Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Computer Security Fundamentals", Chuck Easttom

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKCMSCFN.RVW 20080205 Computer Security Fundamentals , Chuck Easttom, 2006, 0-13-171129-6, U$52.00/C$51.95 %A Chuck Easttom %C One Lake St., Upper
    Message 1 of 1 , May 1, 2008
      BKCMSCFN.RVW 20080205

      "Computer Security Fundamentals", Chuck Easttom, 2006, 0-13-171129-6,
      %A Chuck Easttom
      %C One Lake St., Upper Saddle River, NJ 07458
      %D 2006
      %G 0-13-171129-6
      %I Prentice Hall
      %O U$52.00/C$51.95 800-576-3800 416-293-3621 201-236-7139
      %O http://www.amazon.com/exec/obidos/ASIN/0131711296/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0131711296/robsladesin03-20
      %O Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 344 p.
      %T "Computer Security Fundamentals"

      This is a textbook, and the preface states that it is intended for
      students. The author and reviewers are all from colleges, and one
      presumes that they know something about textbooks. They do not,
      however, demonstrate much knowledge of security.

      Chapter one is supposed to be an introduction to cyber crime and
      security, but important terms are poorly defined, and many are
      missing. The material seems to be sensational rather than
      educational. Fundamental concepts are presented oddly as well.
      Security is divided not into the fairly standard confidentiality,
      integrity, and availability, but into malware, intrusions, and denial
      of service (DoS), which leaves out all kinds of important issues. A
      terse overview of risk analysis is rather simplistic, but much better
      than the rest of the content. The questions included at the end of
      the chapter are trivial: the exercises are more time-consuming but no
      more difficult.

      Chapter two contains random topics about networks and the Internet.
      The structure is as disorganized as most of the book: the subject of
      domain name service comes between a discussion of media access control
      addresses and an illustration of RJ45 jacks, a type of physical plug.
      Screenshots of network scanning utilities make up chapter three.
      Chapter four, about denial of service attacks, confuses DoS and Man-
      in-the-Middle offensives. Malware, in chapter five, is treated even
      worse than is normally the case, stating outright that there is no
      difference between viruses and worms, confusing viruses with buffer
      overflow conditions, and providing almost no information at all on the
      types of virus protection. Chapter six has more screenshots and
      typically useless recommendations on hardening Windows systems: the
      reader is advised to disable unnecessary services, but is not given
      any information about how to find, enable, or disable services, or
      determine which services are necessary or otherwise.

      Chapter seven's outline of encryption is highly unreliable. We are
      told that there are two types of encryption, transposition and
      substitution, and that within substitution there are two divisions:
      symmetric and asymmetric. (Most modern symmetric algorithms use
      combinations of transposition and substitution, and asymmetric
      algorithms use mathematical transformations.) PGP, a cryptosystem, is
      compared with the RSA algorithm. (PGP, in fact, can use the RSA
      algorithm: this is a bit like comparing apples with refrigerators.)
      Two of the three virtual private network protocols that are discussed
      in regard to encryption protocols have no encryption capability.

      A list of some Internet frauds is given in chapter eight. Chapter
      nine, supposedly about corporate espionage, tells us that information
      has value and we should have some information security. (Rather
      ironically, the advice that is given is irrelevant to the issue of
      insider abuses, which is the most common form of business espionage
      and fraud.) Cyber terrorism and information warfare gets the usual
      lurid (and inaccurate) treatment in chapter ten. Entitled "Cyber
      Detective," chapter eleven says that you can find information about
      people by using Web search engines. A few security utilities are
      briefly described in chapter twelve.

      This is a book that is very long on page format, and rather short on
      content. The material is unreliable and incomplete. I would not want
      to take a course that used this as a text, and I certainly wouldn't
      hire anyone simply on the basis that they passed such a course.

      copyright Robert M. Slade, 2008 BKCMSCFN.RVW 20080205

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Acknowledge and take to heart this day that the Lord is God in
      heaven above and on the earth below. There is no other. Deut. 4:39
    Your message has been successfully submitted and would be delivered to recipients shortly.