[ISN] REVIEW: "Internet Security", Tim Speed/Juanita Ellis

From: InfoSec News (isn@private)
Date: Fri Aug 27 2004 - 03:09:45 PDT


Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@private>

BKISJSAM.RVW   20040719

"Internet Security", Tim Speed/Juanita Ellis, 2003, 1-55558-298-2,
U$44.99
%A   Tim Speed
%A   Juanita Ellis
%C   225 Wildwood Street, Woburn, MA  01801
%D   2003
%G   1-55558-298-2
%I   Digital Press
%O   U$44.99 800-366-BOOK Fax: 617-933-6333 fax: +1-800-446-6520
%O  http://www.amazon.com/exec/obidos/ASIN/1555582982/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1555582982/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1555582982/robsladesin03-20
%P   398 p.
%T   "Internet Security: A Jumpstart for Systems Administrators and
      IT Managers"

The introduction starts out by talking about wild west bank robbers
and then admits that those stories have nothing to do with the topic
at hand.  Inexplicably, the theme continues to be used throughout the
book.

Chapter one gives a timeline of Internet related historical events,
and an overview of the base protocols of the TCP/IP suite at various
levels of detail.  (There are also some screenshots from Microsoft
Windows.)  The security review process provided in chapter two is not
bad, although it gets weaker as it moves into details.  Cryptography
is explained on an "it works by magic" level in chapter three. 
Chapter four talks about some of the technologies discussed earlier,
but the purpose of the repetition is unclear.  Firewalls are described
in chapter five, and a checklist for evaluating them is provided, but
many points on the review form will be difficult for any but the
expert to assess.  Aspects of authentication are discussed in chapter
six, but there is very limited explanation on most points.  Factors
involved in public key infrastructures are handled in much the same
way in chapter seven.  Chapter eight, supposedly about messaging
security, starts out with viruses and other malware, drifts through
spam, and ends up with a number of issues regarding proper
configuration of email systems.  A reasonably good overview of risk
management and mitigation is given in chapter nine, although the
material could use a bit more structure.  The content on incident
response, disaster recovery, and business continuity, in chapter ten,
is not as good, but still fair.

Those who know security will recognize the patterns underlying the
material that the authors present.  Those who have tried to explain
security concepts, however, will understand that what is given in the
text is superficial and sometimes misleading.  IT managers who do not
require details may be able to take a very limited familiarity with
terms and concepts from this work.  System administrators will need
considerably more detail, and need material with a greater
comprehension of areas of strength and weakness in the various aspects
and technologies of security.

copyright Robert M. Slade, 2004   BKISJSAM.RVW   20040719


======================  (quote inserted randomly by Pegasus Mailer)
rslade@private      slade@private      rslade@private
Any fool can criticize, condemn and complain - and most do.
                                         - Dale Carnegie (1888-1955)
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Fri Aug 27 2004 - 04:22:46 PDT