Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Security+ Certification for Dummies", Lawrence Miller/Peter Gregory

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKSCRTPD.RVW 20030330 Security+ Certification for Dummies , Lawrence Miller/Peter Gregory, 2003, 0-7645-2576-X, U$29.99/C$44.99/UK#24.50 %A Lawrence
    Message 1 of 1 , Jun 12, 2003
      BKSCRTPD.RVW 20030330

      "Security+ Certification for Dummies", Lawrence Miller/Peter Gregory,
      2003, 0-7645-2576-X, U$29.99/C$44.99/UK#24.50
      %A Lawrence Miller
      %A Peter Gregory peter.gregory@...
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2003
      %G 0-7645-2576-X
      %I John Wiley & Sons, Inc.
      %O U$29.99/C$44.99/UK#24.50 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/076452576X/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/076452576X/robsladesin03-20
      %P 375 p. + CD-ROM
      %T "Security+ Certification for Dummies"

      Part one deals with exam basics. Chapter one has some promotional
      material on the exam, and some generic test writing tips. Basic
      networking background content is included in chapter two, which is
      reasonable in view of the fact that the OSI (Open Systems
      Interconnection) model is not, strictly speaking, related to security,
      but so much of the exam touches on networking concepts. There is also
      a very terse review of the CIA (confidentiality, integrity,
      availability) triad.

      Part two addresses the domain of general security concepts. Chapter
      one's brief but fair information about access control is sporadically
      interrupted by silly attempts at humour, which serve only to distract
      and confuse the issue. (Jokes can, at times, help to cement ideas or
      lighten the study process: these quips do neither.) Lists of attacks
      and exploits are in chapter four. As an example of the utility of the
      material, the definition of a virus is all right, as far as it goes,
      but the protective measures are dated.

      Part three covers communications security. Some remote access terms
      and names of related technologies comprise the whole of chapter five.
      Chapter six has a basic listing of email security systems, but a very
      terse discussion of Web security, with major holes and gaps. Given
      the abbreviated content of prior material, the inclusion of a list of
      command line options for ftp (File Transfer Protocol) and Microsoft
      Windows file sharing dialogue boxes seems quite odd, as does the
      inclusion of DNS (Domain Name System) in the topic of directory
      services. Chapter eight has some discussion of the security issues of
      wireless LANs, but almost no detail.

      Part four is the infrastructure domain of the Security+ exam. There
      is a brief look at devices (mostly network components) and media, in
      chapter nine. Chapter ten expands on earlier descriptions of
      firewalls and IDS (Intrusion Detection Systems). "Security
      Baselines," in chapter eleven, basically deals with hardening of
      systems, and is mostly concerned with keeping patches up to date.

      Part five is on cryptography. Chapter twelve presents the basics, and
      most of it is fine, although it does make odd statements such as that
      block ciphers have reuseable keys and stream ciphers don't. Some
      components and services of PKI (Public Key Infrastructure) are
      described in chapter thirteen, but, as with so many areas in the book,
      the information is very scant.

      Part six relates to the operational and organizational domain.
      Chapter fourteen talks about physical security. Business continuity
      planning and disaster recovery are discussed in fifteen. Security
      management, in terms of policies and risk management, is in sixteen.
      Forensics, in chapter seventeen, concentrates on the chain of

      The "part of tens" is a standard feature of the "for Dummies" series.
      The fact that "check your biorhythm" is the first suggestion in
      chapter eighteen does not inspire confidence in the quality of the
      advice. Of the ten references in chapter nineteen some are great and
      some are mediocre. The same holds true for the URLs (Uniform Resource
      Locators) in chapter twenty. There doesn't seem to be a lot of point
      to the list of other certifications in chapter twenty one.

      The sample questions provided at the ends of the chapters are
      extremely simplistic, and require rote memorization of phrases, rather
      than any degree of understanding.

      Trevor Kay's "Mike Meyers' Security+ Certification Passport" (cf.
      BKMMSCRP.RVW) is slightly but definitely superior to this work. The
      "Security+ Study Guide and DVD Training System" (cf. BKSCRTYP.RVW) is
      roughly the same quality as the current work, but has more depth,
      background, and material. However, overall, I would have to recommend
      Krutz and Vines entry into the Security+ field (cf. BKSCRTPG.RVW) over
      any of them.

      copyright Robert M. Slade, 2003 BKSCRTPD.RVW 20030330

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Vizzini: INCONCEIVABLE!
      Inigo: You keep using that word. I do not think it means what you
      think it means.
      - The Princess Bride
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.