BKA1SECP.RVW 20031018

"Security+ Certification All-in-One Exam Guide", Gregory White, 2003,
0-07-222633-1, U$59.99/C$89.95/UK#45.00
%A Gregory White
%C 300 Water Street, Whitby, Ontario L1N 9B6
%D 2003
%G 0-07-222633-1
%I McGraw-Hill Ryerson/Osborne
%O U$59.99/C$89.95/UK#45.00 +1-800-565-5758 fax: 905-430-5020
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%P 558 p. + CD-ROM
%T "Security+ Certification All-in-One Exam Guide"

Part one is nominally on authentication. Chapter one covers general
security concepts. Good ideas are provided, but sometimes in a poor
structure (the domains are unique, adhering neither to the CISSP
[Certified Information System Security Professional] CBK [Common Body
of Knowledge] nor the Security+ formation). The wording can sometimes
confuse those new to the field, such as the use of "diversity of
defence" for what is otherwise known as least common mechanism.

Part two describes malware and attacks. Chapter two could use more
organization and taxonomy, and the virus material is limited and
dated, but otherwise it is generally good.

Part three concentrates on networking, or security in transmissions.
Chapter three deals with remote access, and is not as good as the
prior material, consisting mostly of a list of protocols. Email, in
chapter four, is not particularly good at examining viruses, worms,
hoaxes, spam, and encryption. The Web is limited to SSL (Secure
Sockets Layer), programming bugs, and cookies, in chapter five. The
wireless part of chapter six is fine as far as it goes, and there is
an odd inclusion of instant messaging.

Part four looks at security for the infrastructure. Chapter seven is
an oddly structured list of networking and computer components, with
even more duplication of topics and material than earlier chapters
showed. The basics of intrusion detection systems are provided in
chapter eight, but there are also extraneous details. Chapter nine
suggests hardening computers, but, as is usual with such advice, it is
short on how: for example, we are told to turn off unnecessary Windows
services but not how to tell which ones can be safely discarded or
even how to find out which services are running. Linux and UNIX fair
rather worse than usual in this section.

Cryptography and applications are in part five. Chapter ten has
another odd organizational flow, with lots of details but few that are
of use, and a very short mention of the concept of asymmetric
encryption. Public Key Infrastructure, in chapter eleven, is verbose
but still thin on details. Standards and protocols, in chapter
twelve, starts with excessive detail on PKI, but then ventures
randomly into other topics.

Part six looks at operations security. Chapter thirteen, on
organizational and operational security, touches on security
management, physical security, and miscellaneous topics. A little bit
on business continuity planning, backups, policies, and ethics is in
chapter fourteen.

Part seven refers to administrative controls. There is a wandering
discussion of security and law in chapter fifteen, privilege
management (otherwise known as access control) in sixteen, computer
forensics and simple evidence preservation in seventeen, risk
management in eighteen, and change management in nineteen.

This book could do with a wholesale restructuring, and, overall, the
material is rather vague and general.

copyright Robert M. Slade, 2003 BKA1SECP.RVW 20031018

--
======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@sun.soci.niu.edu
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to techbooks-subscribe@egroups.com
or techbooks-subscribe@topica.com

rslade@sprint.ca (Rob Slade, doting grandpa of Ryan and Trevor) wrote in
news:6PuTb.1031$Ps4.7009@newscontent-01.sprint.ca:


Just wondering, is that certification worth pursuing? Can you really get a
better job with it?


--
Rowdy Yates
I am Against-TCPA
http://www.againsttcpa.com

Rowdy Yates wrote:
Why not ask Mauricio Fernandez MCSE, CCNA -- he seems to think it is
the greatest thing since sliced bread.

Funny thing though, he claims to have the certification, yet doesn't
list it after his name....

Ford Prefect <restaurant@end.universe> wrote in
news:401FE665.2010203@end.universe:

sorry, i guess i am new. who is Mauricio Fernandez?

--
Rowdy Yates
I am Against-TCPA
http://www.againsttcpa.com

And she still doesnt stop. LOL I must have really hurt your feelings.
Because you still talk about me long after.

--SNIPPED

Can't get me out of your mind?

--SNIPPED

Keep up the good work sissy.

Rowdy Yates wrote:
You must also be new to the art of reading...
....you responded to Fernandez's posts under another thread in the
alt.computers.security newsgroup... (Hint.. look for a thread on
Security+ Certification....)

Mauricio Fernandez MCSE, CCNA wrote:
Here I was trying to make amends by referring this person to you as a
source of knowledge for the certification, and all you can do is a
sarcastic reply.

Oh, the horror of it all...

You were never let into my mind to begin with... I don't like to
clutter it with useless things...

But it sure is funny how you feel compeled to answer to my every
challenge...

Ouch! Now that HURT.
But obvisouly such a witty response is truly a sign that you are the
winner of this disargeement...

By the way, do you always venture into a battle of wits only half
prepared?

Ford Prefect <restaurant@end.universe> wrote in news:40218D98.6030807
@end.universe:

oh.. you're good at this newsgroup stuff...

--
Rowdy Yates
I am Against-TCPA
http://www.againsttcpa.com

You are so funny. I feel sorry for your kind. I bet you'd never speak
to anyone in this way in person. I guess since your behind that
keyboard your feel empowered to say what you like. You know what I
mean Like super man has his cape you have your Keyboard.

Anyone uses the word "WITTY" I mean come on. What kind of man says
WITTY. I mean your feminine manuarism really makes me smile.

As I kept saying bud, keep up the good work. Usenets needs it's share
of WITTY HUMOR.

Were you raised by sheep? I don't know, Where I'm from MEN don't hide
behind keyboards and play "LET ME SEE WHOM I CAN BELITTLE TODAY"
because I WAS belittled my whole life, the internet gives me a chance
to take GIVE BACK to all the bullys.

Mauricio Fernandez MCSE, CCNA wrote:
Someone who has been as arrogant as you have doesn't deserve to have
things sugar-coated. I do not mince words with your kind... whether
in person or not. If you don't like it, that's your problem.

No, I don't need a keyboard to feel empowered. But you are probably
used to lessor minions scraping and groveling at your feet rather than
cutting through the BS and telling you the truth. Which is likely why
you became so upset at hearing the truth about the certification.

If you can't take the heat, stay out of the profession and out of the
newsgroups.

You certainly have a strange perspection on the use of language and
terms. Only someone who is at a total loss for a reasonable response
would resort to such feeble personal attacks.

By the way, REAL men don't make personal attacks in place of reasoned
arguement and discussion. Strange how you exhibit the classic style
of one who cannot tolerate losing an arguement... rather than admit
defeat, you resort to personal attacks. Rather childish, very
unprofessional, and not what one would expect of a REAL man.....

And once more you demonstrte my point for me....

Your lines of reasoning are even weaker than your demonstrated
knowledge of the security field. Again, rather than being able to
argue reasonably against my comments about the specific cetification,
you resort to personal attacks.

However, please continue to do so, as each time you spout off you
further demonstrate your immaturity and lack of professionalism.

Good Job Mr. Witty, Keep up the good work.

BTW, I come on these boards primarily to help people out. Read my
couple hundred threads and you'll see. I come here for pure liesure.
After 5 my friend that professional hat is hung up til the next day.
Take care Mr. Witty