Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Computer Security Basics", Rick Lehtinen/Deborah Russ

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Computer Security Basics", Rick Lehtinen/Deborah Russell/G. T. Gangemi Sr.
Date: Mon, 18 Sep 2006 11:57:20 -0800 
BKCMPSEC.RVW   20060819

"Computer Security Basics", Rick Lehtinen/Deborah Russell/G. T.
Gangemi Sr., 2006, 0-596-00669-1, U$39.99/C$51.99
%A   Rick Lehtinen
%A   Deborah Russell
%A   G. T. Gangemi Sr.
%C   103 Morris St., Suite A, Sebastopol, CA   95472-9902
%D   2006
%G   0-596-00669-1
%I   O'Reilly and Associates, Inc.
%O   U$39.99/C$51.99 
%O  http://www.amazon.com/exec/obidos/ASIN/0596006691/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0596006691/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596006691/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   296 p.
%T   "Computer Security Basics, Second Edition"

I've been waiting a long time for an updated version of this classic.

"Computer Security Basics" was a pretty accurate name for the first
edition.  The book was an overview of many aspects that go into the
security of computers and data systems.  While not exhaustive, it
provided a starting point from which to pursue specific topics that
required more detailed study.  Such is no longer the case.

Part one looks at security for today.  Chapter one starts with 9/11,
then talks about various infosec groups, and only then gets to an
introduction of what security is, and how to evaluate potential
loopholes.  The definition points out the useful difference between
the problems of confidentiality and availability, and now adds
integrity.  The distinction between threats, vulnerabilities and
countermeasures is helpful, but may fail to resolve certain issues. 
Ironically, in view of the title of this section, chapter two gives
some historical background to the development of modern data security.

Part two deals with computer security itself.  Chapter three looks at
access control, but is somewhat unstructured.  Malware and viruses
receive the all-too-usual mix of advice and inaccuracies in chapter
four.  Policy is supposed to be the topic of chapter five, but most of
the text is concerned with matters of operations.  Internet and Web
technologies, and a few network attacks, are listed in chapter six.

The prior inclusion of network topics is rather funny, since part
three delves into communications security.  Chapter seven turns first
to encryption, which could be presumed to have applications in more
than communications, although it is important in that field.  The
material on encryption is quite scattered and disorganized, and the
explanation of asymmetric systems is probably more confusing than
helpful.  A lot about networks, a list of network security components,
and not much that is useful makes up chapter eight.

Part four turns to other types of security.  Chapter nine takes a
confused look at physical security, and includes biometrics: as with
encryption and communications, the topic that could be related to
physical security, but might more properly be dealt with elsewhere. 
Chapter ten reviews wireless LANs, mentioning threats, but only
tersely listing security measures, with no detail for use or
implementation.

The original version of the book was a good starting point for
beginners who had to deal with computer security at a basic level. 
This second edition is a tremendous disappointment: Lehtinen has done
a disservice not only to Russell and Gangemi, but also to those
relying on this foundational guide.  The tone of the first edition may
have been too pompous, but the contents were informed by the primary
concerns for information security.  This update has introduced random
new technical trivia, muddied the structure and flow, and reduced the
value of the reference overall.

copyright Robert M. Slade, 1993, 2002, 2006   BKCMPSEC.RVW   20060819


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
Information is light.  Information, in itself, about anything, is
light.                               - Tom Stoppard, `Night and Day'
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Computer Security Basics", Rick Lehtinen/Deborah Russell/G. T. Gangemi Sr., Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] CISSP tips to pass exam without wasting time, debbie christofferson
Next by Date:  [CISSP-D] The VA Stolen Laptop - Lessons Learned, lists@infostruct.net
Previous by Thread:  [CISSP-D] CISSP tips to pass exam without wasting time, debbie christofferson
Next by Thread:  [CISSP-D] The VA Stolen Laptop - Lessons Learned, lists@infostruct.net
Indexes:  [Date] [Thread] [Top] [All Lists]