Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Safe and Secure", Arman Danesh/Ali Mehrassa/Felix Lau

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Safe and Secure", Arman Danesh/Ali Mehrassa/Felix Lau
Date: Fri, 06 Jan 2006 10:15:34 -0800 
BKSAFSEC.RVW   20051023

"Safe and Secure", Arman Danesh/Ali Mehrassa/Felix Lau, 2002,
0-672-32243-9, U$24.99/C$37.95/UK#17.99
%A   Arman Danesh
%A   Ali Mehrassa
%A   Felix Lau
%C   201 W. 103rd Street, Indianapolis, IN   46290
%D   2002
%G   0-672-32243-9
%I   Macmillan Computer Publishing (MCP)
%O   U$24.99/C$37.95/UK#17.99 800-858-7674 317-581-3743 info@mcp.com
%O  http://www.amazon.com/exec/obidos/ASIN/0672322439/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0672322439/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0672322439/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   359 p.
%T   "Safe and Secure: Secure Your Home Network and Protect Your
      Privacy Online"

The introduction states that the book is intended to help home
Internet users protect themselves.

Part one deals with Internet basics and threats.  The material is
brief and simplistic.  It is easily within the grasp of home users,
but it is difficult to say that the background provided is either
necessary or sufficient as a basis for security needs.  Chapter one
briefly lists a few of the dangers you can encounter on the net.  Even
more briefly, chapter two mentions some of the protective measures
that can address the reported hazards.  An elementary overview of
aspects of TCP/IP makes up chapter three.  Chapter four, the longest
in this section, contains material on networking hardware, topologies,
and application considerations that home users are extremely unlikely
to encounter.

Part two addresses the protection of a home computer.  Chapter five
supposedly deals with the protection of a network-connected standalone
computer, which would seem to be a contradiction in terms.  The text
deals with the Windows 98/ME operating system, which was current at
the time the book was published, but in such a lockstep fashion that
it is basically useless for anything else.  Wireless LAN technology is
tersely reviewed in chapter six.  Chapter seven prints the screenshots
for an installation of a version of the Zonealarm software personal
firewall.  There are sloppy definitions of viruses, worms, and trojan
horse programs in chapter eight.  Installation screenshots for a
couple of widely-sold virus scanning programs are in chapter nine.

Part three looks to the defence of a local area network in the home. 
Chapter ten provides a high level overview of firewalls, with much of
the material being unsuitable for the needs of the home user. 
Screenshots for the Windows settings required for a dual-homed (dual
network card) circuit-level proxy firewall (which seems to be an
awfully complicated setup for a home user) are printed in chapter
eleven.  Setup screens for a few hardware packet filtering and address
translation firewalls are in chapter twelve.  Telecommuting is
discussed in chapter thirteen, with some mentions of security factors. 
Virtual private networks, probably not an issue for home users, are
considered in chapter fourteen: again, Windows software settings are
the major issue.  Chapter fifteen ponders the risks of running servers
(such as private Web servers) on a home machine, primarily addressed
via port restriction.

Privacy and data security are addressed in part four.  Most of the
material on human factors, in chapter sixteen, consists of standard
identity theft prevention advice.  There is reasonable information
about cookies in chapter seventeen.  The content about anonymous
browsing and email, in chapter eighteen, is brief, and of limited
value.  Chapter nineteen, on encryption, gives severely limited
background and predominately includes PGP installation screenshots.

Part five looks at testing and recovery.  Chapter twenty has a
plausible examination of port scanning.  Twenty-one talks about logs,
but is not of much help in demonstrating how to use them.  Some basic
steps when a problem becomes evident are listed in chapter twenty-two. 
Chapter twenty-three essentially says to keep your software up to
date.  Screenshots for the Microsoft Backup program are in chapter
twenty-five.

The home user requires basic information about computer and Internet
security.  The content of this book never gets too deep for the
average person, and does provide some useful advice for many of the
most common problems.  At the same time, there are vital issues that
the home user may see daily which are not addressed.  In addition,
much of the content of the book is of almost no interest to those
outside of a commercial or corporate environment.  Therefore, while
there is some value in the work, a great deal of extraneous text has
to be mined in order to find it.  This means that you can't just give
this volume to your Mom in order to keep her computer safe.

copyright Robert M. Slade, 2005   BKSAFSEC.RVW   20051023


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
Vizzini: You fell victim to one of the classic blunders! The most
         famous is never get involved in a land war in Asia
                                                - The Princess Bride
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Safe and Secure", Arman Danesh/Ali Mehrassa/Felix Lau, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  Re: [CISSP-D] Computer Forensics Certification, Khalid Shaikh
Next by Date:  [CISSP-D] REVIEW: "Rootkits", Greg Hoglund/James Butler, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] CISSP EXAM, susheel1234567
Next by Thread:  [CISSP-D] REVIEW: "Rootkits", Greg Hoglund/James Butler, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]