Appendix A. List of Resources

Chapter 1

The CompTIA Security+ home page: www.comptia.com/certification/security/default.asp

Chapter 2

Allen, Julia H. The CERT Guide to System and Network Security Practices . Addison-Wesley. Upper Saddle River, NJ, 2001. ISBN 020173723X.

Krause, Micki, and Harold F. Tipton. Information Security Management Handbook, Fourth Edition . Auerbach Publications . New York, NY, 1999. ISBN 0849398290.

The SANS "The Twenty Most Critical Internet Security Vulnerabilities" list: www.sans.org/top20/

Chapter 3

Chirillo, John. Hack Attacks Denied: A Complete Guide to Network Lockdown for UNIX, Windows , and Linux, Second Edition . John Wiley & Sons. Indianapolis, IN, 2002. ISBN 0471232831.

Refer to Chapter 1, "Common Ports and Services," and Chapter 4, "Safeguarding Against Penetration Attacks."

Chirillo, John. Hack Attacks Revealed: A Complete Reference for UNIX, Windows, and Linux with Custom Security Toolkit, Second Edition . John Wiley & Sons. Indianapolis, IN, 2002. ISBN 0471232823.

Refer to Chapter 4, "Well-Known Ports and Their Services," and Chapter 5, "Discovery and Scanning Techniques."

McClure, Stuart, Joel Scambray, and George Kurtz. Hacking Exposed: Network Security Secrets and Solutions, Third Edition . McGraw-Hill. New York, NY, 2001. ISBN 0072193816.

Refer to Chapter 12, "Denial of Service Attacks."

Virus Bulletin Web site: www.virusbtn.com

The Twenty Most Critical Internet Security Vulnerabilities list (SANS): www.sans.org/top20/

The CERT Coordination Center (CERT/CC): www.cert.org

Chapter 4

Allen, Julia H. The CERT Guide to System and Network Security Practices . Addison-Wesley. Upper Saddle River, NJ, 2001. ISBN 020173723X.

SANS Information Security Reading Room: rr.sans.org/index.php

Chapter 5

Allen, Julia H. The CERT Guide to System and Network Security Practices . Addison-Wesley, Upper Saddle River, NJ, 2001. ISBN 020173723X.

The World Wide Web Security FAQ: www.w3.org/Security/Faq/

SANS Information Security Reading Room: rr.sans.org/index.php

IEEE Standards Association: standards.ieee.org/

Chapter 6

Bragg, Roberta. CISSP Training Guide . Que. Indianapolis, IN, 2002. ISBN 078972801X.

Refer to Chapter 2, "Telecommunications and Network Security."

Lammle, Todd. CCNA Cisco Certified Network Associate Study Guide, Second Edition . Sybex. Alameda, CA, 2000. ISBN 0782126472.

Refer to Chapter 6, "Virtual LANs (VLANs)."

Maufer, Thomas A. IP Fundamentals: What Everyone Needs to Know About Addressing & Routing . Prentice Hall PTR. Upper Saddle River, NJ, 1999. ISBN 0139754830.

Refer to Chapter 12, "Introduction to Routing."

Firewall Architectures: www.invir.com/int-sec-firearc.html

Introduction to the Internet and Internet Security: csrc.nist.gov/publications/nistpubs/800-10/node1.html

IP in IP Tunneling (RFC 1853): www.faqs.org/rfcs/rfc1853.html

VLAN information: net21.ucdavis.edu/newvlan.htm

Chapter 7

Shipley, Greg. Maximum Security, Third Edition . Sams Publishing. Indianapolis, IN, 2001. ISBN 0672318717.

The World Wide Web Security FAQ: www.w3.org/Security/Faq/

SANS Information Security Reading Room: rr.sans.org/index.php

CERT Incident Reporting Guidelines: www.cert.org/tech_tips/incident_reporting.html

Chapter 8

Krutz, Ronald, and Russell Dean Vines. The CISSP Prep Guide: Mastering the Ten Domains of Computer Security . John Wiley & Sons. Indianapolis, IN, 2001. ISBN 0471413569.

How Encryption Works reference Web site: www.howstuffworks.com/encryption.htm

RSA-Based Cryptographic Schemes Web site: www.rsasecurity.com/rsalabs/rsa_algorithm/

W3C XML Encryption Working Group Web site: www.w3.org/Encryption/2001/

National Institute of Standards and Technology Web site: www.nist.gov

Rijndael Web site: www.esat.kuleuven.ac.be/~rijmen/rijndael/

Request for Comments (RFC) 2527, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework," on the Internet Engineering Task Force (IETF) Web site: www.ietf.org/rfc/rfc2527.txt

Microsoft Kerberos deployment Web page: www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/windows2000serv/deploy/kerberos.asp

Security books, journals, bibliographies , and publications listing Web site: www.cs.auckland.ac.nz/~pgut001/links/books.html

Chapter 9

Housley, Russ and Tim Polk. Planning for PKI . John Wiley & Sons. New York, NY, 2001. ISBN 0471397024.

Krutz, Ronald, and Russell Dean Vines. The CISSP Prep Guide: Mastering the Ten Domains of Computer Security . John Wiley & Sons. Indianapolis, IN, 2001. ISBN 0471413569.

PKI X.509 PKIX Charter Web page (which provides a description of the working group and many related RFC and Internet-draft links): www.ietf.org/html. charters /pkix-charter.html

International Telecommunications Union Web site page with information on the data networks and open systems communications recommendations: www.itu.int/rec/recommendation.asp?type=products&lang=e&parent=T-REC-X

RSA Corporation "Public Key Cryptography Standards" Web page: www.rsasecurity.com/rsalabs/pkcs/

National Institute of Standards and Technology "Security Requirements for Cryptographic mod u les" Web page: csrc.nist.gov/cryptval/140-1/fr981023.htm

Chapter 10

Chirillo, John. Hack Attacks Denied . John Wiley & Sons. New York, NY, 2001. ISBN 0471416258.

Shipley, Greg. Maximum Security, Third Edition . Sams Publishing. Indianapolis, IN, 2001. ISBN 0672318717.

SANS Information Security Reading Room: rr.sans.org/index.php

CERT Incident Reporting Guidelines: www.cert.org/tech_tips/incident_reporting.html

Chapter 11

Chirillo, John. Hack Attacks Denied . John Wiley & Sons. New York, NY, 2001. ISBN 0471416258.

Cole, Eric. Hackers Beware . Pearson Education. Indianapolis, IN, 2002. ISBN 0735710090.

An Explanation of Computer Forensics, by Judd Robbins: www.computerforensics.net/forensics.htm

CERT Incident Reporting Guidelines: www.cert.org/tech_tips/incident_reporting.html

Other Resources

www.bluetooth.com/ is the official Bluetooth Web site.

www.bluetooth.org/ offers information about joining the Bluetooth SIG.

www.securityfocus.com/popups/forums/bugtraq/faq.shtml provides information about the SecurityFocus BUGTRAQ mailing list FAQ.

www.informit.com/ includes IT-related articles, books, forums, and certification information (requires registration).

www.mcmcse.com/comptia/security/SY0101.shtml is Microsoft's list of Security+ resources.

www.certcities.com offers practice exams, exam review forums, and other information related to IT certification tests. The Security+ exam is discussed at certcities.com/editorial/exams/story.asp?EditorialsID=66.

www.comptia.com/certification/security/default.asp is CompTIA's site for Security+ information.