Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Security+ Certification All-in-One Exam Guide", Gregory White

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKA1SECP.RVW 20031018 Security+ Certification All-in-One Exam Guide , Gregory White, 2003, 0-07-222633-1, U$59.99/C$89.95/UK#45.00 %A Gregory White %C
    Message 1 of 1 , Feb 2, 2004
    • 0 Attachment
      BKA1SECP.RVW 20031018

      "Security+ Certification All-in-One Exam Guide", Gregory White, 2003,
      0-07-222633-1, U$59.99/C$89.95/UK#45.00
      %A Gregory White
      %C 300 Water Street, Whitby, Ontario L1N 9B6
      %D 2003
      %G 0-07-222633-1
      %I McGraw-Hill Ryerson/Osborne
      %O U$59.99/C$89.95/UK#45.00 +1-800-565-5758 fax: 905-430-5020
      %O http://www.amazon.com/exec/obidos/ASIN/0072226331/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0072226331/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0072226331/robsladesin03-20
      %P 558 p. + CD-ROM
      %T "Security+ Certification All-in-One Exam Guide"

      Part one is nominally on authentication. Chapter one covers general
      security concepts. Good ideas are provided, but sometimes in a poor
      structure (the domains are unique, adhering neither to the CISSP
      [Certified Information System Security Professional] CBK [Common Body
      of Knowledge] nor the Security+ formation). The wording can sometimes
      confuse those new to the field, such as the use of "diversity of
      defence" for what is otherwise known as least common mechanism.

      Part two describes malware and attacks. Chapter two could use more
      organization and taxonomy, and the virus material is limited and
      dated, but otherwise it is generally good.

      Part three concentrates on networking, or security in transmissions.
      Chapter three deals with remote access, and is not as good as the
      prior material, consisting mostly of a list of protocols. Email, in
      chapter four, is not particularly good at examining viruses, worms,
      hoaxes, spam, and encryption. The Web is limited to SSL (Secure
      Sockets Layer), programming bugs, and cookies, in chapter five. The
      wireless part of chapter six is fine as far as it goes, and there is
      an odd inclusion of instant messaging.

      Part four looks at security for the infrastructure. Chapter seven is
      an oddly structured list of networking and computer components, with
      even more duplication of topics and material than earlier chapters
      showed. The basics of intrusion detection systems are provided in
      chapter eight, but there are also extraneous details. Chapter nine
      suggests hardening computers, but, as is usual with such advice, it is
      short on how: for example, we are told to turn off unnecessary Windows
      services but not how to tell which ones can be safely discarded or
      even how to find out which services are running. Linux and UNIX fair
      rather worse than usual in this section.

      Cryptography and applications are in part five. Chapter ten has
      another odd organizational flow, with lots of details but few that are
      of use, and a very short mention of the concept of asymmetric
      encryption. Public Key Infrastructure, in chapter eleven, is verbose
      but still thin on details. Standards and protocols, in chapter
      twelve, starts with excessive detail on PKI, but then ventures
      randomly into other topics.

      Part six looks at operations security. Chapter thirteen, on
      organizational and operational security, touches on security
      management, physical security, and miscellaneous topics. A little bit
      on business continuity planning, backups, policies, and ethics is in
      chapter fourteen.

      Part seven refers to administrative controls. There is a wandering
      discussion of security and law in chapter fifteen, privilege
      management (otherwise known as access control) in sixteen, computer
      forensics and simple evidence preservation in seventeen, risk
      management in eighteen, and change management in nineteen.

      This book could do with a wholesale restructuring, and, overall, the
      material is rather vague and general.

      copyright Robert M. Slade, 2003 BKA1SECP.RVW 20031018


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      No amount of experimentation can ever prove me right; a single
      experiment can prove me wrong. - Albert Einstein
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.