[lug] Holy Grail Book Recommendations

David L. Anselmi anselmi at anselmi.us
Thu Jan 11 21:52:23 MST 2007

Ted Logan wrote:
> On 1/11/07, Chip Atkinson <chip at pupman.com> wrote:
>> TCP/IP Illustrated, volume 1, by Stevens.
> I love my copy of _TCP/IP Illustrated, Volume 1_, but due to its age,
> its coverage of newer protocols is lacking. It covers BOOTP instead of
> DHCP, and doesn't cover HTTP or SSH.

Stevens vol 1 is definately the way to go.  If you read it you'll be 
able to pick up DHCP, HTTP, and SSH easily from other sources.  You 
really want the layer 3 info in Stevens as it applies to all the other 
protocols too.  Most network problems happen at layer 2 or 3 and those 
are the hard layers to design.  The rest either just work or you go read 
the source (assuming you're doing something wacky enough that they don't 
just work).

Tannenbaum's "Computer Networks" is a good book for broader coverage of 
networking.  I don't know how current it is, mine predates most wireless.

Security is such a huge topic that you won't learn it no matter how many 
books you read.

I'd say Amoroso's "Computer Security Fundamentals" is a good start but 
you'd hate it.  It appears to be about multi-level security, an NSA 
effort in the 80s that largely failed.  But it really is about the 
fundamentals and is a great foundation if you can actually think.

A little less theoretical is Anderson's "Security Engineering". 
O'Reilly has a book by Spafford and Garfinkle that should be a 
reasonable start from a more practical direction, and their firewall book.

Any good sysadmin book will have a reasonable discussion of security 
that's completely practical.  But it can be hard to evaluate the 
tradeoffs if that's your only reference.  Limoncelli and Nemeth are the 
two that seem best to me.

Of course Schneier is the bible on cryptography (which you may not 
actually need to know anything about).

I don't know anything about writing secure code, but I hear the MS book 
is good.

And finally, if Rob Slade reviews it and says it's good, it probably is 
worth reading if you happen to be interested in the topic.


More information about the LUG mailing list