Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Resources > Books on computer security
Go to: HSC Trainings
Télécharger le catalogue des formations
Version française
o Skills & Expertise
o Consulting
o ISO 27001 services
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o Training courses
o E-learning
o Agenda
o Past events
o Tutorials
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
o HSC Newsletter
o Bulletin juridique HSC
o Press review
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Books on computer security  
blah Resources
See also...
o Books HSC contributed writing
o Risk management
o Internet security
o Wireless network security
o Unix security
o Windows NT security
o Programming
o Administration
o Quality of Service
o Human aspects in security
o Security management

Here is a list of recommended books, with links to on-line order through amazon.fr, amazon.com and amazon.co.uk.

Risk management

Model-based Management of Information System Security Risk by Nicolas Mayer, Presses universitaires de Namur avril 2009, ISBN 978-2-87037-640-9.
Cet ouvrage est la première analyse comparative des différentes méthodes d'appréciation des risques utilisées dans le monde de la SSI, c'est la référence du domaine.

Management des risques pour un développement durable by Xavier Michel, Patrice Cavaillie, Jean-Marc Picard, Pascale Coupard, ... , Dunod 2009, ISBN 978-2-10-005521-0.
Cet ouvrage donne une vision globale du problème de la gestion des risques, il est beaucoup plus complet que ce que son titre laisse entendre et il est une référence.

Gestion des risques en sécurité de l'information by Anne Lupfer, Eyrolles septembre 2010, ISBN 978-2-212-12593-1.
Cet ouvrage est le premier livre qur la méthode ISO 27005, il en donne une vision didactique beaucoup plus abordable que la norme elle-même.

Internet security

L'Internet Sécurisé by Eric Larcher (2000)
Introduction to everything a well-informed Internet user or novice network administrator needs to know. The book covers e-mail, web and browsers, and viruses.

TCP/IP Illustrated, The Protocols by W. Richard Stevens
From the RFC to the description of every single bit found on the network and the details of the main parts of TCP networks, the book explains all the TCP/IP protocols. It gives numerous dump samples and answers to every questions any tcpdump user could ask.
[amazon.fr] [amazon.com] [amazon.co.uk]

Sécuriser l'entreprise connectée by Pierre-Luc Refalo (2002)
Panorama complet des enjeux de la sécurité pour un responsable, à la fois sous l'angle des risques, du cadre légal, des technologies et des solutions organisationelles.

Wireless network security

Real 802.11 Security - Wi-Fi Protected Access and 802.11i by Jon Edney and William A. Arbaugh (Sep 2004)
Good book presenting WPA and 802.11i standards. Give necessary informations to the deployment of protected wireless networks.
[amazon.fr] [amazon.com] [amazon.co.uk]

Unix security

Practical Unix and Internet Security by Simson Garfinkel and Gene Spafford (1996)
Written by a computer security guru, this books covers all the topics of the Unix security. You must read this book if you can't attend our Unix Security course.
[amazon.fr] [amazon.com] [amazon.co.uk]

Windows NT security

There is not much documentation on Windows NT security. However, here are two good books on this topics:

Windows NT Security Guide by Stephen A. Sutton (1996)
This book explains how to use the Windows NT security features to build secure networks. You must read appendix A on the recommended ACL for a secure installation.
[amazon.fr] [amazon.com] [amazon.co.uk]

Windows NT Security Handbook by Tom Sheldon
This book is more heavy, and enters into more general considerations to present Windows NT solutions. It's less technical than the precedent book.
[amazin.fr] [amazon.com] [amazon.co.uk]


These books are the reference books of all the system developers:

Advanced Programming in the UNIX Environment by W. Richard Stevens (1992)
This book explains all the Unix part of the C language, with code samples for each topic, and the limitations and exceptions for each system (SVR4, BSD, POSIX, etc).
[amazon.fr] [amazon.com] [amazon.co.uk]

POSIX Programmer's Guide by Donald Lewine
This is THE reference for all portable code. Should your program be compiled on another system than yours, it will have to comply to all the rules of this guide. Read those chapters on internationalization and on porting from BSD or SysV to POSIX, you won't find them anywhere else.
[amazon.fr] [amazon.com] [amazon.co.uk]

TCP/IP Illustrated, The Implementation by W. Richard Stevens
This is the most technical book of this page. If you need to study the TCP/IP stack of your firewall (or router), or to change it, this book was written for you. It explains all the implementation tricks of such software parts, with many code samples. Beware: you may want to write your own router with all the knowledge you will get from this book.
[amazon.fr] [amazon.com] [amazon.co.uk]


A strong system security doesn't stand without good system administration. Here is a list of books you should read to be able to manage all your network servers.

TCP/IP Network Administration by Craig Hunt
This book is an introduction to necessary parts for an efficient network: TCP/IP basics, routing principles, and configuration of the main network servers.
[amazon.fr] [amazon.com] [amazon.co.uk]

Sendmail by Bryan Costales with Eric Allman (1997)
Written in association with the author of the most deployed mail transport application of the world, this book explains all the details of sendmail. Today, almost all the mail configurations use M4, and this book has a full chapter on it. But for one configuration out of one hundred, the cf file is hand made, and this book is the only one to explain all the tricks of the true sendmail gurus.
[amazon.fr] [amazon.com] [amazon.co.uk]

DNS and BIND by Paul Albitz and Cricket Liu (2001)
This book describes both the Domain Name System (how it works through Internet, what the protocol is, how to use it on a wide area network) and BIND configuration (the most deployed domain name server). The last Bind version (8.1.1) has changed the configuration file format since this book publication. However only one file is concerned, and the new format is well described in the online documentation of bind-8.1.1.
[amazon.fr] [amazon.com] [amazon.co.uk]

Quality of Service

Quality of Service by Paul Ferguson and Geoff Huston (1998)
A very complete book, which gives a good overview of the subject and explains all the techniques.
[amazon.fr] [amazon.com] [amazon.co.uk]

Human aspects in security

Hacking à coeur, les enfants du numérique by Isabelle Tisserand (2002)
This book try to decrypt hackers and them motivations.
[alapage.com] [amazon.fr]

Security management

Management de la sécurité de l'information. Implémentation ISO 27001, audit et certification. by Alexandre Fernandez-Toro, Eyrolles 2008, ISBN 978-2-212-12218-3.
This book helps to understand and apply the ISO 27001 and ISO 27002 standards, which are now references for the information system security management. Based on the experience of Alexandre, thie book explains how to set up a ISMS, insisting on traps to avoid. It's also a useful guide to prepare the ISO 27001 certification audit.
[fnac.com] [amazon.fr] [alapage.com] [eyrolles.com]
Last modified on 24 August 2010 at 16:44:47 CET - webmaster@hsc.fr
Mentions légales - Information on this server - © 1989-2013 Hervé Schauer Consultants