VMware vSphere and Virtual In!astructure Security: Securing the Virtual Environment (Prentice Hall) is written by Edward L. Haletky with the assistance of our friend, Tim Pierson. Another friend, Christofer Hoff, wrote the Forward. Pierson is currently working with us to integrate the power of HPSS in his security courses. (Very cool!) Hoff is a forward thinking security professional who is respected among his peers. The book immediately confronts the security issue with VMware. Chapter 2 presents the “anatomy of an attack.” Attack perspectives are from a Pentester, a hacker, a script kiddie, and a disgruntled employee.

Chapters 6, 7, and 8 focus on deployment, management, operations and virtual machine security. Some common operational issues are discussed to protect and audit your environment. Chapter 9 is especially useful, posing real-world questions discussed on the VMware VMTN Communities forums. The latter part of the book features a patch for Linux, a security hardening script, and an assessment script output. A reading list and links are included in the final section. A great addition to your IT library from Amazon for $40.56.

Computer Security and Cryptography (Wiley) by Alan G. Konheim, is a great resource to understand and implement data security systems. Chapters are organized to help develop technical skills, describe a cryptosystem and method of analysis, and provide problems to test your grasp of the material and ability to implement practical solutions.

The book begins with the history of cryptography and moves into the theory of symmetric and public-key cryptography. Chapter 18 focuses on cryptography application. Included is Unix password encipherment, password cracking and protecting ATM transactions.

With consumers becoming increasingly wary of identity theft and companies struggling to develop safe, secure systems, this book is essential reading for professionals in e-commerce and information technology. Written by a professor who teaches cryptography, it is also ideal for students. Available at Amazon for $90.00.

Hardware Based Computer Security Techniques to Defeat Hackers (Wiley) by Roger Dube, maps out solutions for hardware devices used by the Intelligence and Defense communities. Dube begins with an overview of the basic elements of computer security and then covers areas such as cryptography, bootstrap loading, and biometrics. 

   Chapter Twelve does a good job of covering “tokens,” such as a key card or photo ID. The computer security mantra, “something you have and something you know” is true with securing tokens. Issues such as cost, usability and lockout must be evaluated when considering the use of tokens as part of the user-authentication process.

   The book not only discusses the solutions but devotes a chapter at the end to explain how to implement them. A good investment for the CIO and IT Administrator. Available through Amazon for the sale price of $71.96. (retail $89.95)

  IT Compliance and Controls: Best Practices for Implementation is a timely book that takes a good look at IT internal controls and answers the question, “How much is enough?” Along with providing protection for their organizations, the CIO/CTO needs to address compliance issues identifying appropriate controls and its relationship with the global market. Author James J. DeLuccia, IV presents field-tested ideas forged from the fires of direct experience with clients who are daily hammering out their technology to become competitive business models.  

    DeLuccia lays a foundation by examining the importance of internal IT controls defining US government oversight measures. He then explains why silo IT strategy wastes time and resources, offering a better solution in having an IT enterprise control environment.

     The third section of the book covers implementation, focusing on risk analysis, technology strategy orchestration, life cycle management, access and authorization,  and other areas. Available through Amazon for an affordable $40. A very useful book for the CIO, CTO, IT auditors, audit managers, and IT managers.

 Another serious textbook, The Handbook of Information and Computer Ethics is an ambitious in-depth look at the dizzying playground where technology meets  human behavior. The book is a compilation of varying professors in philosophy and technology, offering their take on issues such as privacy and anonymity, hacking, and responsibility and risk assessment. 

The editors, Kenneth E. Himma and Herman T. Tavani, explore the relationship between the internet and one’s ability to co-exist with it ethically.  Himma especially has an interesting definition of the term “hacker” and ponders if the concept of trespassing means the same as the  term “digital intrusion.”

The chapter on responsibilities for information on the internet is challenging by questioning who truly owns it. Another chapter explores the issue of Software Development Impact Statements. (SoDIS) It is a fascinating book. For $100 (On sale at Amazon!), you can stretch your mind with all types of scenarios. A great book to pass along to your network staff.

Authors: Anjum & Mouchtaris
Publisher: Wiley
Cost: $75.00
Rating: 3 out of 5

This book reads like a PHD thesis. It is long on technical and mathematic detail and a little short on real-world scenarios. The examples are well researched and deeply technical. While the reading is a little tedious, those seeking an in depth understanding of wireless security will benefit greatly from this book.

At just under 250 pages it’s likely to take longer than a weekend to complete the read, but especially if you’re a mathematical genius, this book should be right up your alley. One of the highlights of the book is the content that relates to intrusion detection systems. The section did an excellent job of explaining various techniques and architectures for wireless intrusion detection. This content will be especially interesting to engineers and vendors in the wireless security space.