Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Essential Computer Security", Tony Bradley

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Essential Computer Security", Tony Bradley
Date: Fri, 09 Feb 2007 10:39:03 -0800 
BKESCMSC.RVW   20070104

"Essential Computer Security", Tony Bradley, 2006, 1-59749-114-4,
U$29.95/C$38.95
%A   Tony Bradley tony@s3kur3.com
%C   800 Hingham Street, Rockland, MA   02370
%D   2006
%G   1-59749-114-4 978-1-59749-114-3
%I   Syngress Media, Inc.
%O   U$29.95/C$38.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O  http://www.amazon.com/exec/obidos/ASIN/1597491144/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1597491144/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1597491144/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   279 p.
%T   "Essential Computer Security"

The introduction makes the usual analogy to an appliance and the
owner's manual that would come with it, noting that a computer is much
too complex, and has too many possible applications to have that kind
of manual.

Then it goes on to say that this book is that kind of manual.

Next, it refers to the use of the Internet and seems to concentrate on
those areas of use, despite the fact that a number of other uses for
the computer had previously been mentioned.  Even when limiting the
computer operation to the one area of bare computer networking, this
activity would still be the most complex and dangerous of those in
common employment.  Therefore, the promise that this work will give
security (and, presumably, computer) neophytes the background they
would require in order to function safely in a networked (including
wireless) environment with even the most basic Internet applications
is still a very tall order.

Part one supposedly covers the bare essentials, with chapter one
addressing fundamental Windows security.  Unfortunately, while the
material does note some of the basic Windows security tools, it does
not provide the "bare essentials" level of detail that would help a
completely naive user to effect any significant increase in
protection.  The utilities and usage are effectively described, but
the settings of group privilege levels, for example, will require a
great deal more effort and understanding on the part of the home
computer owner.  Some simple techniques for choosing stronger
passwords are given in chapter two, although the additional protection
yielded by adherence to the suggestions is limited.  The content on
malware, in chapter three, is not as bad as some, but still has a
number of factual errors.  (The advice on protection does not address
the different types of protection or the actions to avoid to reduce
threat levels, but is limited to the promotion of a few commercial
products.)  Chapter four suggests that users turn on Automatic Updates
(which is probably not terribly useful if you are not running
Windows XP).

Part two is entitled "More Essential Security," which seems to need
some definition.  Is this simply more of the same as was given in part
one (in which case why is there a part two) or is this security "more
essential" than the first part (in which case why are they in this
order).  Chapter five shows some screenshots from Windows Firewall,
Zonealarm, and Snort.  Some of the advice on spam, hoaxes, and other
email problems, in chapter six, are helpful, but the recommendations
could be much more direct.  Similarly, chapter seven's overview of Web
security has some good points, but a number of areas (such as the
dangers of active content) should have much greater emphasis and
detail in order to protect those without a security background.  There
are basic security procedures for wireless networks in chapter eight. 
Again, without the technical aspects (explained at a minimal and
appropriate level) the advice to use encryption or VPNs (Virtual
Private Networks) leaves the reader open to choosing either the wrong
technology, or unaware of the lack of protection for certain
applications.  Chapter nine tells users to run AdAware and Spybot.

Part three turns to testing and maintenance.  Chapter ten notes the
basic maintenance tools in Windows XP, but not some of the essential
points of these operations, such as how often to do disk
defragmentation, or the different types of defragmentation. 
(Defragmenting the system files, for example, is potentially much more
useful.)  Event logs (which are going to be incomprehensible to naive
users) and restore points (which get set by all kinds of system and
application activities: users will be hard pressed to choose an
appropriate one that doesn't lose important functions) are noted in
chapter eleven.  Chapter twelve provides too little information about
alternatives to Microsoft.

(I am not upset that Tony has used some of my definitions in his
glossary: that's fine, particularly since he specifically acknowledges
the source.  I'm less than impressed with his choice of terms overall,
and with a number of the other definitions.)

I am in full sympathy with the intent to produce a book for people who
don't know (and don't even particularly *want* to know) about
security: something that the masses can read in order to obtain
suggestions on significantly more protection for their computers,
data, and operations.  This work has some points, but nothing like the
level of helpful detail and direct wording that exists in Thomas
Greene's "Computer Security for the Home and Small Office" (cf.
BKCMSCHO.RVW), or even Tony Bove's "Just Say No to Microsoft" (cf.
BKJSN2MS.RVW).

copyright Robert M. Slade, 2007   BKESCMSC.RVW   20070104


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
A computer lets you make more mistakes faster than any other
invention in human history, with the possible exception of
handguns and tequila.                              - Mitch Radcliffe
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Essential Computer Security", Tony Bradley, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "The Art of Software Security Assessment", Mark Dowd/John McDonald/Justin Schuh, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] Books for CISSP, Moiez Uddin
Previous by Thread:  [CISSP-D] REVIEW: "The Art of Software Security Assessment", Mark Dowd/John McDonald/Justin Schuh, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] Books for CISSP, Moiez Uddin
Indexes:  [Date] [Thread] [Top] [All Lists]