Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Corporate Computer and Network Security", Raymond R. Panko

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCPCNSC.RVW 20050614 Corporate Computer and Network Security , Raymond R. Panko, 2004, 0-13-038471-2 %A Raymond R. Panko pankosecurity.com %C One Lake
    Message 1 of 1 , Aug 25, 2005
    • 0 Attachment
      BKCPCNSC.RVW 20050614

      "Corporate Computer and Network Security", Raymond R. Panko, 2004,
      0-13-038471-2
      %A Raymond R. Panko pankosecurity.com
      %C One Lake St., Upper Saddle River, NJ 07458
      %D 2004
      %G 0-13-038471-2
      %I Prentice Hall
      %O 800-576-3800 +1-201-236-7139 fax: +1-201-236-7131
      %O http://www.amazon.com/exec/obidos/ASIN/0130384712/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0130384712/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0130384712/robsladesin03-20
      %O Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
      %P 522 p.
      %T "Corporate Computer and Network Security"

      In the preface (for teachers), Panko states that this is a text for a
      security course. The book is said to be based on the CISSP (Certified
      Information Systems Security Professional) "exam," although there is a
      definite lack of material dealing with architecture, physical
      security, and security management.

      Chapter one is a list of possible attacks and security problems.
      There are "Test Your Understanding" questions sprinkled throughout,
      but they are mostly on the level of fact-based reading checks. (One
      of the later examples asks "What is shoulder surfing?" immediately
      under a paragraph on shoulder surfing.) There is also a chapter "1a"
      with a collection of very terse "case studies" (one is only a sentence
      in length). Access control and a tiny mention of physical security is
      in chapter two. (As well as a very strange mention of wireless LANs:
      the author considers WLAN access to be a factor of site security.)
      There are odd and sometimes careless mistakes: "rters" is said to be
      four characters. The emphasis seems to be on minutiae rather than
      concepts. A lot of material is repeated: two separate paragraphs deal
      with piggybacking, only five paragraphs apart. The facts are
      generally correct, but the discussions are often misleading if not
      wrong: a confusing deliberation of what is probably false acceptance
      incorrectly refers to the situation as false rejection. Chapter three
      reviews the TCP/IP protocol suite. (Again, the conceptual material is
      weak: Panko asserts that the real world uses an amalgam of the OSI
      [Open Systems Interconnection] and TCP/IP models, whereas the TCP/IP
      protocol suite is generally described with reference to the OSI model.
      Anyone who has actually used the OSI protocols knows why the rest of
      the world uses TCP/IP.) Network attacks are discussed in chapter
      four. (Oddly, in the midst of a list of net probing activities comes
      a mention of looking up corporate information on the Security and
      Exchange Commission's EDGAR database.) There is also a rather limited
      section on malware. Chapter five looks at firewalls. Some generic
      advice on hardening hosts or desktop computers is given in chapter
      six. Chapters seven and eight contain miscellaneous references to
      cryptographic ideas or practices. Most of the discussion of
      application security, in chapter nine, is limited to Web and e-
      commerce problems. Chapter ten is a rather mixed bag of incident
      response, automated intrusion detection, and business continuity
      planning. Security should be managed, says chapter eleven, but it
      doesn't give an awful lot of help on how it can be done. Most of
      chapter twelve looks at computer related laws.

      The book seems to be a very loosely structured compilation of points
      related to security. The lack of overall organization means that
      material is often disjointed and repetitive. As with anything, in the
      hands of a good teacher this could be used for a computer security
      course text. In the hands of one who followed the text closely, the
      course would be a bit ragged.

      copyright Robert M. Slade, 2005 BKCPCNSC.RVW 20050614


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      We are generally the better persuaded by the reasons we discover
      ourselves than by those given to us by others. - Blaise Pascal
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.