Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Computer Security Basics", Rick Lehtinen/Deborah Russell/G. T. Gangemi Sr.

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCMPSEC.RVW 20060819 Computer Security Basics , Rick Lehtinen/Deborah Russell/G. T. Gangemi Sr., 2006, 0-596-00669-1, U$39.99/C$51.99 %A Rick Lehtinen %A
    Message 1 of 1 , Sep 18, 2006
    • 0 Attachment
      BKCMPSEC.RVW 20060819

      "Computer Security Basics", Rick Lehtinen/Deborah Russell/G. T.
      Gangemi Sr., 2006, 0-596-00669-1, U$39.99/C$51.99
      %A Rick Lehtinen
      %A Deborah Russell
      %A G. T. Gangemi Sr.
      %C 103 Morris St., Suite A, Sebastopol, CA 95472-9902
      %D 2006
      %G 0-596-00669-1
      %I O'Reilly and Associates, Inc.
      %O U$39.99/C$51.99
      %O http://www.amazon.com/exec/obidos/ASIN/0596006691/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0596006691/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0596006691/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 296 p.
      %T "Computer Security Basics, Second Edition"

      I've been waiting a long time for an updated version of this classic.

      "Computer Security Basics" was a pretty accurate name for the first
      edition. The book was an overview of many aspects that go into the
      security of computers and data systems. While not exhaustive, it
      provided a starting point from which to pursue specific topics that
      required more detailed study. Such is no longer the case.

      Part one looks at security for today. Chapter one starts with 9/11,
      then talks about various infosec groups, and only then gets to an
      introduction of what security is, and how to evaluate potential
      loopholes. The definition points out the useful difference between
      the problems of confidentiality and availability, and now adds
      integrity. The distinction between threats, vulnerabilities and
      countermeasures is helpful, but may fail to resolve certain issues.
      Ironically, in view of the title of this section, chapter two gives
      some historical background to the development of modern data security.

      Part two deals with computer security itself. Chapter three looks at
      access control, but is somewhat unstructured. Malware and viruses
      receive the all-too-usual mix of advice and inaccuracies in chapter
      four. Policy is supposed to be the topic of chapter five, but most of
      the text is concerned with matters of operations. Internet and Web
      technologies, and a few network attacks, are listed in chapter six.

      The prior inclusion of network topics is rather funny, since part
      three delves into communications security. Chapter seven turns first
      to encryption, which could be presumed to have applications in more
      than communications, although it is important in that field. The
      material on encryption is quite scattered and disorganized, and the
      explanation of asymmetric systems is probably more confusing than
      helpful. A lot about networks, a list of network security components,
      and not much that is useful makes up chapter eight.

      Part four turns to other types of security. Chapter nine takes a
      confused look at physical security, and includes biometrics: as with
      encryption and communications, the topic that could be related to
      physical security, but might more properly be dealt with elsewhere.
      Chapter ten reviews wireless LANs, mentioning threats, but only
      tersely listing security measures, with no detail for use or
      implementation.

      The original version of the book was a good starting point for
      beginners who had to deal with computer security at a basic level.
      This second edition is a tremendous disappointment: Lehtinen has done
      a disservice not only to Russell and Gangemi, but also to those
      relying on this foundational guide. The tone of the first edition may
      have been too pompous, but the contents were informed by the primary
      concerns for information security. This update has introduced random
      new technical trivia, muddied the structure and flow, and reduced the
      value of the reference overall.

      copyright Robert M. Slade, 1993, 2002, 2006 BKCMPSEC.RVW 20060819


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Information is light. Information, in itself, about anything, is
      light. - Tom Stoppard, `Night and Day'
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
      http://victoria.tc.ca/techrev/rms.htm
    Your message has been successfully submitted and would be delivered to recipients shortly.