REVIEW: "Security+ Study Guide", Michael Pastore

From: Rob Slade, doting grandpa of Ryan and Trevor (rslade_at_sprint.ca)
Date: 02/13/04

  • Next message: Simon Reed: "Re: JSP 440"
    Date: Fri, 13 Feb 2004 16:10:46 GMT
    
    

    BKSECPSG.RVW 20031019

    "Security+ Study Guide", Michael Pastore, 2003, 0-7821-4098-X,
    U$49.99/C$79.95/UK#37.99
    %A Michael Pastore
    %C 1151 Marina Village Parkway, Alameda, CA 94501
    %D 2003
    %G 0-7821-4098-X
    %I Sybex Computer Books
    %O U$49.99/C$79.95/UK#37.99 800-227-2346 info@sybex.com
    %O http://www.amazon.com/exec/obidos/ASIN/078214098X/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/078214098X/robsladesinte-21
    %O http://www.amazon.ca/exec/obidos/ASIN/078214098X/robsladesin03-20
    %P 555 p. + CD-ROM
    %T "Security+ Study Guide"

    The introduction has a kind of pre-test, a set of opening questions.
    This is, in the right hands, a great idea. Unfortunately, in this
    case, the questions are very simplistic, and the answers are either
    incomplete or concentrate exclusively on one possibility.

    Chapter one reviews general security concepts, as well as access
    control, and network security. The structure is quite random. Again,
    the end-of-chapter questions are rather odd: one asks which access
    method relies on pre-established access, and, of MAC, DAC, RBAC, and
    Kerberos (all of which have to have access established in advance) the
    correct answer is said to be MAC. Chapter two outlines attack
    strategies, TCP/IP basics, TCP/IP attacks, and has some very bad
    information about viruses. (A boot sector infector is *not*
    inherently a stealth virus.) Infrastructure and connectivity, in
    chapter three, lists network components and a few protocols.
    Monitoring network activity turns into a grab bag of topics (including
    intrusion detection and incident response) in chapter four. More
    random information, mostly about hardening systems, but not detailed
    or helpful, is in chapter five. Chapter six looks at physical
    security, business continuity, and bits of security management. A
    list of cryptographic terms with some added stories is in chapter
    seven, while eight reviews some related protocols and a bit of public
    key infrastructure management. Chapter nine discusses backups and
    miscellaneous security policies. Chapter ten, under the heading of
    security management, gets into the chain of custody, policies, change
    management, and regulations.

    Overall, the organization of this material is very poor. As the book
    progresses, there are increasing amounts of repeated material. Even
    for the Security+ exam, this is probably not a useful guide.

    copyright Robert M. Slade, 2003 BKSECPSG.RVW 20031019

    -- 
    ====================== 
    rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
    "If you do buy a computer, don't turn it on."     - Richards' 2nd Law
    ============= for back issues:
    [Base URL] site http://victoria.tc.ca/techrev/
          or mirror http://sun.soci.niu.edu/~rslade/
    CISSP refs:     [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Security Educ.: [Base URL]comseced.htm
    Book reviews:   [Base URL]mnbk.htm
                    [Base URL]review.htm
    Partial/recent: http://groups.yahoo.com/group/techbooks/
    Security Educ.: http://groups.yahoo.com/group/comseced/
    Review mailing list: send mail to techbooks-subscribe@egroups.com
                           or techbooks-subscribe@topica.com
    

  • Next message: Simon Reed: "Re: JSP 440"

    Relevant Pages