Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] REVIEW: "Corporate Computer and Network Security", Raymond R. Pank

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] REVIEW: "Corporate Computer and Network Security", Raymond R. Panko
Date: Mon, 31 Oct 2005 06:27:20 -0600 (CST) 
Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" 
<rslade@sprint.ca>

BKCPCNSC.RVW   20050614

"Corporate Computer and Network Security", Raymond R. Panko, 2004,
0-13-038471-2
%A   Raymond R. Panko pankosecurity.com
%C   One Lake St., Upper Saddle River, NJ   07458
%D   2004
%G   0-13-038471-2
%I   Prentice Hall
%O   800-576-3800 +1-201-236-7139 fax: +1-201-236-7131
%O  http://www.amazon.com/exec/obidos/ASIN/0130384712/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0130384712/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0130384712/robsladesin03-20
%O   Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   522 p.
%T   "Corporate Computer and Network Security"

In the preface (for teachers), Panko states that this is a text for a
security course.  The book is said to be based on the CISSP (Certified
Information Systems Security Professional) "exam," although there is a
definite lack of material dealing with architecture, physical
security, and security management.

Chapter one is a list of possible attacks and security problems. 
There are "Test Your Understanding" questions sprinkled throughout,
but they are mostly on the level of fact-based reading checks.  (One
of the later examples asks "What is shoulder surfing?" immediately
under a paragraph on shoulder surfing.)  There is also a chapter "1a"
with a collection of very terse "case studies" (one is only a sentence
in length).  Access control and a tiny mention of physical security is
in chapter two.  (As well as a very strange mention of wireless LANs:
the author considers WLAN access to be a factor of site security.) 
There are odd and sometimes careless mistakes: "rters" is said to be
four characters.  The emphasis seems to be on minutiae rather than
concepts.  A lot of material is repeated: two separate paragraphs deal
with piggybacking, only five paragraphs apart.  The facts are
generally correct, but the discussions are often misleading if not
wrong: a confusing deliberation of what is probably  false acceptance
incorrectly refers to the situation as false rejection.  Chapter three
reviews the TCP/IP protocol suite.  (Again, the conceptual material is
weak: Panko asserts that the real world uses an amalgam of the OSI
[Open Systems Interconnection] and TCP/IP models, whereas the TCP/IP
protocol suite is generally described with reference to the OSI model. 
Anyone who has actually used the OSI protocols knows why the rest of
the world uses TCP/IP.)  Network attacks are discussed in chapter
four.  (Oddly, in the midst of a list of net probing activities comes
a mention of looking up corporate information on the Security and
Exchange Commission's EDGAR database.)  There is also a rather limited
section on malware.  Chapter five looks at firewalls.  Some generic
advice on hardening hosts or desktop computers is given in chapter
six.  Chapters seven and eight contain miscellaneous references to
cryptographic ideas or practices.  Most of the discussion of
application security, in chapter nine, is limited to Web and e-
commerce problems.  Chapter ten is a rather mixed bag of incident
response, automated intrusion detection, and business continuity
planning.  Security should be managed, says chapter eleven, but it
doesn't give an awful lot of help on how it can be done.  Most of
chapter twelve looks at computer related laws.

The book seems to be a very loosely structured compilation of points
related to security.  The lack of overall organization means that
material is often disjointed and repetitive.  As with anything, in the
hands of a good teacher this could be used for a computer security
course text.  In the hands of one who followed the text closely, the
course would be a bit ragged.

copyright Robert M. Slade, 2005   BKCPCNSC.RVW   20050614


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
There's nothing so useless as doing efficiently that which should
not be done at all.                               - Peter F. Drucker
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] REVIEW: "Corporate Computer and Network Security", Raymond R. Panko, InfoSec News <=
Previous by Date:  [ISN] Maui man admits to selling classified military secrets, InfoSec News
Previous by Thread:  [ISN] Maui man admits to selling classified military secrets, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]