REVIEW: "Security+ Certification for Dummies", Lawrence Miller/Peter Gregory
- BKSCRTPD.RVW 20030330
"Security+ Certification for Dummies", Lawrence Miller/Peter Gregory,
2003, 0-7645-2576-X, U$29.99/C$44.99/UK#24.50
%A Lawrence Miller
%A Peter Gregory peter.gregory@...
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$29.99/C$44.99/UK#24.50 416-236-4433 fax: 416-236-4448
%P 375 p. + CD-ROM
%T "Security+ Certification for Dummies"
Part one deals with exam basics. Chapter one has some promotional
material on the exam, and some generic test writing tips. Basic
networking background content is included in chapter two, which is
reasonable in view of the fact that the OSI (Open Systems
Interconnection) model is not, strictly speaking, related to security,
but so much of the exam touches on networking concepts. There is also
a very terse review of the CIA (confidentiality, integrity,
Part two addresses the domain of general security concepts. Chapter
one's brief but fair information about access control is sporadically
interrupted by silly attempts at humour, which serve only to distract
and confuse the issue. (Jokes can, at times, help to cement ideas or
lighten the study process: these quips do neither.) Lists of attacks
and exploits are in chapter four. As an example of the utility of the
material, the definition of a virus is all right, as far as it goes,
but the protective measures are dated.
Part three covers communications security. Some remote access terms
and names of related technologies comprise the whole of chapter five.
Chapter six has a basic listing of email security systems, but a very
terse discussion of Web security, with major holes and gaps. Given
the abbreviated content of prior material, the inclusion of a list of
command line options for ftp (File Transfer Protocol) and Microsoft
Windows file sharing dialogue boxes seems quite odd, as does the
inclusion of DNS (Domain Name System) in the topic of directory
services. Chapter eight has some discussion of the security issues of
wireless LANs, but almost no detail.
Part four is the infrastructure domain of the Security+ exam. There
is a brief look at devices (mostly network components) and media, in
chapter nine. Chapter ten expands on earlier descriptions of
firewalls and IDS (Intrusion Detection Systems). "Security
Baselines," in chapter eleven, basically deals with hardening of
systems, and is mostly concerned with keeping patches up to date.
Part five is on cryptography. Chapter twelve presents the basics, and
most of it is fine, although it does make odd statements such as that
block ciphers have reuseable keys and stream ciphers don't. Some
components and services of PKI (Public Key Infrastructure) are
described in chapter thirteen, but, as with so many areas in the book,
the information is very scant.
Part six relates to the operational and organizational domain.
Chapter fourteen talks about physical security. Business continuity
planning and disaster recovery are discussed in fifteen. Security
management, in terms of policies and risk management, is in sixteen.
Forensics, in chapter seventeen, concentrates on the chain of
The "part of tens" is a standard feature of the "for Dummies" series.
The fact that "check your biorhythm" is the first suggestion in
chapter eighteen does not inspire confidence in the quality of the
advice. Of the ten references in chapter nineteen some are great and
some are mediocre. The same holds true for the URLs (Uniform Resource
Locators) in chapter twenty. There doesn't seem to be a lot of point
to the list of other certifications in chapter twenty one.
The sample questions provided at the ends of the chapters are
extremely simplistic, and require rote memorization of phrases, rather
than any degree of understanding.
Trevor Kay's "Mike Meyers' Security+ Certification Passport" (cf.
BKMMSCRP.RVW) is slightly but definitely superior to this work. The
"Security+ Study Guide and DVD Training System" (cf. BKSCRTYP.RVW) is
roughly the same quality as the current work, but has more depth,
background, and material. However, overall, I would have to recommend
Krutz and Vines entry into the Security+ field (cf. BKSCRTPG.RVW) over
any of them.
copyright Robert M. Slade, 2003 BKSCRTPD.RVW 20030330
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
Inigo: You keep using that word. I do not think it means what you
think it means.
- The Princess Bride
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade