007 release is the fist major overhaul since 2003. It attempts to address the challenge of delivering greater performance and accessibility while increasing protection against a new generation of high risk security threats. Microsoft has added many new features that dramatically improve the scope of Exchange Server and the Outlook web client, positioning the platform as a groupware and collaboration tool that is accessible to remote and wireless users as will as those wired directly to the corporate intranet. The typical SysAdmin needs a reference that cuts through all the complexity and seldom-used features to get the product successfully deployed as efficiently as possible---exactly the job of the "How to Cheat" series..
Price: $22.00 [Notify me when price goes down.]

The only book available on the market that addresses and discusses in-depth forensic analysis of Windows systems. Windows Forensic Analysis DVD Toolkit takes the reader to a whole new, undiscovered level of forensic analysis for Windows systems, providing unique information and resources not available anywhere else. This book covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. This book also brings this material to the doorstep of system administrators, who are often the front line troops when an incident occurs, but due to staffing and budgets do not have the necessary knowledge to effectively respond. The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else, as they were created by the author..
Price: $48.48 [Notify me when price goes down.]

While building on the skills you already have, Expert SQL Server 2005 Development will help you become an even better developer by focusing on best practices and demonstrating how to design high–performance, maintainable database applications.

This book starts by reintroducing the database as a integral part of the software development ecosystem. You’ll learn how to think about SQL Server development as you would any other software development. For example, there's no reason you can’t architect and test database routines just as you would architect and test application code. And nothing should stop you from implementing the types of exception handling and security rules that are considered so important in other tiers, even if they are usually ignored in the database.

You’ll learn how to apply development methodologies like these to produce high–quality encryption and SQLCLR solutions. Furthermore, you’ll discover how to exploit a variety of tools that SQL Server offers in order to properly use dynamic SQL and to improve concurrency in your applications. Finally, you’ll become well versed in implementing spatial and temporal database designs, as well as approaching graph and hierarchy problems.

Related Titles

• Pro T-SQL 2005 Programmer's Guide
• Pro SQL Server 2005 Database Design and Optimization
• Pro SQL Server 2005

.
Price: $15.96 [Notify me when price goes down.]

In defending your systems against intruders and other meddlers, a little knowledge can be used to make the bad guys--particularly the more casual among them--seek out softer targets. Counter Hack aims to provide its readers with enough knowledge to toughen their Unix and Microsoft Windows systems against attacks in general, and with specific knowledge of the more common sorts of attacks that can be carried out by relatively unskilled "script kiddies." The approach author Ed Skoudis has chosen is effective, in that his readers accumulate the knowledge they need and generally enjoy the process.

The best part of this book may be two chapters, one each for Windows and Unix, that explain the essential security terms, conventions, procedures, and behaviors of each operating system. This is the sort of information that readers need--a Unix person getting into Windows administration for the first time needs an introduction to the Microsoft security scheme, and vice versa. A third chapter explains TCP/IP with focus on security. With that groundwork in place, Skoudis explains how (with emphasis on tools) attackers look for vulnerabilities in systems, gain access, and maintain their access for periods of time without being discovered. You'll probably want to search online resources for more specific information--Skoudis refers to several--but this book by itself will provide you with the vocabulary and foundation knowledge you need to get the details you want. --David Wall

Topics covered: How black-hat hackers work, what tools and techniques they use, and how to assess and improve your systems' defenses. The author explains how Windows, Unix, and TCP/IP can be exploited for nefarious purposes, and details a modus operandi that's typical of the bad guys. .
Price: $31.00 [Notify me when price goes down.]

<>“It is about time that a book like The New School came along. The age of security as pure technology is long past, and modern practitioners need to understand the social and cognitive aspects of security if they are to be successful. Shostack and Stewart teach readers exactly what they need to know--I just wish I could have had it when I first started out.”

--David Mortman, CSO-in-Residence Echelon One, former CSO Siebel Systems

Why is information security so dysfunctional? Are you wasting the money you spend on security? This book shows how to spend it more effectively. How can you make more effective security decisions? This book explains why professionals have taken to studying economics, not cryptography--and why you should, too. And why security breach notices are the best thing to ever happen to information security. It’s about time someone asked the biggest, toughest questions about information security. Security experts Adam Shostack and Andrew Stewart don’t just answer those questions--they offer honest, deeply troubling answers. They explain why these critical problems exist and how to solve them. Drawing on powerful lessons from economics and other disciplines, Shostack and Stewart offer a new way forward. In clear and engaging prose, they shed new light on the critical challenges that are faced by the security field. Whether you’re a CIO, IT manager, or security specialist, this book will open your eyes to new ways of thinking about--and overcoming--your most pressing security challenges. The New School enables you to take control, while others struggle with non-stop crises.

• Better evidence for better decision-making
  Why the security data you have doesn’t support effective decision-making--and what to do about it
• Beyond security “silos”: getting the job done together
  Why it’s so hard to improve security in isolation--and how the entire industry can make it happen and evolve
• Amateurs study cryptography; professionals study economics
  What IT security leaders can and must learn from other scientific fields
• A bigger bang for every buck
  How to re-allocate your scarce resources where they’ll do the most good

.
Price: $18.19 [Notify me when price goes down.]

Foundations of Mac OS X Leopard Security is written in part as a companion to the SANS Institute course for Mac OS X. It contains detailed Mac OS X security information, but also walkthroughs on securing systems. By using the SANS Institute course as a sister to the book, the focus includes both the beginning home user and the seasoned security professional not accustomed to the Mac, and allows this title to establish the “best practices” for Mac OS X for a wide audience. Additionally, the authors of the book are seasoned Mac and security professionals, having built many of the largest network infrastructures for Apple and spoken at both DefCon and Black Hat on OS X security.

What you’ll learn

• Security overview
• Walkthroughs to secure systems
• Walkthroughs and suggestions for third–party applications on systems
• Mac forensics
• Mac hacking
• Apple wireless security
• Mac OS X security

Who is this book for?

A wide audience of users, power users, and administrators who wish to make sure their Mac platform is secure.

Related Titles

• Getting StartED with Mac OS X Leopard
• Mac OS X Leopard: Beyond the Manual
• Foundation Mac OS X Web Development
• AppleScript: A Comprehensive Guide to Scripting and Automation on Mac OS X

.
Price: $25.93 [Notify me when price goes down.]