Loading ...
Sorry, an error occurred while loading the content.

"Security+ Prep Guide", Ronald L. Krutz/Russell Dean Vines

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKSCRTPG.RVW 20030320 Security+ Prep Guide , Ronald L. Krutz/Russell Dean Vines, 2003, 0-7645-2599-9, U$60.00/C$90.99/UK#39.95 %A Ronald L. Krutz %A
    Message 1 of 1 , Jun 10, 2003
      BKSCRTPG.RVW 20030320

      "Security+ Prep Guide", Ronald L. Krutz/Russell Dean Vines, 2003,
      0-7645-2599-9, U$60.00/C$90.99/UK#39.95
      %A Ronald L. Krutz
      %A Russell Dean Vines
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2003
      %G 0-7645-2599-9
      %I John Wiley & Sons, Inc.
      %O U$60.00/C$90.99/UK#39.95 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/0764525999/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0764525999/robsladesin03-20
      %P 456 p. + CD-ROM
      %T "Security+ Prep Guide"

      The introduction is a quick outline of the Security+ domains and exam
      structure. Chapter one, covering the general security concepts, has
      parts that are better than the other Security+ guides, possibly due to
      Krutz' and Vines' familiarity with the CISSP (Certified Information
      Systems Security Professional) material. However, there are also
      oddities such as a purported "Discretionary Security Property" of the
      Bell-LaPadula model (might this be an idiosyncratic renaming of the
      later tranquility property?) and an alleged "Axiom Three" of the Biba
      model. In terms of the Clark-Wilson model, most of the space is
      devoted to defining unneeded terms, and the three vital concepts are
      dismissed in a single sentence. Kerberos is described well, but
      perhaps with an excess of symbolic logic. The list of attacks mixes
      types, and the virus explanation uses dated concepts. The sample
      question given at the end of the chapter (and domain) are less
      simplistic than other sets, but, ironically, may go too far in the
      other direction. Experienced security professionals will be able to
      understand the intent behind the answers (when looking at the answers
      and explanations in Appendix A), but the careless wording will make
      the questions unclear and confusing to novices (which, more or less by
      definition, Security+ candidates are).

      Chapter two deals with the communications security domain. Again,
      there are some problems, such as a confusion of authentication
      protocols with those of VPNs (Virtual Private Networks) and an odd
      emphasis on a possible exploit based on the DOS "8.3" naming
      convention. The material is piecemeal and without a logical structure
      (the Perl programming language is discussed next to SMTP [Simple Mail
      Transfer Protocol]). There is a confusion of the Java and JavaScript
      languages (although they are later distinguished). The pages of
      screen shots for AirMagnet and NetStumbler don't seem to have any
      purpose or value. The infrastructure material, in chapter three,
      covers more telecommunications. (DSSS [Direct Sequence Spread
      Spectrum] is not explained well.) Strangely, the sample questions ask
      about RAID (Redundant Array of Inexpensive/Independent Disks), which
      is not covered until domain five. Chapter four covers cryptography
      basics reasonably, but the depth is uneven. Operational and
      organizational security is a bit of a grab bag of a domain, and that
      is amply reflected in the otherwise decent material in chapter five.

      Despite the problems, overall I would have to recommend Krutz' and
      Vines' entry into the Security+ field over Trevor Kay's "Mike Meyers'
      Security+ Certification Passport" (cf. BKMMSCRP.RVW), the "Security+
      Study Guide and DVD Training System" (cf. BKSCRTYP.RVW), or "Security+
      Certification for Dummies" (cf. BKSCRTPD.RVW).

      copyright Robert M. Slade, 2003 BKSCRTPG.RVW 20030320

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      A fanatic is one who can't change his mind and won't change the
      subject. - Winston Churchill
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.