I wanted to share my first infosec book review on amazon I wrote back in August of ‘06.

“Defend I.T.: Security by Example” is one of my first reads on IT security. I am currently a programmer, looking to get into the information security field.

This book has successfully turned my interest in IT security into intrigue. Each chapter is a different real life case study, with techniques used and lessons learned. Coming from a technical background, I appreciated the technical depth that the authors delve into. From the get go in Chapter 1, the authors present a tutorial on the popular scanning tool called NMAP which is fascinating. The network diagrams throughout the book were very helpful in explaining to the reader the difficult concepts such as Distributed Denial-of-Service attack and Ingress and Egress filtering.

“Defend I.T.: Security by Example” introduced me to many new concepts including IDS, INGRESS, EGRESS, DMZ, SSO, ZOMBIE,FIREWALL’s, VPN’s, PKI, and DOS attacks, just to name a few. Overall, this book is very informative and well-written.

I highly recommend this book as a great addition to your IT Security library.

There are well known forms of authentication in security we use often to identify someone’s identity to systems. Three forms are; something you know ( i.e a password), something you have (i.e a bank card, secureId token), something you are (i.e fingerprints, retnal pattern). For example, when you use your ATM card at a bank you are using something you have (bank card) and a pin (something you know) , this is called multifacter authentication.

On Security Now (a fantastic podcast) Q and A episode 92 someone wrote in about another way of authenticating users using IP intelligence. IP intelligence is knowing approximately where you are located when using the internet. So you can have a website display local resturants based on the the IP he logged on to the site with.

The applications of this technology is great. When discussing authentication this can be used to further verify someone’s identity. If I log onto my bank site with a IP address that originated from Geneva, that might be a good indication to the website that it’s not me logging on. There are third-party’s services that offer this to the extra security contious web site. This works nicely , since , the IP address of the user logging in using a SSL connection can’t be spoofed. So next time you’re in China and you can’t log into your banking site you’ll know why

Anyone have an other forms of authentication you’d like to share ???

Wow this is exciting !!!! I recently got my google reader all set up with a bunch of different feeds from bloggers and news ect. On a whim I decided start my own blog. I feel like writing in a blog can help my writing skills and help me express my thoughts and ideas, at the same time provide others with information that I hope will be informative. I’m totally intrigued by the information security world and hope to some day work in the field. To be proactive I started studying for the CISSP. I hope to share some of the things I learned that I find interesting. Please post your comments.