REVIEW: "Network Security for Dummies", Chey Cobb
- BKNTSCDM.RVW 20031204
"Network Security for Dummies", Chey Cobb, 2003, 0-7645-1679-5,
%A Chey Cobb chey@...
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$29.99/C$44.99 416-236-4433 fax: 416-236-4448
%P 380 p.
%T "Network Security for Dummies"
Part one is entitled "The Path to Network Security." Chapter one is
meant to be a start on network security, but instead is just a random
collection of threats, network connection options, and security
aphorisms. The material is both confused and confusing: in one
paragraph we are told that you don't have to worry about viruses
because virus writers only write viruses for Microsoft software so if
you don't use Microsoft software you are safe but you can't live
without using Microsoft software so you have to worry about viruses.
Chapter two suggests taking an inventory of your computer hardware,
software, and policies. The basics of risk management are presented
in chapter three, and policies and procedures are explained in four.
The outlines are not bad at all. Unfortunately, the sample policies
are vague and generic.
Part two supposedly turns to the network. Choosing security controls,
in chapter five, is limited to an overly simplistic synopsis of
antivirus software, firewalls, and intrusion detection systems (IDSs).
There is a barebones list of US laws related to security in chapter
six. Network components are enumerated in chapter seven.
Part three looks at security mechanisms. The material in chapter five
is slightly, but insufficiently, expanded as chapters eight, nine, and
ten review antivirus, firewalls, and IDS, respectively. Chapter
eleven lists commands for setting permissions under UNIX and Windows.
Part four seems to be considered advanced security. Chapters twelve,
thirteen, and fourteen provide some directions for hardening UNIX,
Windows, and Mac systems, but the explanations are almost non-
existent. Instead of dealing with the patching of applications,
chapter fifteen mostly lists loopholes. Chapter sixteen describes
virtual private networks, but the technical details that are given are
irrelevant to an exegesis of how the technology actually functions.
Basic but reasonable suggestions about making wireless networks
slightly harder to get into are given in chapter seventeen.
Electronic commerce needs special protection, says chapter eighteen,
and mentions some Web security mechanisms.
Part five deals with disaster recovery. Chapter nineteen suggests
having a computer emergency response team. A slightly disorganized
(and rather brief) look at disaster recovery is in twenty. Computer
forensics gets a once over very, very lightly in twenty one.
The traditional "Part of Tens" lists the ten best security practices,
ten best Web sites (for once I agree with the antivirus
recommendation), ten security tools, and ten questions to ask a
Overall, this book is not very good advice about network security, and
would not be terribly helpful for improving security. But it does
have some (a few) decent bits that provide skeletal outlines of some
important security concepts.
copyright Robert M. Slade, 2003 BKNTSCDM.RVW 20031204
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Am now microwavink Windows NT CD. Best use for it yet, da?
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade