Friday, March 29, 2013

Book Review: Security Engineering by Anderson

Anderson's update to his classic reference book is a worthwhile addition to the bookshelf of any system administrator or enterprise architect.

The length certainly is intimidating, but every page is packed with information. A lot of so-called "security" books are full of fluff and recycled advice that is freely available on the web. Anderson's book is a well-thought-out encyclopedia of information that you will need to design dependable, resilient, secure systems.

As an author, I can tell you that it is easy to tell the difference between a book that someone has rushed to press and one that is a carefully constructed reference. Anderson took the time to do his book right.

Take the time to read the book; don't hurry through it. Then come back to the book again in a year--I can guarantee that you will learn as much the second time through as you did the first.

Posted by at No comments:

Tuesday, March 26, 2013

Hijacked Management Server Implicated in South Korea Attack

The Register is reporting that the recent cyber attacks in South Korea may have used the patch server as the attack vector.

This is a good illustration of why defense in depth is important. Sophos reports that the signatures for the malware were well-known and should have been caught by updated malware detection software.

If you missed it, Wired Magazine had a pretty good write-up in the initial aftermath of the attack.

Posted by at No comments:
Subscribe to: Posts (Atom)