This article can also be found in the Premium Editorial Download "Information Security magazine: Exclusive: Security salary and careers guide."
Download it now to read this article plus other related content.
These are our picks for the 10 must-have security titles you should always keep handy.
Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition
By William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin
This perimeter security text is perfect for serious security professionals. The authors have mastered the art of applying the theoretical to actual working applications; the result is pragmatic advice from some of the finest minds in the field.
Hacking Exposed, Fifth Edition
By Stuart McClure, Joel Scambray, George Kurtz
McGraw-Hill, 692 pages, $49.99
The original edition ushered in a new era of computer security publishing, offering unabashed, technically detailed and fully documented instructions on how to subvert the security of a multitude of systems. Although some scoff at the series, perhaps they just hate to see some of their secrets published.
By Bruce Schneier
Wiley, 784 pages, $54.99
Any book that the National Security Agency prefers to remain unpublished is bound to make great reading. Anyone doing serious work with cryptography needs a copy. With a comprehensive and excellent explanation of encryption of all kinds, this book is second to none.
By Bruce Schneier, Niels Ferguson
Wiley, 432 pages, $50
Schneier's sequel to Applied Cryptography will help you apply your newfound cryptographic skills successfully and securely. Think of them as volumes one and two of the same book.
Practical Unix & Internet Security
By Simson Garfinkel, Gene Spafford, Alan Schwartz
O'Reilly, 986 pages, $54.95
The authors deliver an excellent introduction to a wide variety of computer and network security issues within UNIX.
By Ross Anderson
Wiley, 595 pages, $70
This book details security design and implementation strategies employed in real-world systems. Although many publishers employ strategies attempting to inflate the page count (and price) of a book, this 600-page masterpiece could only result from the dedication of an extremely knowledgeable veteran of the field.
The Tao of Network Security Monitoring
By Richard Bejtlich
Addison-Wesley Professional, 832 pages, $54.99
"Tao" means "The Way," and that's what this book is: the way to evolve IDS operations. The network security monitoring philosophy is both obvious and completely revolutionary.
The Art of Computer Virus Research and Defense
By Peter Szor
Addison-Wesley Professional, 744 pages, $49.99
Szor's mastery of virus/antivirus technology is unparalleled, and this comprehensive tome is the definitive work on the subject. Although parts are inaccessible to all but experienced assembly language programmers, antivirus is such a critical technology that every professional should read this book, if only to understand the problem.
A Guide to Forensic Testimony
By Fred Chris Smith, Rebecca Gurley Bace
Addison-Wesley Professional, 560 pages, $54.99
As security pros, we stand a higher-than-average chance of being called into court to testify about the results of our investigations. The authors do a good job of explaining the challenges associated with information security cases and how to give the best testimony possible.
By Brian McWilliams
O'Reilly, 256 pages, $22.95
This behind-the-scenes account of real-life spammers and spam fighters is a must-read for anyone trying to squelch junk e-mail. There's a freak show in here, but also a lot of good intelligence on the inner workings of the spam kings.
More information from SearchSecurity.com
Read excerpts from these and other books at SearchSecurity's Information Security Bookshelf.
This was first published in July 2006