The Little Black Book of Computer Security [Paperback]

Joel Dubin (Author)

Book Description

Publication Date: July 2005

Every day, new reports of viruses, worms, trojans, spyware, and just plain hacker mischief appear. If you're an IT manager, it is hard to keep up and can seem like a losing battle. The hackers are winning the war -- or are they? The Little Black Book of Security tells you how to go about keeping your network hacker-free. As a concise guide to IT security presented in an easy-to-read checklist format, this book provides a quick reference to the whole range of procedures required for keeping your networks and systems safe -- despite any future changes in your hardware or software technology. Ever wonder how a hacker could break into a computer system simply by using a screwdriver? That and other technical tricks are explained here. Moreover, this book goes beyond explaining such gimmicks -- it also makes clear why taking care of physical security, creating readable IT security policy, and maintaining best practices when hiring employees are just as important as understanding the dirty tricks that hackers possess in their toolkits. Social engineering -- the low-tech but most effective way to break into a computer system -- and how to defeat it are described in detail. IT security managers and auditors will find the checklists useful for organizing a comprehensive IT security program. However, even if you just need to secure your e-mail and Web servers or want a guide to intrusion detection and incident response, The Little Black Book of Computer Security offers something of interest to any IT professional, whether that person is a project manager, system administrator, or software developer. Handy references to useful Web sites and tools are included.

Editorial Reviews

About the Author

Joel Dubin, CISSP, works as an independent computer-security consultant who is based out of Chicago. He has received multiple certifications from Sun Microsystems in the Java programming language as well as MBA and BA degrees from Northwestern University. He holds an Amateur Extra Class radio-operator license and maintains fluency in several foreign languages.

Product Details

• Paperback: 150 pages
• Publisher: 29th Street Press (July 2005)
• Language: English
• ISBN-10: 1583041206
• ISBN-13: 978-1583041208
• Product Dimensions: 7 x 4.5 x 0.5 inches
• Shipping Weight: 5.6 ounces
• Average Customer Review: 4.4 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #1,673,022 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

5 of 5 people found the following review helpful:

4.0 out of 5 stars Great book for anyone in the technical field, whether hands on or in management., October 28, 2005

By 

Charles Hornat - www.infosecwriters.com (NY, USA) - See all my reviews

This review is from: The Little Black Book of Computer Security (Paperback)

This book is a very different approach to Information Security. I have to say, I think this style is long over do. The style that Joel uses is a checklist format to most security issues facing companies today. The book starts off with an introduction to Information Security, including many definitions and terms. This is the only place I really have any issues with the book. Some of the definitions are not in line with the Information Security community's definition. Without going into too much detail, I highly recommend that anyone who reads this book, please take the definitions lightly. Focus more on the actual content of the book.

The first step the author takes is to categorize attacks. He does this to help layout the rest of the book. After categorizing attacks and risks, he introduces you to assessing your systems. This is where this book excels. The format from this point forward is in the form of lists. Almost checklist like in some chapters. The checklist could be used by anyone in technology that needs to understand or quickly get a grasp of what should be considered when auditing systems.

The Email chapter is a good example of how these outlines are provided and how they can be helpful. The chapter starts out with a few paragraphs about overall security of email, such as sniffing and spoofing as threats. It then quickly turns to outline format starting with overall posture, encryption, providing privacy to specific users, and then heads to Spam and Infections. In this chapter the author also tangents and provides a sidebar on how fake emails can be generated and sent. This information could help one understand the simplicity in the attacks as well give some firepower to the reader to present to management when trying to gain funding for extra protection.

Chapters that follow are Writing Policies, HR and Physical security, Software Access Controls, Email Security, Malware protection, Web site and Perimeter protection, Intrusion Detection and Response, Disaster Recovery, Wireless, Securing Code, Operating System Security, Protecting Privacy, Preventing Identity Theft, and Protecting Children.

Each of these chapters provides an outline of absolute items that must be considered when discussing security on any of the subjects. The outlines are very well organized and some will even go into detail about other considerations. The book rounds out with future security trends and some cheat sheets, useful web links and other goodies that any reader could find helpful.

Overall this book is for anyone in the technical field, whether hands on or management. The book is written in such a way that anyone wanting to audit or assess a specific in their environment would find this book helpful.

I recommend this book and give it 4 stars.

4 of 4 people found the following review helpful:

5.0 out of 5 stars Helping the novice feel smart about computer security, August 16, 2005

By 

Peter S. Lobin - See all my reviews
(REAL NAME)   

This review is from: The Little Black Book of Computer Security (Paperback)

As a complete novice, I found this book to be very helpful. I oversee a growing business with equally growing IT needs, and I have been increasingly concerned about the security of my computer systems. I was looking for something to give me a brief overview of the process and found it in this book. It also wasn't too technical for a businessperson, such as myself, to understand. I recommend to any business manager involved in IT security.

2 of 2 people found the following review helpful:

4.0 out of 5 stars Great Tool For Assessing and Improving Security, May 20, 2006

By 

Tony Bradley "s3kur3" (Houston, TX) - See all my reviews
(VINE VOICE)   

This review is from: The Little Black Book of Computer Security (Paperback)

Some computer security books are written for complete novices, while others assume some level of knowledge on the part of the reader. The Little Black Book of Computer Security does neither.

Joel Dubin's book is written in such a way that anybody can pick it up and use it as an action plan. Dubin does not bother going into great detail explaining the security concerns or the various steps that he includes to resolve or mitigate the issues. But, there is enough information there to point you in the right direction.

That is the strength of the book really. It is small and concise, but provides the information that administrators, or I.T. managers, or even everyday computer users, need to analyze their own security and identify areas that need strengthening.

If the reader is going through the Secure Your Web Site chapter and doesn't understand what the 'Root Directory' is, or what the difference between a POST and a GET command are, they will need to go elsewhere to educate themselves. But, this book will at least have let them know that those are areas they should be concerned with.

The Black Book won't make you a security guru, but it can be a great tool to help you audit and lock down your computer security.