These are our picks for the 10 must-have security titles you should always keep handy.
Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition
By William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin
Addison-Wesley Professional, 455 pages, $36.95
This perimeter security text is perfect for serious security professionals. The authors have mastered the art of applying the theoretical to actual working applications; the result is pragmatic advice from some of the finest minds in the field.
Hacking Exposed, Fifth Edition
By Stuart McClure, Joel Scambray, George Kurtz
McGraw-Hill, 692 pages, $49.99
The original edition ushered in a new era of computer security publishing, offering unabashed, technically detailed and fully documented instructions on how to subvert the security of a multitude of systems. Although some scoff at the series, perhaps they just hate to see some of their secrets published.
By Bruce Schneier
Wiley, 784 pages, $54.99
Any book that the National Security Agency prefers to remain unpublished is bound to make great reading. Anyone doing serious work with cryptography needs a copy. With a comprehensive and excellent explanation of encryption of all kinds, this book is second to none.
By Bruce Schneier, Niels Ferguson
Wiley, 432 pages, $50
Schneier's sequel to Applied Cryptography will help you apply your newfound cryptographic skills successfully and securely. Think of them as volumes one and two of the same book.
Practical Unix & Internet Security
By Simson Garfinkel, Gene Spafford, Alan Schwartz
O'Reilly, 986 pages, $54.95
The authors deliver an excellent introduction to a wide variety of computer and network security issues within UNIX.
By Ross Anderson
Wiley, 595 pages, $70
This book details security design and implementation strategies employed in real-world systems. Although many publishers employ strategies attempting to inflate the page count (and price) of a book, this 600-page masterpiece could only result from the dedication of an extremely knowledgeable veteran of the field.
The Tao of Network Security Monitoring
By Richard Bejtlich
Addison-Wesley Professional, 832 pages, $54.99
"Tao" means "The Way," and that's what this book is: the way to evolve IDS operations. The network security monitoring philosophy is both obvious and completely revolutionary.
The Art of Computer Virus Research and Defense
By Peter Szor
Addison-Wesley Professional, 744 pages, $49.99
Szor's mastery of virus/antivirus technology is unparalleled, and this comprehensive tome is the definitive work on the subject. Although parts are inaccessible to all but experienced assembly language programmers, antivirus is such a critical technology that every professional should read this book, if only to understand the problem.
A Guide to Forensic Testimony
By Fred Chris Smith, Rebecca Gurley Bace
Addison-Wesley Professional, 560 pages, $54.99
As security pros, we stand a higher-than-average chance of being called into court to testify about the results of our investigations. The authors do a good job of explaining the challenges associated with information security cases and how to give the best testimony possible.
By Brian McWilliams
O'Reilly, 256 pages, $22.95
This behind-the-scenes account of real-life spammers and spam fighters is a must-read for anyone trying to squelch junk e-mail. There's a freak show in here, but also a lot of good intelligence on the inner workings of the spam kings.
More information from SearchSecurity.com
Read excerpts from these and other books at SearchSecurity's Information Security Bookshelf.