Publications
Interviews
Talks & Presentations
Curriculum Vitae
Open Source Projects
PGP Key
Favorite (IT-)Books
Legal Research Toolbox
Network Security Toolbox
Favorite Movie Quotes
New York, NY


Favorite (IT-)Books


Sections

 - General IT & Information Security (18)
 - Information Security Management (14)
 - Incident Response, Intrusion Detection & Forensics (6)
 - Cryptography (1)
 - Network Administration (4)
 - Linux/UNIX System Administration (17)
 - Windows System Administration (1)
 - Programming/Software Development (9)
 - Data Modeling & Databases (4)
 - Legal (11)
 - Economics of IT & Information Security (7)
 - IT, Security, Privacy & Society (22)
 - IT & National Security (2)
 - IT Security Culture (2)



General IT & Information Security

Practical Unix & Internet Security, 3rd Edition
by Gene Spafford, Simson Garfinkel, Alan Schwartz
Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition
by Ross J. Anderson
Building Internet Firewalls (2nd Edition)
by Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman
Secure Coding: Principles and Practices
by Mark G. Graff, Kenneth R. Van Wyk
Mastering FreeBSD and OpenBSD Security
by Yanek Korff, Paco Hope, Bruce Potter
Security Warrior
by Cyrus Peikari, Anton Chuvakin
Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPNs), Routers, and Intrusion Detection Systems
by Stephen Northcutt, Lenny Zeltser, Scott Winters, Karen Fredrick, Ronald W. Ritchey
CISSP (Certified Information Systems Security Professional) All-in-One Exam Guide, 3rd Edition
by Shon Harris
Official (ISC)2 Guide to the SSCP CBK
by Diana-Lynn Contesti, Douglas Andre, Eric Waxvik, Paul A. Henry, Bonnie A. Goins

Note: do not read this book without having read the Shon Harris book (see above)
Buffer Overflow Attacks
by James C. Foster, Vitaly Osipov, Nish Bhalla
Botnets: The Killer Web Applications
by Craig Schiller, Jim Binkley
Linux Firewalls
von Andreas G. Lessig
Als Latex Version: O'Reilly Open Book.
Das Firewall Buch
von Wolfgang Barth
Essential PHP Security
by Chris Shiflett
Secrets and Lies: Digital Security in a Networked World
by Bruce Schneier

The Art of Deception: Controlling the Human Element of Security
by Kevin D. Mitnick, William L. Simon, Steve Wozniak

Make sure you read the original first chapter
and about the rumors surrounding it.
You might also be interested in Mitnick's testimony before the U.S. Congress.
The Myths of Security: What the Computer Security Industry Doesn't Want You to Know
by John Viega

Hacking: The Next Generation
by Nitesh Dhanjani, Billy Rios, and Brett Hardin



Information Security Management

Information Security Management Handbook, Sixth Edition
by Harold F. Tipton, Micki Krause

Note: OK, this 3280-pager, I have to admit, is the only
book in this list, I have not (yet) read cover to cover :-)
The Security Risk Assessment Handbook
by Douglas J. Landoll
The New School of Information Security
by Adam Shostack, Andrew Stewart
Security Metrics: Replacing Fear, Uncertainty, and Doubt
by Andrew Jaquith
The Failure of Risk Management: Why It's Broken and How to Fix It
by Douglas W. Hubbard
How to Measure Anything: Finding the Value of Intangibles in Business
by Douglas W. Hubbard
The Flaw of Averages: Why We Underestimate Risk in the Face of Uncertainty
by Sam L. Savage
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI
by Debra S. Herrmann
Assessing and Managing Security Risk in IT Systems: A Structured Methodology
by John McCumber
Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management
by Thomas R. Peltier
Information Security Risk Analysis, Second Edition
by Thomas R. Peltier
Network Security Assessment
by Chris McNab
Writing Information Security Policies
by Scott Barman
The Black Swan: The Impact of the Highly Improbable
by Nassim Nicholas Taleb


Incident Response, Intrusion Detection & Forensics

Incident Response: A Strategic Guide to Handling System and Network Security Breaches
by Eugene Schultz and Russell Shumway
Network Intrusion Detection (3rd Edition)
by Stephen Northcutt, Judy Novak
Intrusion Signatures and Analysis
by Mark Cooper, Stephen Northcutt, Matt Fearnow, Karen Frederick
Forensic Discovery
by Dan Farmer, Wietse Venema

Freely available at http://www.porcupine.org/forensics/forensic-discovery/.
Managing Security with Snort and IDS Tools
by Christopher Gerg, Kerry J. Cox
Rootkits: Subverting the Windows Kernel
by Greg Hoglund, Jamie Butler


Cryptography

Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition
by Bruce Schneier


Network Administration

TCP/IP Illustrated, Volume 1
by W. Richard Stevens
IP Routing
by Ravi Malhotra
Linux Network Administrator's Guide (2nd Edition)
by Olaf Kirch, Terry Dawson
In PDF, HTML or other formats: The Linux Documentation Project.
In Deutscher Sprache als O'Reilly Open Book.
Switching to VoIP
by Theodore Wallingford


Linux/UNIX System Administration

qmail
by John R. Levine
Postfix: The Definitive Guide
by Kyle D. Dent
SpamAssassin
by Alan Schwartz
LDAP System Administration
by Gerald Carter
SSH, The Secure Shell: The Definitive Guide
by Daniel J. Barrett, Richard Silverman
DNS and BIND, Fourth Edition
by Cricket Liu, Paul Albitz
UNIX Backup and Recovery
by W. Curtis Preston
Essential System Administration, Third Edition
by AEleen Frisch
The Complete FreeBSD, 4th Edition
Freely available at http://www.lemis.com/grog/Documentation/CFBSD/.
Solaris 10 Advanced User's Guide
Freely available at http://docs.sun.com/app/docs/prod/solaris.10.
Solaris 10 System Administration Guide: Basic Administration
Freely available at http://docs.sun.com/app/docs/prod/solaris.10.
Running Linux, Fourth Edition
by Matt Welsh, Lar Kaufman, Matthias Kalle Dalheimer, Terry Dawson
In Deutscher Sprache in der 3. Auflage als O'Reilly Open Book.
Linux System Administration, Second Edition (Craig Hunt Linux Library)
by Vicki Stanfield, Roderick W. Smith
Learning the vi Editor (6th Edition)
by Arnold Robbins, Linda Lamb
Learning the bash Shell, 2nd Edition
by Bill Rosenblatt, Cameron Newham
Learning Perl, Fourth Edition
by Randal Schwartz, Tom Phoenix, Brian Foy
Learning the UNIX Operating System, Fifth Edition
by Jerry Peek, Grace Todino-Gonguet, John Strang


Windows System Administration

Microsoft Windows 2000 Server Administrator's Companion, Second Edition
by Charlie Russel, Sharon Crawford, Jason Gerend


Programming/Software Development

Beginning Java 2
by Ivor Horton
Thinking in Java (3rd Edition)
by Bruce Eckel
This book is available for download at mindview.net.
personal note: that's how I learned programming and understoode the OO concept - it's my bible!
JavaServer Pages, 3rd Edition
by Hans Bergsten
Web Application Development with PHP 4.0 (with CD-ROM)
by Tobias Ratschiller, Till Gerken

Note: this one is really outdated by now
JavaScript: The Definitive Guide
by David Flanagan
Ajax in Action
by Dave Crane, Eric Pascarello, Darren James
Open Source Development with CVS, 3rd Edition
by Moshe Bar, Karl Fogel
In PDF, HTML or other formats (also in German): cvsbook.red-bean.com.
The C Programming Language, 2nd Edition
by Brian W. Kernighan, Dennis Ritchie, Dennis M. Ritchie
Professional Assembly Language
by Richard Blum


Data Modeling & Databases

Data Modeling Essentials, Third Edition
by Graeme Simsion, Graham Witt
MySQL, Second Edition
by Paul DuBois
Oracle9i: The Complete Reference
by Kevin Loney, George Koch, Tusc
Oracle9i PL/SQL Programming
by Scott Urman


Legal

This section only lists books that are also appropriate for laypersons.


U.S. Data Breach Notification Law: State by State
by John P. Hutchins et al.
A Guide to HIPAA Security and the Law
by Stephen S. Wu (Editor)
Critical Information Infrastructure Protection and the Law: An Overview of Key Issues
by Stewart D. Personick & Cynthia A. Patterson (Editors)
Information Security Law: The Emerging Standard for Corporate Compliance
by Thomas J. Smedinghoff
FISMA Certification & Accreditation Handbook
by Laura Taylor
Sarbanes-Oxley Guide for Finance and Information Technology Professionals
by Sanjay Anand
GigaLaw Guide to Internet Law
by Doug Isenberg

Great introduction to US Internet law - from intellectual property rights to the First Amendment!
Digital Copyright
by Jessica Litman
Open Source Licensing: Software Freedom and Intellectual Property Law
by Lawrence Rosen
A Practical Guide to Software Licensing for Licensees and Licensors
by H. Ward Classen
Breaking the Vicious Circle: Toward Effective Risk Regulation
von Stephen Breyer


Economics of IT & Information Security

Information Rules: A Strategic Guide to the Network Economy
by Carl Shapiro and Hal R. Varian
The Economic Structure of Intellectual Property Law
by William M. Landes and Richard A. Posner
The Economics of Information Technology: An Introduction
by Hal R. Varian, Joseph Farrell, and Carl Shapiro
Geekonomics: The Real Cost of Insecure Software
by David Rice
Managing Information Risk and the Economics of Security
by M. Eric Johnson
Economics of Information Security
by L. Jean Camp and Stephen Lewis (editors)
The Law and Economics of Cybersecurity
by Mark F. Grady and Francesco Parisi


IT, Security, Privacy & Society

Schneier on Security
by Bruce Schneier

Beyond Fear
by Bruce Schneier

Nothing to Hide: The False Tradeoff between Privacy and Security
by Daniel J. Solove
The Digital Person: Technology and Privacy in the Information Age
by Daniel J. Solove
Understanding Privacy
by Daniel J. Solove
Privacy in Context: Technology, Policy, and the Integrity of Social Life
by Helen Fay Nissenbaum
Legislating Privacy: Technology, Social Values, and Public Policy
by Priscilla M. Regan
Database Nation: The Death of Privacy in the 21st Century
by Simson Garfinkel
Das Ende der Privatsphäre
by Peter Schaar

Full Disclosure: The Perils and Promise of Transparency
by Archon Fung, Mary Graham, and David Weil

The Wealth of Networks: How Social Production Transforms Markets and Freedom
by Yochai Benkler

Internet Architecture and Innovation
by Barbara Van Schewick

Code: And Other Laws of Cyberspace, Version 2.0
by Lawrence Lessig
Free Culture: The Nature and Future of Creativity
by Lawrence Lessig
The Future of Ideas: The Fate of the Commons in a Connected World
by Lawrence Lessig
Remix: Making Art and Commerce Thrive in the Hybrid Economy
by Lawrence Lessig
Here Comes Everybody: The Power of Organizing Without Organizations
by Clay Shirky
Freedom of Expression: Resistance and Repression in the Age of Intellectual Property
by Kembrew McLeod
The Cathedral and the Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary
by Eric S. Raymond
Who Controls the Internet?: Illusions of a Borderless World
by Jack Goldsmith and Tim Wu
The Future of the Internet--And How to Stop It
by Jonathan Zittrain
Access Denied: The Practice and Policy of Global Internet Filtering
by Ronald J. Deibert, John G. Palfrey, Rafal Rohozinski, and Jonathan Zittrain


IT & National Security

Cyberpower and National Security
by Franklin D. Kramer, Stuart H. Starr, and Larry Wentz (Editors)
Cyber War: The Next Threat to National Security and What to Do About It
by Richard A. Clarke and Robert Knake


IT Security Culture

The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage
by Cliff Stoll
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
by Kevin D. Mitnick and William L. Simon