Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Mike Meyers' Security+ Certification Passport", Trevor Kay

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKMMSCRP.RVW 20030207 Mike Meyers Security+ Certification Passport , Trevor Kay, 2003, 0-07-222741-9, U$29.99/C$44.95 %A Trevor Kay trevor@trevorkay.com
    Message 1 of 1 , Feb 20, 2003
      BKMMSCRP.RVW 20030207

      "Mike Meyers' Security+ Certification Passport", Trevor Kay, 2003,
      0-07-222741-9, U$29.99/C$44.95
      %A Trevor Kay trevor@...
      %C 300 Water Street, Whitby, Ontario L1N 9B6
      %D 2003
      %G 0-07-222741-9
      %I McGraw-Hill Ryerson/Osborne
      %O U$29.99/C$44.95 800-565-5758 fax: 905-430-5020
      %O http://www.amazon.com/exec/obidos/ASIN/0072227419/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0072227419/robsladesin03-20
      %P 363 + CD-ROM
      %T "Mike Meyers' Security+ Certification Passport"

      Given the organization of the Security+ objectives, part one covers
      general security concepts and chapter one is on access control. Some
      factors are dismissed a little bit too concisely: it is difficult to
      justify the blanket statement that biometric authentication is
      "extremely accurate and secure." (Biometrics does get a bit more
      explanation in the chapter on physical security, but there is no
      indication of that in this location.) For the first set of sample
      questions, the emphasis is on simple definitions and fact recitation,
      but later questions do become somewhat more complex. A variety of
      attacks are described in chapter two, generally reasonably. The virus
      material is unfortunately poor, concentrating on older viral
      technologies (such as the almost extinct boot sector viruses and older
      DOS precedence-based companions) and failing to provide proper
      outlines of the basic antivirus technologies.

      Part two looks at communications security. Chapter three deals with
      remote access, but the content has limited application to security.
      Technologies related to Internet application security are reviewed in
      chapter four. The highlights are touched on, but the lack of detail
      can be troubling. Cookies are discussed, with some mention of
      privacy, but the potential problem of cross-site tracking is not dealt
      with at all, and neither is the danger of HTML (HyperText Markup
      Language) formatted messages when the topic turns to email. The
      material on wireless networking and security, in chapter five, is very
      weak. The explanation of direct-sequence spread spectrum is not clear
      at all, a mention of SSL (Secure Sockets Layer) makes no reference to
      the description in the previous chapter (and almost contradicts it),
      and security itself gets short shrift in the haste to trot out the
      alphabet soup of related technologies.

      Part three deals with infrastructure security. Chapter six runs
      through a list of networking components, cabling, and storage media,
      again with limited allusion to security. Network topologies and
      intrusion detection systems are discussed in chapter seven. System
      hardening, generally by applying patches and disabling functions, is
      reviewed in chapter eight.

      Cryptography is in part four. Most of the basic content in chapter
      nine is sensible, but it is clear from the paragraphs on double- and
      triple-DES (Data Encryption Standard) that the author does not fully
      understand the subject. Chapter ten reviews key management, but it is
      not clear why the topic was separated from that of PKI (Public Key

      Part five deals with operational and organizational security.
      Physical security, in chapter eleven, is covered fairly well.
      Disaster recovery is confined to backups and fault tolerance: chapter
      twelve supports Kenneth Myers contention (cf. BKMGTCPD.RVW) that most
      people concentrate on recovering technology rather than the business,
      and would be improved by a broader view that incorporated all aspects
      of the operation. Chapter thirteen lists some areas that should be
      covered in a security policy. Forensics is dealt with poorly, and
      chapter fourteen also throws in education and training.

      While the book still adheres, rather slavishly, to the arbitrary
      structure of the Security+ list of objectives, the content is
      generally pretty reasonable, providing background explanations for
      important concepts, and keeping the descriptions of many of the
      specific technologies limited to the fundamental ideas. The text does
      tend to be terse, given the size of the book, but most basic material
      should be available to the student. This does vary by chapter: some
      seem to be merely going through the motions. The work could be
      improved with some removal of duplicated material. For example, there
      are three separate discussions of social engineering, and two could be
      replaced with cross-references. Despite its smaller size, I would
      recommend this volume over the Syngress "Security+ Study Guide and DVD
      Training System" (cf. BKSCRTYP.RVW), but not emphatically.

      copyright, Robert M. Slade, 2003 BKMMSCRP.RVW 20030207

      rslade@... rslade@... slade@... p1@...
      Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
      Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
      March 31, 2003 Indianapolis, IN
    Your message has been successfully submitted and would be delivered to recipients shortly.