NMRC Amazon Associate

Purchase books from Amazon and earn NMRC money! Here is a selection of books we recommend.

DISCLAIMER NOTE: Yes, it is true that NMRC members often receive books for free for review (sometimes for inclusion on this page, sometimes for a quote for the cover from an NMRC member). The only compensation we receive for this is a free book, and whatever we make off of Amazon sales (which is next to nothing). We do not list every book we receive, because some suck, and we do not review a book unless we can read the entire thing before it goes to press (if they are expecting a quote for the cover). We also list books that are just plain good or are important for historical reasons.


Basic to advanced reading on securing your systems. If anyone knows of Netware books we can recommend, we'd love to hear about them. Most suck. In the meantime, use the Hacking Exposed book below as its Netware chapter is excellent.

The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick, William L. Simon

Excellent book! NMRC recommends every person responsible for security at any organization read this book. Social engineering -- lying to a person to get information -- is at once considered beneath a hacker's skills and often beyond it. Many hackers shun it because it isn't 'technical', yet all of us will use it if we really want that information.

Hacking Exposed: Network Security Secrets and Solutions 3rd Edition by Stuart McClure, Joel Scambray, George Kurtz

Learn what the hackers know. See your systems how the intruder sees your systems. This excellent book has been reviewed by numerous security researchers. NMRC recommended and approved. Covers all major distributed platforms and Internet technologies. Check out the official web site at hackingexposed.com. The 3rd edition is updated and includes a lot of new information.

Hacking Linux Exposed by Brian Hatch, James B. Lee, George Kurtz

This excellent book has been reviewed by numerous security researchers. NMRC recommended and approved. This is an absolute great box for attacker and defender of Linux systems.

Hacking Windows 2000 Exposed by Joel Scambray, Stuart McClure

More from the popular Hacking Exposed series, this one is for Windows 2000. Another excellent book. Recommended for those forced to live in the Windows world.

Hacker's Challenge by Mike Schiffman

Great book from Mike Schiffman. It includes 20 case studies of security incidents, which you can try to solve yourself, or just turn to the answer and study how the solutions were made. Highly recommended.

Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community by The Honeynet Project

Interesting book put out by The Honeynet Project which covers what the project does and what they have encountered while setting up traps for attackers.

Honeypots: Tracking Hackers by Lance Spitzner

Excellent new book by the guy that got the Honeynet Project going. Covers the various available honeypots, their strengths and weaknesses, and how they will look and react to a real attack.

Hack Proofing Your Network: Internet Tradecraft by Syngress Media (Editor), Ryan Russell, Stace Cunningham

Numerous security professionals and hackers contributed to this interesting book about securing your system before putting it online. Highly recommended.

Network Intrusion Detection: An Analysis Handbook by Stephen Northcutt

Intrusion detection by one of the leading experts in the field.

Practical Unix & Internet Security by Simson Garfinkel, Gene Spafford

This is THE classic for Unix security. If you are responsible for several different platforms of Unix as well as their security, this is the book to have.

Computer Crime: A Crimefighter's Handbook by David J. Icove, David, Seger, Karl Icove, Vonstorch, Karl Seger (Contributor), William Vonstorch (Contributor)

This book covers computer crimes, the criminals, and laws and profiles the computer criminal. It outlines the risks to computer systems and personnel, operational, physical, and communications measures that can be taken to prevent computer crimes.

Firewalls and Internet Security: Repelling the Wily Hacker by William R. Cheswick, Steven M. Bellovin

Somewhat dated, this is still a good book that covers the basics. The war stories are particularly interesting.

Internet Security With Windows NT by Mark Joseph Edwards

There are not a look of good books on NT, but any book by NT security expert Mark Edwards is going to be good. Highly recommended.

Protecting Networks With Satan by Martin Freiss, Robert Bach (Translator)

Every time someone asks NMRC how to run Satan, we recommend this book.

Internet Firewalls and Network Security by Karanjit, Ph.D. Siyan, Chris Hare

Decent book covering the basics of firewalls, and a few security background tidbits. Geared toward newbies to firewalls and security.

Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network by Anonymous

When we made contact with the author of this book we told him how much it sucked. Since we were promised we'd be added into the 2nd edition, we thought we'd list it. However, we aren't in the book at all! Why is it listed here? For historical reference. Good for a newbie, we guess.

Maximum Linux Security: A Hacker's Guide to Protecting Your Linux Server and Network by Anonymous

From the same Anonymous who brought you the previous book we just dissed. It is getting better reviews. We recommend Hacking Exposed first. But if you are really into Linux this book might be somewhat interesting.



What about good books on administration? Here are a few.

UNIX Power Tools by Tim O'Reilly, Mike Loukides (Contributor), Jerry Peek (Contributor)

A great book. An absolute classic, must have for the busy admin who needs tools to help him/her do the job.

DNS and BIND by Paul Albitz, Cricket Liu

The classic O'Reilly book on DNS and BIND. If you run a name server and don't have this book, you probably set it up wrong or ineffecient.

Essential System Administration: Help for Unix System Administrators by AEleen Frisch

Another classic for those who must manage multiple Unix platforms.

TCP/IP Illustrated, Volume 1: The Protocols by W. Richard Stevens

The classic TCP/IP book. Details how and why.

TCP/IP Illustrated, Volume 2: The Implementation by W. Richard Stevens

Also a classic. Includes source code.


Coding, Etc.

Thinking about programming? Here are a few good books.

The C Programming Language by Brian W. Kernighan, Dennis M. Ritchie

The classic C book. Get this if you are wanting to learn C from the developers of C. A small (274 pages) but complete look at ANSI standard C language programming.

UNIX Network Programming, Volume 1: Networking APIs - Sockets and XTI by W. Richard Stevens

Excellent reference for the network programmer.

UNIX Network Programming, Volume 2: Interprocess Communications by W. Richard Stevens

Excellent reference for the network programmer.



Secrets and Lies: Digital Security in a Networked World by Bruce Schneier

An excellent book on general security. This is highly recommended reading. The full spectrum of computer security is covered, as well as relevant physical security and other related issues. Reads like a spy novel - many security professionals might be able to guess the plot, but it is still excellent reading.

Applied Cryptography by Bruce Schneier

THE book on cryptography by leading crypto expert Bruce Schneier. Accept no substitutes -- this explains all.

Applied Cryptography by Bruce Schneier

Same as above but in hardcover.

Cryptography: Theory and Practice (Discrete Mathematics and Its Applications) by Douglas R. Stinson

The math behind the crypto. Excellent book, although it requires you to be math literate.

The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet by David A. Kahn

A crypto classic, (fairly) recently revised to reflect modern crypto trends.

The Twofish Encryption Algorithm: A 128-Bit Block Cipher by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Niels Ferguson

Twofish is one of the algorithms being considered by NIST as a replacement for DES. Twofish is a fast and easy-to-implement algorithm. This book covers everything from design to performance to tips on implementation. Includes the complete source code in C.

The Electronic Privacy Papers: Documents on the Battle for Privacy in the Age of Surveillance by Bruce Schneier (Editor), David Banisar (Contributor)

Scary. Imagine reading the Pentagon Papers with running commentary. Excellent book.

PGP: Pretty Good Privacy by Simson Garfinkel

Whenever someone has problems trying to figure out PGP, NMRC points them to this book.


Hacker Culture

The New Hacker's Dictionary by Eric S. Raymond

This is the "hardcopy" version of The Jargon File. Learn all about the computer and coder references hackers use. Filled with lots of useful and useless material for hours of fun.

Hackers: Heroes of the Computer Revolution by Steven Levy

This book covers the Home Brew Computer Club, early MIT days, and the beings of where we are today. An older book, but an excellent read.

The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Clifford Stoll

Learn how an accounting error of a few pennies turned into an international hunt for intruders attacking our government and military computers. Quite an exciting read.

Masters of Deception: The Gang That Ruled Cyberspace by Michele Slatalla, Joshua Quittner (Contributor)

This book as a lot of inaccuracies, but is still interesting. Listed here for historical purposes. The main lesson the authors convey is that there is little difference between street gangs and hacker gangs, and everyone gets caught.

Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It by Tsutomu Shimomura, John Markoff

What happens when a computer researcher and a reporter-computer-researcher-wannabe write a book about catching Kevin Mitnick? It is a very dry read, and very bias. The fact that we learn every meal consumed during the pursuit by Shimomura tells you how much human interest the book has. However, Shimo knows his stuff, and the technical elements will still appeal to any hacker. If you get this book, get The Fugitive Game to balance things out.

The Fugitive Game: Online With Kevin Mitnick by Jonathan Littman

This book is a little more interesting than Takedown . Even though he has a dark streak, we see the human side of Kevin Mitnick. The book is quite entertaining, as Littman never allows himself to get too carried away by Mitnick's powers and charms. Mitnick's comments are fascinating, and Littman's observations help keep things grounded in reality. Highly recommended.

Neuromancer by William Gibson

Before cyberspace was William Gibson. Read the book that predated so many thingswe now take for granted.