TaoSecurity

Future Books

Please note there is no guarantee that "concept only" books will ever be published.

Role: Author, with several contributors
Publisher: Addison-Wesley; November 2005, ISBN 0321349962
Availability: BestBookBuys.com listing; Amazon.com sells it.
Reviews and Citations: Amazon.com, Unix Review, Windows IT Library, USENIX Login (.pdf)
Subject: Extrusion Detection helps security architects and engineers control and instrument their networks, and helps analysts investigate security events. Extrusion Detection is a sequel to my first book. Readers will learn theory, techniques, and tools to implement network security monitoring (NSM) for internal intrusions. This book believes that a defensible network can be built and operated only if the people, products, and processes enable pervasive network awareness.
Excerpts: Foreword by Marcus Ranum; Chapter 4 ("Enterprise Network Instrumentation") and chapter 3 ("Extrusion Detection Illustrated"), all in .pdf format
Errata: here
Downloads: none yet
Miscellaneous: not applicable

Role: Co-author, with Keith Jones and Curtis Rose
Publisher: Addison-Wesley; October 2005, ISBN 0321240693
Availability: BestBookBuys.com listing; Amazon.com sells it.
Reviews and Citations: Amazon.com, IEEE Cipher, Unix Review, Information Security
Subject: Real Digital Forensics is a hands-on guide to digital forensics. We provide host-, network-, and memory-based evidence on a DVD for readers to analyze, and then explain how to extract information from that evidence.
Excerpts: Chapter 1: Windows Live Response (.pdf)
Errata: here
Downloads: none yet
Miscellaneous: The book Web site is www.realdigitalforensics.com

Role: Author
Publisher: Addison-Wesley; July 2004, ISBN 0321246772
Availability: BestBookBuys.com listing; Amazon.com sells it.
Reviews and Citations: Amazon.com, BN.com, Slashdot, Computerworld,LinuxSecurity.com, IEEE Cipher, USENIX Login (.pdf), Information Security, SANS ISC, Dru Lavigne, BMonday.com, (IN)SECURE magazine (.pdf), Firewall.cx, ACM Reviews.com.
Subject: My first solo book, The Tao of NSM is a comprehensive overview of the products, people, and processes needed to implement network security monitoring.
Excerpts: foreword; Chapters 2 and 10 ("What is NSM?" and "Alert Data: NSM Using Sguil"), chapter 11 ("Best Practices"), and chapter 18 ("Tactics for Attacking NSM"), all in .pdf format; preface; a huge amount of the book is available at O'Reilly's Safari Bookshelf and chapter 10 is browsable at Informit.com
Errata: here -- note the fixed references to figures in Appendix A for the TCP sequence number discussion
Downloads: The traffic captures referenced in chapter 4 are available here. They are in .tar.gz format (Windows users can use WinZip or 7-Zip to access them) and about 2 MB prior to extraction. The papers discussed in Appendix B are available here (17 MB).

Role: Contributor, chapter 8 ("Collecting Network-Based Evidence") and chapter 14 ("Analyzing Network Traffic")
Publisher: McGraw-Hill/Osborne, July 2003
Availability: BestBookBuys.com listing
Subject: Incident Response is the best IR book available. I contributed material to chapters 8 and 14, although Kevin modified them to suit his needs.
Excerpts: table of contents (.pdf)
Errata: none listed
Downloads: report templates
Miscellaneous: not applicable

Role: Contributor, "Case Study: Network Security Monitoring"
Publisher: McGraw-Hill/Osborne, February 2003
Availability: BestBookBuys.com listing
Subject: Hacking Exposed put Foundstone on the map. This book featured the first formal publication of the term "network security monitoring" as defined by the NSM community.
Excerpts: table of contents and chapter 3 ("Enumeration"), (.pdf)
Errata: available
Downloads: see HackingExposed.com
Miscellaneous: Foundstone's classes are taught by some of the book's authors. I created some of the material in Foundstone's Incident Response and Ultimate Hacking: Expert classes while working there as a consultant.