[ISN] REVIEW: "Computer Security for the Home and Small Office", Thomas C. Greene

From: InfoSec News (isn@private)
Date: Wed Aug 18 2004 - 03:53:50 PDT


Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@private>

BKCMSCHO.RVW   20040727

"Computer Security for the Home and Small Office", Thomas C. Greene,
2004, 1-59059-316-2, U$39.99/C$57.95
%A   Thomas C. Greene http://basicsec.org tcgreene@private
%C   2560 Ninth Street, Suite 219, Berkeley, CA   94710
%D   2004
%G   1-59059-316-2
%I   Apress
%O   U$39.99/C$57.95 510-549-5930 fax 510-549-5939 info@private
%O  http://www.amazon.com/exec/obidos/ASIN/1590593162/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1590593162/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1590593162/robsladesin03-20
%P   405 p.
%T   "Computer Security for the Home and Small Office"

Thomas Greene asked me to do the technical review for this book, which
speaks to his bravery, regardless of what it says about his wisdom. 
So there's no point in pretending that I'm unbiased here.  However, I
must say that I was bracing myself for yet another security book by a
writer rather than a techie--and was delightfully surprised, right
from the beginning, at how useful Greene's material was.

The "Introduction" is a bit unusual: it doesn't lay out the theme or
structure of the book, but jumps right into dispelling myths and
making suggestions.  You will be introduced to the fact that Greene is
an Open Source/Linux ... well, fanatic might be too mild a term,
extremist might be closer to reality.  There is also a section on how
to get, and configure, the Mozilla Web browser for safer surfing.

Chapter one deals with the dark side of computing, and a variety of
attendant risks.  The descriptions sometimes gloss over technical
niceties, but the assessment of threat levels is more reasonable than
in most similar works.  Vulnerabilities and means of attack are
presented in chapter two.  An excellent and helpful list of Windows
services that most users can turn off at no cost to function (and
considerable addition in safety) is provided, as is a similar list for
Linux.  A sensible review of social engineering is presented in
chapter three.  More advanced tools are introduced in chapter four,
but, in contrast to many similar works, the text goes on to provide
explanations and suggestions on use.

Chapter five explains many places where information may be stored on
your computer (and network) in the course of normal operations, and
how to clean up after yourself.  Greene really lets himself go in his
promotion of Linux and Open Source software in chapter six, presenting
sanguine arguments.  In chapter seven, a number of anecdotes are used
to support the idea that you can learn about the computer and take
control of your own safety, without having to live in fear of the
unknown, or be dependent upon consultants of unknown competence.

This book presents material for the intelligent but non-specialist
computer user.  The text is readable, and the content useful.  It does
not cover the entire range of computer security, but it does provide
valuable information for those who rely on computers for their work,
and would like to achieve a level of security that is significantly
higher than that available by default, without having to spend a great
deal of time and money on it.  Particularly for the Windows XP user,
this is my primary endorsement for a computer security book.  I would
also recommend the work to security professionals, at least as a
reference, since it contains Windows configuration that system
administrators should know, and the vast majority don't.

copyright Robert M. Slade, 2004   BKCMSCHO.RVW   20040727


======================  (quote inserted randomly by Pegasus Mailer)
rslade@private      slade@private      rslade@private
Any girl can be glamorous.  All you have to do is stand still and
look stupid.                                           - Hedy Lamarr
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Wed Aug 18 2004 - 05:13:54 PDT