Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Security+ Training Guide", Todd King

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKSCRPTG.RVW 20030419 Security+ Training Guide , Todd King, 2003, 0-7897-2836-2, U$49.99/C$77.99/UK#36.50 %A Todd King %C 201 W. 103rd Street,
    Message 1 of 1 , Jun 17, 2003
      BKSCRPTG.RVW 20030419

      "Security+ Training Guide", Todd King, 2003, 0-7897-2836-2,
      %A Todd King
      %C 201 W. 103rd Street, Indianapolis, IN 46290
      %D 2003
      %G 0-7897-2836-2
      %I Macmillan Computer Publishing (MCP)
      %O U$49.99/C$77.99/UK#36.50 800-858-7674 info@...
      %O http://www.amazon.com/exec/obidos/ASIN/0789728362/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0789728362/robsladesin03-20
      %P 699 p. + CD-ROM
      %T "Security+ Training Guide"

      Aside from the list of exam objectives, the introduction is an
      extremely vague and generic document. The set of exam tips even
      provides suggestions for a format that the text itself admits is
      inappropriate to the CompTIA Security+ test.

      Part one, the bulk of the book, breaks the exam topics into nine
      sections, rather than the five domains proposed by CompTIA. Chapter
      one supposedly deals with general security concepts. However, the
      material is padded out with a great deal of gratuitous content and
      confusing verbiage. The glossary contains such vital items as "lamer"
      and "luser." The discussions of mandatory, discretionary, and role-
      based access control do not make the distinctions clear. The review
      of Kerberos really only mentions tickets, and does not deal with the
      concepts that allow the use of symmetric encryption in a system that
      never sends keys in cleartext. The description of "challenge" based
      authentication systems provides a completely misleading idea of what a
      challenge actually is or does. Some security factors, such as the
      list of attacks (with the notable exception of the malware related
      content), are reasonably well done, but even these tend to be
      excessively verbose. The practice questions do not test for concepts:
      they seem to be based strictly on wording in the text, and
      carelessness in writing the questions makes one answer flatly wrong.

      Similar problems are involved in the other material. Chapter two
      demonstrates a fundamental lack of understanding of wireless LAN
      security technologies and where they are applied. (Wired Equivalent
      Privacy, dealing with encryption on LANs, and Wireless Access
      Protocol, providing Web access for cellular telephones, seem to be
      confused in the author's mind.) Again, a great deal of only
      marginally relevant material seems to have been included. Devices,
      media, and topologies, in chapter three, are packaged along with a
      grab bag of disorganized topics. (Firewall technologies and
      topologies are, in fact, covered in two separate sections of the same
      chapter.) Intrusion detection, baselines, and hardening, in chapter
      four, might be a bit better, but only because the topic is so large
      that the lists of recommendations do all have some relation to the
      subject. Chapter five, on cryptographic algorithms, seems to just
      list them, without providing an understanding of basic concepts. PKI
      (Public Key Infrastructure) is simply a list of cryptological terms
      and technologies, and chapter six doesn't provide much in the way of
      solid definitions for them. As a welcome relief, physical security is
      covered quite well in chapter seven. Oddly, however, business
      continuity planning is tacked on to the same chapter, and has numerous
      gaps. The vital topic of security policy, in chapter eight, is
      unfortunately treated with a random assortment of material.
      Similarly, chapter nine's view of security management seems to be
      primarily administrative (featuring a flurry of Windows 2000 dialogue
      box screen shots) with a chaser of additional subjects (such as
      computer forensics).

      Part two seems to bear almost no relation to the previous material.
      The "Fast Facts" are arranged in the five CompTIA domains. The
      questions in the practice exam are completely unlike those given at
      the end of the chapters.

      Given the plethora of unnecessary verbiage and the paucity of reliable
      content, this book has to get the lowest recommendation of the
      Security+ guides reviewed so far (cf. BKMMSCRP.RVW, BKSCRTYP.RVW,

      copyright Robert M. Slade, 2003 BKSCRPTG.RVW 20030419

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      The used key is always bright. - Benjamin Franklin
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.