Pete Finnigan's Oracle Security Weblog

I was killing half an hour this afternoon whilst I waited to meet with a potential client in Manchester so I dropped into Waterstones and was browsing the computer books as usual. I found an excellent little book whilst there called "Hack Notes - Network Security - Portable Reference" by Mike Horton and Clinton Mugge that I have since found is part of a series of "hack books". There are others in the series that cover Unix and Linux, Windows and web security. These are based on the hacking exposed series of books and have a strong Foundstone input (from the authors, reviewers etc).

The book is short, thin but packs a massive punch. It covers everything about security and hacking you would want to know and seems (from skimming it) to do so quite comprehensively. This is difficult to achieve in a short book. There are some good reviews on Amazon.com, here is a quote from one by Anton Chuvakin

"Now, let me disclaim that I am not a big fan of thin books claiming to be "comprehensive". In fact, I was deeply suspicious while getting this "Hacknotes" thing. Was I up for a pleasant surprise!! This book does deliver what it promises. It walks a fine line of being both wide and deep, which I am still amazed about. From risk assessment methodologies to "find / -perm 0400" in just 200 pages is no small feat."

The book looks extremely useful as a hacking exam cram book - no exam needed!. Whilst it doesn't mention Oracle - from my skimming of it, it is certainly a book that a good DBA who is interested in security should consider for getting a good grounding in the security hardening / hacking techniques used.

A very useful book.