The Practice of Network Security Monitoring – You’re compromised, so deal with it. #security #bookreview

The Practice of Network Security Monitoring

Understanding Incident Detection and Response
Richard Bejtlich
(No Starch Press – paperback, Kindle)

Security expert Richard Bejtlich’s focus in his new book is not on “the planning and defense phases of the security cycle.” Instead, he emphasizes how to handle “systems that are already compromised or that are on the verge of being compromised.”

His well-organized, well-written, 341-page book aims to help you “start detecting and responding to digital intrusions using network-centric operations, tools, and techniques.”

Bejtlich has long emphasized a “detection-centered philosophy” built around a straightforward central tenet: “Prevention eventually fails.” No matter how many digital walls and moats you build around your network, someone will find a way to tunnel in, parachute in, or sneak in via an unsuspecting employee’s $9.95 thumb drive.

“It’s becoming smarter,” he writes, “to operate as though your enterprise is always compromised. Incident response is no longer an infrequent, ad-hoc affair. Rather, incident response should be a continuous business process with defined metrics and objectives.”

You may recognize some of Bejtlich’s previous books on network security monitoring (NSM): The Tao of Network Security Monitoring; Extrusion Detection; and Real Digital Forensics.

The Practice of Network Security Monitoring is tailored toward two key audiences: (1) security professionals who have little or no experience with NSM; and (2) “more senior incident handlers, architects, and engineers who need to teach NSM to managers, junior analysts, or others who may be technically less adept.”

Readers, he add, should understand “the basic use of the Linux and Windows operating systems, TCP/IP networking, and the essentials of network attack and defense.”

The examples in Bejtlich’s book rely on open source and vendor-neutral tools, primarily from Doug Burks’ Security Onion (SO) distribution.

The 13-chapter book is organized into four parts:

  • Part I: Getting Started - Introduces NSM and sensor placement issues.
  • Part II: Security Onion Deployment - Shows how to install and configure SO.
  • Part III: Tools – Examines the “key software shipped with SO and how to use these applications.”
  • Part IV: NSM in Action – Looks at “how to use NSM processes and data to detect and respond to intrusions.”

Following the technical chapters, Bejtlich offers some concluding thoughts on network security management, cloud computing, and establishing an effective workflow for NSM. “NSM isn’t just about tools,” he writes. “NSM is an operation, and that concept implies workflow, metrics, and collaboration. A workflow establishes  a series of steps that an analyst follows to perform the detection and response mission. Metrics, like the classification and count of incidents and time elapsed from incident detection to containment, measure the effectiveness of the workflow. Collaboration enables analysts to work smarter and faster.”

He also observes: “It is possible to defeat adversaries if we stop them before they accomplish their mission. As it has been since the early 1990s, NSM will continue to be a powerful, cost-effective way to counter intruders.”

Si Dunn

Juniper MX Series – A comprehensive guide for network engineers – #bookreview #juniper #networking

Juniper MX Series
Douglas Richard Hanks Jr., and Harry Reynolds
(O’Reilly, paperbackKindle)

This comprehensive, well-written handbook is aimed directly at network engineers who want to know more about the feature-rich Juniper MX Series of routers.

Actually, “handbook” is a bit of a misnomer. It takes two hands to comfortably handle this hefty, comprehensive, 864-page guide.

The two authors, both network engineers themselves, note that the Juniper MX Series is “[o]ne of the most popular routers in the enterprise and service provider market….”

They add: “The Juniper MX was designed to be a network virtualization beast. You can virtualize the physical interfaces, logical interfaces, data plane, network services, and even have virtualized services span several Juniper MX routers. What traditionally was done with an entire army of routers can now be consolidated and virtualized into a single Juniper MX router.”

The book’s chapters are:

  • 1.      Juniper MX Architecture
  • 2.      Bridging, VLAN Mapping, IRB, and Virtual Switches
  • 3.      Stateless Filters, Hierarchical Policing, and Tri-Color Marking
  • 4.      Routing Engine Protection and DDOS Prevention
  • 5.      Trio Class of Service
  • 6.      MX Virtual Chassis
  • 7.      Trio Inline Services
  • 8.      Multi-Chassis Link Aggregation
  • 9.      Junos High Availability on MX Routers

The chapters, organized by feature sets, include review questions (with answers conveniently located nearby), so you can track your learning progress.

The authors have extensive experience with the Juniper MX router series. Douglas Richard Hanks Jr., is a data center architect with Juniper Networks. Harry Reynolds has more than 30 years’ experience in networking, with a focus on LANs and LAN interconnection.

Si Dunn

For more information: (paperbackKindle)

Understanding IPv6, 3rd Edition – Welcome to the new, improved & BIGGER Internet – #bookreview #microsoft #windows

Understanding IPv6, 3rd Edition
Joseph Davies
(Microsoft Press, paperback, list price $49.99; Kindle edition, list price $39.99)

The Internet can now expand into a much bigger realm than was possible before the worldwide launch of IPv6 (Internet Protocol version 6) on June 6, 2012.

The web most of us use has long relied on IPv4, the circa-1981 Internet Protocol built around 32-bit addresses. This scheme can accommodate approximately 4.3 billion unique addresses worldwide. On a planet where (1) the population now has surpassed 7 billion and (2) many of us now have multiple devices connected to the Web, Internet Protocol version 4 recently has been in dire danger of running out of unique addresses.

IPv6 will fix that problem and offer several important new enhancements, as long as we don’t find ways to expand the Internet to parallel universes or to the people on a few trillion distant planets. IPv6 uses a 128-bit addressing scheme that can accommodate more than 340 trillion trillion trillion unique addresses. So go ahead. Get online with that second iPad, third smart phone or fourth laptop.

IPv4 and IPv6 are now running in a dual stack that supports both addressing schemes. The transition from IPv4 to IPv6 is not seamless, however. A lot of work remains to be done by major Internet service providers (ISPs), web companies, hardware manufacturers, network equipment providers and many others to enable IPv6 on their products and services.

Joseph Davies, author of Understanding IPv6, has been writing about IPv6 since 1999. His new 674-page third edition provides both a detailed overview of IPv6 and a detailed focus on how to implement it, within a limited range of Windows products.

“There are,” he notes, “different versions of the Microsoft IPv6 protocol for Windows….I have chosen to confine the discussion to the IPv6 implementation in Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista.”

This well-written and well-organized book is not for beginners. Its intended audience includes:

  • Windows networking consultants and planners
  • Microsoft Windows network administrators
  • Microsoft Certified Systems Engineers (MCSEs) and Microsoft Certified Trainers (MCTs)
  • General technical staff
  • Information technology students

Davies and Microsoft offer downloadable companion content for this book: Microsoft Network Monitor 3.4 (a network sniffer for capturing and viewing frames); and PowerPoint 2007 training slides that can be used along with the book to teach IPv6.

If you need a guide to best practices for using IPv6 in a Windows network, definitely consider getting Understanding IPv6, 3rd Edition.

Si Dunn

Here’s the book scaring me this Halloween: America the Vulnerable – #bookreview #data #security

Subtitled “Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare,” America the Vulnerable is written by Joel Brenner, former inspector general at the National Security Agency.

Brenner has recent experience at the highest levels in national intelligence, counterintelligence and data security. And he has studied firsthand many of the threats and attacks against our national, corporate and personal interests.

“During my tenure in government,” he writes, “I came to understand how steeply new technology has tipped the balance in favor of those–from freelance hackers to Russian mobsters to terrorists to states like China and Iran–who want to learn the secrets we keep, whether for national, corporate, or personal security.” He adds: “The truth I saw was brutal and intense: Electronic thieves are stripping us blind.”

Everything from Social Security numbers to technological secrets that cost billions to develop are being taken — stolen from military and corporate data networks and individual computers, possibly including yours.

His book will leave you wide-eyed and wondering who is surreptitiously poking around inside your computer right at this moment and what they are taking or “borrowing” for sinister purposes.

 Likely the Chinese and the Iranians and Russian mobsters and others, including hackers, are in there or have been there recently.

And Brenner explains how you may be unknowingly helping them find and transfer sensitive and vital information, even when you do something seemingly innocuous as plugging in a thumb drive to your laptop.

You won’t need to watch any monster movies to get scared this Halloween. Brenner’s book or its Kindle version can give you a very serious case of chills and frights. 

Si Dunn

Configuring Microsoft SharePoint 2010 – Self-Study Guide for MCTS exam 70-667 – #microsoft #bookreview

Configuring Microsoft SharePoint 2010
By Dan Holme and Alistair Matthews
(Microsoft Press, list price $69.99, paperback)

If one of your goals in life is to deploy and manage Microsoft SharePoint Server 2010 farms, here’s your book.

You definitely need it if you are already involved in configuring, customizing and supporting SharePoint and want to take the Microsoft Certified Technology Specialist (MCTS) exam 70-667.

This “2-in-1 Self-Paced Training Kit” follows the successful formula used in many other Microsoft certification test preparation guides.

First, you work through a series of lessons and reviews covering each objective in the exam. Then you apply what you have learned to some real-world case scenarios, and you do some practice exercises. Finally, you plug in the CD that accompanies the book and try your hand at the practice tests.

“You can work through hundreds of questions using multiple testing modes to meet your specific learning needs,” Microsoft promises.

In other words, the material is there if you’re willing to push yourself to learn it. And there is a lot to learn when you work with SharePoint.

One small example: one of the book’s “Best Practices” entries points out that “[y]ou might imagine that the best practice to scale out a farm is simply to add more servers and to continue adding all services to each server. In fact, in larger and more complex environments[,] performance is optimized by dedicating servers to specific tasks.” And the entry briefly explains why.

Another short example: the book describes how “[a]fter you complete your SharePoint installation and the SharePoint Products Configuration Wizard, you often run the Initial Farm Configuration Wizard.” But then it explains why you should not use this tool to configure My Sites, “because the resulting configuration is not considered secure.”

Indeed, the co-authors add, that combination can set up a situation where, conceivably, a My Site owner could use scripting attacks “to get Farm Administrator privileges.”

The book has 821 pages and is divided into 12 chapters:

  1. Creating a SharePoint 2010 Intranet
  2. Administering and Automating SharePoint
  3. Managing Web Applications
  4. Administering and Securing SharePoint Content
  5. Service Applications and the Managed Metadata Service
  6. Configuring User Profiles and Social Networking
  7. Administering SharePoint Search
  8. Implementing Enterprise Service Applications
  9. Deploying and Upgrading to SharePoint 2010
  10. Administering SharePoint Customization
  11. Implementing Business Continuity
  12. Monitoring and Optimizing SharePoint Performance

As an added inducement to buy the book, it includes a discount voucher good for 15 percent off the price of one Microsoft Certification exam.

Again, Configuring Microsoft SharePoint 2010 is not a book for SharePoint beginners.

 The co-authors note: “The MCTS exam and this book assume that you have at least one year of experience configuring SharePoint and related technologies, including Internet Information Services (IIS), Windows Server 2008, Active Directory, DNS, SQL Server, and networking infrastructure services.”

The writers recommend using virtual machines to do the training exercises in their book. And they assume you will “use virtualization software that supports snapshots, so that you can roll back to a previous state after performing an exercise.”

They also give information and limitations on using multiple virtual machines on a single host. And their book providess download links to evaluation versions of the software needed to do the exercises.

The book’s accompanying CD offers one other learning convenience: an e-book version of the hefty text.

Si Dunn

Two New Microsoft Books for Visual Basic & Visual Studio – #programming #bookreview

The two new books are Microsoft Visual Basic 2010 Developer’s Handbook by Klaus Löffelmann and Sarika Calla Purohoit ($59.99, paperback;  $47.99, Kindle ), and Coding Faster: Getting More Productive with Microsoft Visual Studio by Zain Naboulsi and Sara Ford (list price $39.95, paperback;  list price $31.99, Kindle) .

If you don’t yet have some background in object-oriented programming, you may not be ready to have either of these hefty, well-produced books. But if you are gearing up to develop or update programs in Visual Basic, you likely can benefit from both.

Why both? The reason is simple. “These days,” the co-authors of the Developer’s Handbook point out, “programming in Visual Basic means that you are very likely to spend 99.999 percent of your time in Microsoft Visual Studio. The rest of the time you probably spend searching for code files from other projects and binding them into your current project…”

The Developer’s Handbook is divided into six well-written parts and 28 chapters, with plenty of screenshots, code examples and programming tips.

The parts are:

  1. Beginning with Language and Tools
  2. Object-Oriented Programming
  3. Programming with .NET Framework Data Structures
  4. Development Simplifications in Visual Basic 2010
  5. Language-Integrated Query—LINQ
  6. Parallelizing Applications (programming with the Task Parallel Library, TPL)

Most of the chapters have exercises where you can “interactively try out new material learned in the main text.” All of the code samples can be downloaded from two sites described in the book.

Meanwhile, the main goal of Coding Faster: Getting More Productive with Microsoft Visual Studio is “to arm you with techniques that you can apply immediately to improve productivity,” the book’s co-authors state. “Use the content in this book anywhere, anytime, to dramatically reduce the time required to perform just about any task in Visual Studio.”

They note: “Within these pages are—for the first time ever—the keyboard mapping shortcuts, commands, and menu paths for features, along with detailed descriptions of how to use them.”

Coding Faster covers the 2005, 2008 and 2010 versions of Visual Studio. The 444-page book is divided into two major sections – “Productivity Techniques” and “Extensions for Visual Studio”—and eight chapters, all copiously illustrated with screenshots. The chapters are:

  1. Getting Started
  2. Projects and Items
  3. Getting to Know the Environment
  4. Working with Documents
  5. Finding Things
  6. Writing Code
  7. Debugging
  8. Visual Studio Extensions

Coding Faster is a “fully revised and expanded version” of a previous guidebook: Visual Studio Tips: 251 Ways to Improve Your Productivity, and the new book (more than 365 tips) provides a link to an online appendix for additional tips.

If you have some programming experience but are new to developing or updating Visual Basic programs, Coding Faster could be a very handy guidebook for getting good at Visual Studio in a hurry.

Si Dunn

CoffeeScript: Accelerated JavaScript Development – #bookreview #programming

CoffeeScript: Accelerated JavaScript Development
By Trevor Burnham
(Pragmatic Bookshelf, $29.00, paperback)

JavaScript was thrown together in 10 days and “was never meant to be the most important programming language in the world,” says Trevor Burnham, a web developer and founder of DataBraid, a startup focused on “developing data analysis and visualization tools.”

Yet, JavaScript was “understood by all major browsers,” despite their numerous differences, and it quickly became the “lingua franca of the Web,” he says in his well-written new book.

JavaScript also became a headache for many programmers struggling to learn it well enough to provide support and develop new applications.

“JavaScript is vast…[and] offers many of the best features of functional languages while retaining the feel of an imperative language,” Burnham notes. “This subtle power is one of the reasons that JavaScript tends to confound newcomers: functions can be passed around as arguments and returned from other functions; objects can be passed around as arguments and returned from other functions; objects can have new methods added at any time; in short, functions are first-class objects.”

Unfortunately, “JavaScript doesn’t have a standard interpreter,” he adds. “Instead, hundreds of browsers and server-side frameworks run JavaScript in their own way. Debugging cross-platform inconsistencies is a huge pain.”

Enter CoffeeScript, first released on Christmas Day, 2009 as “JavaScript’s less ostentatious kid brother.”

Coding in CoffeeScript requires fewer characters and fewer lines. And “the compiler tries its best to generate JavaScript Lint-compliant output, which is a great filter for common human errors and nonstandard idioms,” Burnham writes.

Another benefit: “CoffeeScript code and JavaScript code can interact freely,” he notes.

His book, aimed at CoffeeScript newcomers, assumes you have at least a little knowledge of JavaScript. But you don’t have to be a JavaScript Ninja, he assures.

He starts at the classic “Hello, world” level of CoffeeScript, including installing the CoffeeScript compiler, deciding which text editors are best, and learning how to write and debug simple CoffeeScript code.

From there, he moves quickly into showing you how to put CoffeeScript to work and develop a simple multiplayer game.

There are several different ways to run CoffeeScript, and there are different requirements, depending on whether your machine is Mac, Windows or Linux. Burnham describes these in his text and in an appendix, and he gives links to more information.

He also shows how to use a browser-based compiler for developing his book’s example application. But he does not recommend using the browser-based compiler for production work.

His book has six chapters and four appendices:

  • Chapter 1 – Getting Started
  • Chapter 2 – Functions, Scope, and Context
  • Chapter 3 – Collections and Iteration
  • Chapter 4 – Modules and Classes
  • Chapter 5 – Web Interactivity with jQuery
  • Chapter 6 – Server-Side Apps with Node.js
  • A1 – Answers to Exercises
  • A2 - Ways of Running CoffeeScript
  • A3 – Cheat Sheet for JavaScripters
  • A4 – Bibliography

CoffeeScript: Accelerated JavaScript Development offers a focused blend of examples and exercises to help speed up basic competency with CoffeeScript. In learning how to build the multiplayer game application, you use CoffeeScript to write both the client (with jQuery) and the server (with Node.js).

Since CoffeeScript and JavaScript are intertwined, you also can gain a better understanding of JavaScript by learning to code in CoffeeScript, ” Burnham promises.

In a foreword to the book, CoffeeScript’s creator, Jeremy Ashkenas, hails Burnham’s work as “a gentle introduction to CoffeeScript led by an expert guide.”

It lives up to that good billing, with many short code examples and many short tutorials and exercises that can lead quickly to building both a working app and a working understanding of CoffeeScript.

Si Dunn

Privacy and Big Data – #bookreview #nonfiction

Privacy and Big Data
By Terence Craig and Mary E. Ludloff
(O’Reilly Media, $19.99, paperback; $16.99, Kindle)

Worried about the safety of your personal data?

That genie, unfortunately is long out of the bottle—and very likely spread all over the planet now.

In Privacy and Big Data, authors Terence Craig and Mary E. Ludloff provide an eye-opening examination of “how the digital footprints we leave in our daily lives can be easily mashed up and, through expertise and technology, deliver startling accurate pictures of our behavior as well as increasingly accurate predictions of our future actions.”

Those digital pictures of who we are, who we vote for, what we buy and where we go can be worth a great deal of money and/or power to those who collect them. Indeed, they constitute “big data” and can be worth much more than gold, Craig and Ludloff contend.

“Far more is known today about us as individuals than ever before. How organizations, businesses, and government agencies use this information to track and predict our behavior is becoming one of the fundamental issues of the 21st century,” they state.

Privacy and Big Data is not a lengthy book, just 106 pages. Yet it packs plenty of punch in the form of useful, unsettling and sometimes surprising information, as well as thought-provoking examples, discussions and questions. The two writers – “executives from a growing startup in the big data and analytics industry” – draw upon extensive experience “deal[ing] with the issues of privacy every day as we support industries like financial services, retail, health care, and social media.”

Their well-written work is organized into five chapters and an appendix. Each chapter, meanwhile, has its own bibliography with links to additional materials and information.

Chapter 1, “The Perfect Storm,” looks at what has happened to privacy in the digital age and how we got to this point, starting with ARPANET (the “(Advanced Research Projects Agency Network”) in 1969, which later gave rise to the Internet. In the authors’ view: “There is a perfect storm brewing; a storm fueled by innovations that have altered how we talk and communicate with each other. Who could have predicted 20 years ago that the Internet would have an all-encompassing effect on our lives? Outside of sleeping, we are connected to the Web 24/7, using our laptops, phones, or iPads to check our email, read our favorite blogs, look for restaurants and jobs, read our friends’ Facebook walls, buy books, transfer money, get directions, tweet and foursquare our locations, and organize protests against dictatorships from anywhere in the world. Welcome to the digital age.”

Chapter 2, “The Right to Privacy in the Digital Age,” focuses on “what privacy encompasses, how our privacy norms have been shaped in the U.S. and abroad, the tension between privacy and other freedoms (or lack thereof), and how, for those of us who fully participate in all the digital age has to offer, it may very well be the end of privacy as we know it.”

Chapter 3, “The Regulators,” explores how the world has many geographical boundaries, from national borders down to city limits and even smaller demarcations, including individual agencies, departments and committees. Businesses large and small also operate within specific structural boundaries. Yet the Internet, the authors point out, recognizes no such limits. they examine “how…countries regulate the collection, use, and protection of their citizen’s personal information,” amid countless competing governmental and business agendas.

In Chapter 4, “The Players,” the authors warn: “Wherever you go, whatever you do, anywhere in this world, some ‘thing’ is tracking you. Your laptop, and other personal devices, like an iPad, Smartphone, or Blackberry, all play a role, and contribute to building a very detailed dossier of your likes, concerns, preferred airlines, favorite vacation spots, how much money you spend, political affiliations, who you’re friends with, the magazines you subscribe to, the make and model of the car you drive, the kinds of foods you buy, the list goes on.” The writers identify four broad categories of data grabbers and note that “while the[se] players are playing, consumer privacy continues to erode.” They discuss some specific things you can do to try to reduce your exposure. But, they caution, “What happens on the Internet stays on the Internet forever.”

Finally, in Chapter 5, “Making Sense of It All,” the authors pose several challenging questions and offer their views on possible answers. The questions include: “In the digital world we now inhabit, is privacy outmoded or even possible? Should we just get over it and move on? Should we embrace transparency and its many benefits and disadvantages? And if we do, or have it forced upon us, can we expect the same from our governments, our corporations, and powerful individuals? Will they be held to the same standard? If not, since information is power, what will our world look like?”

Two writers seldom agree on everything, and that is true in this book. In their Appendix titled “Afterword,” Craig and Ludloff state that they have tried to present a wide range of views on important questions, yet sometimes differ in their personal views regarding privacy and big data. They offer brief summaries of where they came from and how their viewpoints have been shaped by life events.

In a world where computers, phones, cars, cameras and many other household, work and public devices gather, store and disseminate data about us, this book can help readers think harder about what information — and freedoms — we may be giving up, willingly and unwittingly, in the name of convenience and connectivity.

Si Dunn

#

Many Features Great & Small: Two New Microsoft Windows 7 Books – #bookreview

Here’s the long and the short of it, and the big and the semi-little.

Microsoft Press recently has released two helpful new books focusing on the features of Windows 7. One book, a hardback, weighs nearly five pounds and has 1,323 pages. The other, a paperback that weighs nine ounces and has 194 pages, is supposed to fit in a pocket and does, if it’s a pocket in a big coat.

The books are: Windows 7 Inside Out Deluxe Edition by Ed Bott, Carl Siechert, and Craig Stinson (hardback, list price $59.99; Kindle, list price $47.99) and Optimizing Windows 7 Pocket Consultant by William R. Stanek (paperback, list price $24.99; Kindle, list price $19.99).

If you use Windows 7 in business or at home on an at least semi-serious basis, you may want to consider getting at least one of these books, maybe both. The same goes if you are studying to be a Windows expert or if you have just been saddled with the job of managing a bunch of computers running Windows 7 in a corporate or small-business setting. 

The big book is an excellent desk reference (as well as physical workout accessory), and the small one can be tossed into a laptop bag, briefcase or carry-on travel bag. The cover binding on the big book appears to be underpowered, so be prepared to handle this book with the same care you might give a big dictionary or encyclopedia intended for long-term use. (For the next edition, Microsoft Press may want to consider a tougher binding system for the book and cover.)

Windows 7 Inside Out Deluxe Edition is organized in six parts, 31 chapters and seven appendices. The parts are:

  • 1. Getting Started
  • 2. File Management
  • 3. Digital Media
  • 4. Security and Networking
  • 5. Tuning, Tweaking, and Troubleshooting
  • 6. Windows 7 and PC Hardware

The appendixes are:

  • A.  Windows 7 Editions at a Glance
  • B. Working with the Command Prompt
  • C. Fixes Included in Windows 7 Service Pack 1
  • D. Windows 7 Certifications
  • E. Some Useful Accessory Program

The goal for Windows 7 Inside Out Deluxe Edition is to provide “a well-rounded look at the features most people use in Windows.” As with most other works from Microsoft Press, this book has numerous illustrations, practical tips and how-to descriptions, and it offers a good index.

One Inside Out tip, for example, explains why Windows 7 won’t let you run more than one antivirus program but why you can run more than one anti-spyware package if you really feel you need to.

The book includes a CD that offers Windows PowerShell scripts, a handy (and infinitely lighter) eBook version of the hardback, and additional resources.  

MeanwhileOptimizing Windows 7 Pocket Consultant, also assumes that you have a little experience with Windows. It is aimed at users, information managers, administrators, help desk personnel “and others who support the operating system,” as well as application developers.

The book’s focus is centered on showing you how to tune and optimize Windows 7 for best performance in your setting and usage.

Optimizing Windows 7 Pocket Consultant has eight chapters, plus one appendix titled “Firmware Interface Options.” The chapters are:

  • 1. Customizing the Windows Interface
  • 2. Personalizing the Appearance of Windows 7
  • 3. Customizing Boot, Startup, and Power Options
  • 4. Organizing, Searching, and Indexing
  • 5. Optimizing Your Computer’s Software
  • 6. Tracking System Performance and Health
  • 7. Analyzing and Logging Performance
  • 8. Optimizing Performance Tips and Techniques

Stanek’s book delivers numerous helpful hints that range from making better use of your start menu to fine-tuning automatic updates, fine-tuning virtual memory and enhancing performance.

For example: “To reduce the performance impact related to reading and writing the system cache from virtual memory, you can configure your computer to uses Windows ReadyBoost.” That feature, Stanek notes, “lets you extend the disk-caching capabilities of the computer’s main memory to a USB flash device that has at least 256 MB of high-speed flash memory.”

Many new Windows 7 users — and many experienced ones, as well — likely will rate these two books as “keepers” for their technical libraries. 

Si Dunn

#

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler – #bookreview

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
By Chris Eagle
(No Starch Press, $69.95, paperback; $55.95, Kindle)

The popular interactive disassembler IDA Pro helps reverse engineers, malware analysts, vulnerability testers and others dissect computer programs when source code is not available.

Unfortunately, IDA Pro is updated so frequently, it’s impossible for writers to keep up and present complete guides to this “complex piece of software with more features than can even be mentioned, let alone detailed in a book of reasonable size….”

Chris Eagle, author of The IDA Pro Book, adds in the introduction to this second edition that he was inspired to update his well-respected guidebook when “a new, Qt-based graphical user interface” was added to IDA Pro 6.0. Yet, true to form, before his new edition could hit the shelves, IDA Pro version 6.1 was released, he notes.

To his credit, his book does not try to be an up-to-the-dot-release user manual. Instead: “My goal…remains to help others get started with IDA and perhaps develop an interest in reverse engineering in general. For anyone looking to get into the reverse engineering field, I can’t stress how important it is that you develop competent programming skills. Ideally, you should love code, perhaps going to far as to eat, sleep, and breathe code. If programming intimidates you, then reverse engineering is probably not for you.”

This updated edition of The IDA Pro Book is well-organized, smoothly written, and nicely illustrated. Eagle avoids the use of long code sequences. He zeroes in, instead, on “short sequences that demonstrate specific points.”

His 646-page book is heavily indexed and is divided into six parts, with 26 chapters and two appendices.

In Part I, “Introduction to IDA,” the focus is on the whats, whys and hows of software disassembly, reversing and disassembly tools, and some background on IDA Pro.

Part II covers “Basic IDA Usage,” including getting started, IDA data displays, disassembly navigation and manipulation, datatypes and data structures, cross-references and graphing, and “the many faces of IDA,” which covers common features of console mode, plus console specifics for Windows, Linux and OS X.

Part III takes the reader into “Advanced IDA Usage.” These chapters examine IDA customization, library recognition using Fast Library Acquisition for Identification and Recognition (FLIRT) signatures, “augmenting IDA’s knowledge” and “patching binaries and other IDA limitations.”

Part IV is devoted to “Extending IDA’s Capabilities.” The topics covered include IDA scripting, the IDA software development kit, IDA’s plug-in architecture, binary files and IDA loader modules, and IDA processor modules.

Part V’s focus is “Real-World Applications.”The chapter subjects include: compiler “personalities”; “obfuscated” code analysis; vulnerability analysis; and real-world plug-ins for IDA.

In Part VI, Eagle looks at the IDA debugger. Chapter subjects include the debugger, disassemble/debugger integration, and additional debugger features.

Appendix A is an overview of IDA Freeware 5.0, “a significant upgrade” from the 4.9 release of the free version of IDA, yet still “a reduced capability application that typically lags behind the latest available version of IDA by several generations and contains substantially fewer capabilities than the commercial version of IDA version 5.0,” Eagle notes.

Appendix B provides a table that maps “IDC scripting functions to their SDK implementation. The intent of this table is to help programmers familiar with IDC understand how similar actions are carried out using SDK functions.”

IDA Pro software’s creator, Ilfak Guilfanov, has hailed this book as “profound, comprehensive, and accurate.” It’s hard to do much better than that with an “unofficial guide” to a powerful and complex software package.

 – Si Dunn

#