Site Security Handbook, RFC 2196, B. Fraser, ed.
http://www.ietf.org/rfc/rfc2196.txt
RFC 2196 is the IETF’s Site Security Handbook. Reading from the abstract:
“This handbook is a guide to developing security policies and procedures for sites that have systems on the Internet. The purpose of this handbook is to provide practical guidance to administrators trying to secure their information and services. The subjects covered include policy content and formation, a broad range of technical system and network security topics, and security incident response.”
Although the handbook might be old, that doesn’t mean it’s dated. There is some good practical advice contained within its pages, and it makes a good read as well as a good template for an organization that has yet to develop their own comprehensive network security policy.
Introduction to Security Policies, Four-Part Series, Charl van der Walt, SecurityFocus
http://www.securityfocus.com/infocus/1193
An entertaining, somewhat irreverent but always accurate executive-level summary of the need for network security policies and selling the idea to stakeholders.
Internet Denial of Service, Attack and Defense Mechanisms, ISBN 0-13-147573-8
This is an excellent everyman’s guide to network attack and defense mechanisms, focusing on DoS attacks. It is written in plain English, is technically competent, and is a good survey of the network security industry.
Router Security Strategies, Securing IP Network Traffic Planes, ISBN 978-1-58705-336-8
This is a technical read and not for the faint of heart. It is written by two authors who, both Cisco CCIEs, are acknowledged experts in the field of network security. The book is an in-depth survey of securing IOS routers and separating and securing the traffic planes that they service.
Hacking Exposed, 5th Edition, ISBN 978-0-07226-081-6
This book is considered by many to be the preeminent field guide for hackers, those who aspire to be hackers, and those who aspire to think like hackers. The book covers the breadth of essential hacker secrets and techniques, from explore to exploit.
Cisco Self-Defending Network
This is a study of Cisco’s recommendations for best-of-breed technology solutions for designing a self-defending network using a systems approach. There is a downloadable PDF available at http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns171/net_brochure0900aecd800efd71.pdf, which explains Cisco’s self-defending network philosophy.
Cisco Security Center
http://www.cisco.com/security/
Cisco’s launch pad for all things network security. There are links for technical resources, Cisco-recommended and validated security designs, as well as what Cisco calls “Early-warning intelligence, threat and vulnerability analysis, and proven Cisco mitigation solutions to help protect networks.”
Inside Internet Security, What Hackers Don’t Want You to Know, ISBN 0-201-67516-1
This is another good read that covers a large breadth of network security topics at a high-level, but somehow manages not to insult the reader’s intelligence.
The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, ISBN 978-0-38549-532-5
This book is an entertaining and engaging read on a fascinating topic. It puts the subject of cryptography in both historical and present-day context, while refusing to become a boring technical tome.
Handbook of Applied Cryptography, ISBN 0-8493-8523-7
This is a technical book that is very rewarding for those who want to have an authoritative read about the mathematics that are behind popular symmetric-key, asymmetric key, and other ciphers.
FIPS 197, Advanced Encryption Standard (AES)
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
The link is to a PDF that outlines the Rijndael encryption algorithm, which was approved by NIST (The National Institute of Standards and Technology) in November 2001.
The AES Homepage
http://csrc.nist.gov/archive/aes/index.html
This site includes a detailed explanation of the selection process and development effort for the Advanced Encryption Standard.
Understanding PKI: Concepts, Standards and Deployment Considerations, ISBN 978-0-67232-391-1
This book is a comprehensive introduction to PKI components, technology fundamentals, and ideas. It is an excellent, vendor-neutral explanation of the often-misunderstood field of scalable key management.