Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] REVIEW: "Internet Security", Tim Speed/Juanita Ellis

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] REVIEW: "Internet Security", Tim Speed/Juanita Ellis
Date: Fri, 27 Aug 2004 05:09:45 -0500 (CDT) 
Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" 
<rslade@sprint.ca>

BKISJSAM.RVW   20040719

"Internet Security", Tim Speed/Juanita Ellis, 2003, 1-55558-298-2,
U$44.99
%A   Tim Speed
%A   Juanita Ellis
%C   225 Wildwood Street, Woburn, MA  01801
%D   2003
%G   1-55558-298-2
%I   Digital Press
%O   U$44.99 800-366-BOOK Fax: 617-933-6333 fax: +1-800-446-6520
%O  http://www.amazon.com/exec/obidos/ASIN/1555582982/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1555582982/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1555582982/robsladesin03-20
%P   398 p.
%T   "Internet Security: A Jumpstart for Systems Administrators and
      IT Managers"

The introduction starts out by talking about wild west bank robbers
and then admits that those stories have nothing to do with the topic
at hand.  Inexplicably, the theme continues to be used throughout the
book.

Chapter one gives a timeline of Internet related historical events,
and an overview of the base protocols of the TCP/IP suite at various
levels of detail.  (There are also some screenshots from Microsoft
Windows.)  The security review process provided in chapter two is not
bad, although it gets weaker as it moves into details.  Cryptography
is explained on an "it works by magic" level in chapter three. 
Chapter four talks about some of the technologies discussed earlier,
but the purpose of the repetition is unclear.  Firewalls are described
in chapter five, and a checklist for evaluating them is provided, but
many points on the review form will be difficult for any but the
expert to assess.  Aspects of authentication are discussed in chapter
six, but there is very limited explanation on most points.  Factors
involved in public key infrastructures are handled in much the same
way in chapter seven.  Chapter eight, supposedly about messaging
security, starts out with viruses and other malware, drifts through
spam, and ends up with a number of issues regarding proper
configuration of email systems.  A reasonably good overview of risk
management and mitigation is given in chapter nine, although the
material could use a bit more structure.  The content on incident
response, disaster recovery, and business continuity, in chapter ten,
is not as good, but still fair.

Those who know security will recognize the patterns underlying the
material that the authors present.  Those who have tried to explain
security concepts, however, will understand that what is given in the
text is superficial and sometimes misleading.  IT managers who do not
require details may be able to take a very limited familiarity with
terms and concepts from this work.  System administrators will need
considerably more detail, and need material with a greater
comprehension of areas of strength and weakness in the various aspects
and technologies of security.

copyright Robert M. Slade, 2004   BKISJSAM.RVW   20040719


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
Any fool can criticize, condemn and complain - and most do.
                                         - Dale Carnegie (1888-1955)
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] REVIEW: "Internet Security", Tim Speed/Juanita Ellis, InfoSec News <=
Previous by Date:  [ISN] [Vmyths.com ALERT] Cyber-terror attack canceled for lack of interest, InfoSec News
Next by Date:  [ISN] Secunia Weekly Summary - Issue: 2004-35, InfoSec News
Previous by Thread:  [ISN] [Vmyths.com ALERT] Cyber-terror attack canceled for lack of interest, InfoSec News
Next by Thread:  [ISN] Secunia Weekly Summary - Issue: 2004-35, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]