Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle VP database and server technology in Germany talks about Oracle patch schedules"] [Next entry: "Interesting discussion on DBMS_SUPPORT versions"]

Hack notes books

I was killing half an hour this afternoon whilst I waited to meet with a potential client in Manchester so I dropped into Waterstones and was browsing the computer books as usual. I found an excellent little book whilst there called "Hack Notes - Network Security - Portable Reference" by Mike Horton and Clinton Mugge that I have since found is part of a series of "hack books". There are others in the series that cover Unix and Linux, Windows and web security. These are based on the hacking exposed series of books and have a strong Foundstone input (from the authors, reviewers etc).

The book is short, thin but packs a massive punch. It covers everything about security and hacking you would want to know and seems (from skimming it) to do so quite comprehensively. This is difficult to achieve in a short book. There are some good reviews on, here is a quote from one by Anton Chuvakin

"Now, let me disclaim that I am not a big fan of thin books claiming to be "comprehensive". In fact, I was deeply suspicious while getting this "Hacknotes" thing. Was I up for a pleasant surprise!! This book does deliver what it promises. It walks a fine line of being both wide and deep, which I am still amazed about. From risk assessment methodologies to "find / -perm 0400" in just 200 pages is no small feat."

The book looks extremely useful as a hacking exam cram book - no exam needed!. Whilst it doesn't mention Oracle - from my skimming of it, it is certainly a book that a good DBA who is interested in security should consider for getting a good grounding in the security hardening / hacking techniques used.

A very useful book.