Arkin, S. S., B. A. Bohrer, D. L. Cuneo, J. P. Donohue, J. M. Kaplan, R. Kasanof, A. J. Levander, and S. Sherizen. Prevention and Prosecution of Computer and High Technology Crime. New York, NY: Matthew Bender Books, 1989. A book written by and for prosecuting attorneys and criminologists.

BloomBecker, J. J. Buck. Introduction to Computer Crime. Santa Cruz, CA: National Center for Computer Crime Data, 1988. (Order from NCCCD, 408-475-4457.) A collection of essays, news articles, and statistical data on computer crime in the 1980s.

BloomBecker, J. J. Buck. Spectacular Computer Crimes. Homewood, IL: Dow Jones-Irwin, 1990. Lively accounts of some of the more famous computer-related crimes of the past two decades.

Communications of the ACM, Volume 34, Number 3, March 1991. This issue has a major feature discussing issues of computer publishing, constitutional freedoms, and enforcement of the laws. This document is a good source for an introduction to the issues involved.

Cook, William J. Internet & Network Law 1996. A comprehensive volume which is updated regularly; the title may change to reflect the year of publication. For further information, contact the author at:

Icove, David, Karl Seger, and William VonStorch, Computer Crime: A Crimefighter’s Handbook , Sebastopol, CA: O’Reilly & Associates, 1995. A popular rewrite of an FBI training manual.

Power, Richard. Current and Future Danger: A CSI Primer on Computer Crime and Information Warfare, Second Edition. San Francisco, CA: Computer Security Institute, 1996. An interesting and timely summary.

Leveson, Nancy G. Safeware: System Safety and Computers. A Guide to Preventing Accidents and Losses Caused by Technology. Reading, MA: Addison-Wesley, 1995. This textbook contains a comprehensive exploration of the dangers of computer systems, and explores ways in which software can be made more fault tolerant and safety conscious.

Neumann, Peter G. Computer Related Risks. Reading, MA: Addison-Wesley, 1995. Dr. Neumann moderates the Internet RISKS mailing list. This book is a collection of the most important stories passed over the mailing list since its creation.

Nissenbaum, Helen, and Deborah G. Johnson, editors. Computers, Ethics & Social Values. Englewood Cliffs, NJ: Prentice Hall, 1995. A fascinating collection of readings on issues of how computing technology impacts society.

Peterson, Ivars. Fatal Defect. New York, NY: Random House, 1995. A lively account of how computer defects kill people.

Weiner, Lauren Ruth. Digital Woes: Why We Should not Depend on Software. Reading, MA: Addison-Wesley, 1993. A popular account of problems with software.

Communications of the ACM , Volume 32, Number 6, June 1989 (the entire issue). This whole issue was devoted to issues surrounding the Internet Worm incident.

Denning, Peter J. Computers Under Attack: Intruders, Worms and Viruses. Reading, MA: ACM Press/Addison-Wesley, 1990. One of the two most comprehensive collections of readings related to these topics, including reprints of many classic articles. A “must-have.”

Ferbrache, David. The Pathology of Computer Viruses. London, England: Springer-Verlag, 1992. This is probably the best all-around book on the technical aspects of computer viruses.

Hoffman, Lance J., Rogue Programs: Viruses, Worms and Trojan Horses. New York, NY: Van Nostrand Reinhold, 1990. The other most comprehensive collection of readings on viruses, worms, and the like. A must for anyone interested in the issues involved.

Denning, Dorothy E. R. Cryptography and Data Security . Reading, MA: Addison-Wesley, 1983. The classic textbook in the field.

Garfinkel, Simson. PGP: Pretty Good Privacy . Sebastopol, CA: O’Reilly & Associates, 1994. Describes the history of cryptography, the history of the program PGP, and explains PGP’s use.

Hoffman, Lance J. Building in Big Brother: The Cryptographic Policy Debate. New York, NY: Springer-Verlag, 1995. An interesting collection of papers and articles about the Clipper Chip, Digital Telephony legislation, and public policy on encryption.

Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition. New York, NY: John Wiley & Sons, 1996. The most comprehensive, unclassified book about computer encryption and data privacy techniques ever published.

Amoroso, Edward. Fundamentals of Computer Security Technology. Englewood Cliffs, NJ: Prentice Hall, 1994. A very readable and complete introduction to computer security at the level of a college text.

Carroll, John M. Computer Security , Second Edition. Stoneham, MA: Butterworth Publishers, 1987. Contains an excellent treatment of issues in physical communications security.

Pfleeger, Charles P. Security in Computing, Second Edition. Englewood Cliffs, NJ: Prentice Hall, 1996. A good introduction to computer security.

Bellovin, Steve and Bill Cheswick. Firewalls and Internet Security. Reading, MA: Addison-Wesley, 1994. The classic book on firewalls. This book will teach you everything you need to know about how firewalls work, but it will leave you without implementation details unless you happen to have access to the full source code to the UNIX operating system and a staff of programmers who can write bug-free code.

Chapman, D. Brent, and Elizabeth D. Zwicky. Building Internet Firewalls . Sebastopol, CA: O’Reilly & Associates, 1995. A good how-to book that describes in clear detail how to build your own firewall.

Comer, Douglas E. Internetworking with TCP/IP, Third Edition. Englewood Cliffs, NJ: Prentice Hall, 1995. A complete, readable reference that describes how TCP/IP networking works, including information on protocols, tuning, and applications.

Hunt, Craig. TCP/IP Network Administration. Sebastopol, CA: O’Reilly & Associates, 1992. This book is an excellent system administrator’s overview of TCP/IP networking (with a focus on UNIX systems), and a very useful reference to major UNIX networking services and tools such as BIND (the standard UNIX DNS server) and sendmail (the standard UNIX SMTP server).

Kaufman, Charles, Radia Perlman, and Mike Speciner. Network Security: Private Communications in a Public World. Englewood Cliffs, NJ: Prentice Hall, 1995. A technical but readable account of many algorithims, and protocols for providing cryptographic security on the Internet. The discussion of the Web is very limited.

Liu, Cricket, Jerry Peek, Russ Jones, Bryan Buus, and Adrian Nye. Managing Internet Information Services. Sebastopol, CA: O’Reilly & Associates, 1994. This is an excellent guide to setting up and managing Internet services such as the World Wide Web, FTP, Gopher, and more, including discussions of the security implications of these services.

Quarterman, John. The Matrix: Computer Networks and Conferencing Systems Worldwide. Bedford, MA: Digital Press, 1990. A dated but still insightful book describing the networks, protocols, and politics of the world of networking.

Stallings, William. Network and Internetwork Security: Principles and Practice . Englewood Cliffs, NJ: Prentice Hall, 1995. A good introductory textbook.

Stevens, Richard W. TCP/IP Illustrated. The Protocols, Volume 1. Reading, MA: Addison-Wesley, 1994. This is a good guide to the nuts and bolts of TCP/IP networking. Its main strength is that it provides traces of the packets going back and forth as the protocols are actually in use, and uses the traces to illustrate the discussions of the protocols.

Computer Security Buyer’s Guide. Computer Security Institute, San Francisco, CA. (Order from CSI, 415-905-2626.) Contains a comprehensive list of computer security hardware devices and software systems that are commercially available. The guide is free with membership in the Institute. The URL is at http://www.gocsi.com.

Albitz, Paul and Cricket Liu. DNS and BIND , Second Edition. Sebastopol, CA: O’Reilly & Associates, 1997. An excellent reference for setting up DNS nameservers.

Costales, Bryan, with Eric Allman and Neil Rickert. sendmail , Second Edition. Sebastopol, CA: O’Reilly & Associates, 1997. Rightly or wrongly, many UNIX sites continue to use the sendmail mail program. This huge book will give you tips on configuring it more securely.

Custer, Helen. Inside Windows NT . Seattle, WA: Microsoft Press, 1993. A thorough overview of how Windows NT works and how the components fit together.

Garfinkel, Simson and Gene Spafford. Practical UNIX & Internet Security, Second Edition. Sebastopol, CA: O’Reilly & Associates, 1996. Nearly 1000 pages of UNIX and network security, with many helpful scripts and checklists.

Hu, Wei. DCE Security Programming. Sebastopol, CA: O’Reilly & Associates, 1995. A highly technical exploration of The Open Software Foundation’s Distributed Computing Environment.

McGraw, Gary and Edward W. Felten. Java Security: Hostile Applets, Holes, and Antidotes. New York, NY: Wiley Computer Publishing, 1997. A book on web browser security from a user’s point of view.

Nemeth, Evi, Garth Snyder, Scott Seebass, and Trent R. Hein. UNIX System Administration Handbook, Second Edition. Englewood Cliffs, NJ: Prentice Hall, 1995. An excellent reference on the various ins and outs of running a UNIX system. This book includes information on system configuration, adding and deleting users, running accounting, performing backups, configuring networks, running sendmail, and much more. Highly recommended.

Sheldon, Tom. Windows NT Security Handbook. New York, NY: Osborne McGraw-Hill, 1997. An up-to-date and thorough reference to the various issues involved in making NT more secure.

Sutton, Steve and Trusted Information Systems. Windows NT Security. Trusted Systems Training, 1995. A simple but comprehensive guide to issues of security in Windows NT.

Tidrow, Rob. Windows NT Registry Troubleshooting. Indianapolis, IN: New Riders Publishing, 1996. The registry is at the heart of Windows NT security and network support. This book provides a complete reference on how it works and how to manage problems related to the registry.

Miller, Barton P., Lars Fredriksen, and Bryan So. “An Empirical Study of the Reliability of UNIX Utilities,” Communications of the ACM, Volume 33, Number 12, December 1990, 32-44. A thought-provoking report of a study showing how UNIX utilities behave when given unexpected input.

Schwartz, Randal L. Learning Perl . Sebastopol, CA: O’Reilly & Associates, 1993. A great book for learning the Perl language.

Wall, Larry, Randal L. Schwartz, and Tom Christiansen. Programming Perl, Second Edition. Sebastopol, CA: O’Reilly & Associates, 1996. The definitive reference to the Perl scripting language. A must for anyone who does much shell, awk, or sed programming or would like to quickly write some applications in UNIX.