REVIEW: "Security+ Study Guide", Michael Pastore
From: Rob Slade, doting grandpa of Ryan and Trevor (rslade_at_sprint.ca)
Date: Fri, 13 Feb 2004 16:10:46 GMT
"Security+ Study Guide", Michael Pastore, 2003, 0-7821-4098-X,
%A Michael Pastore
%C 1151 Marina Village Parkway, Alameda, CA 94501
%I Sybex Computer Books
%O U$49.99/C$79.95/UK#37.99 800-227-2346 firstname.lastname@example.org
%P 555 p. + CD-ROM
%T "Security+ Study Guide"
The introduction has a kind of pre-test, a set of opening questions.
This is, in the right hands, a great idea. Unfortunately, in this
case, the questions are very simplistic, and the answers are either
incomplete or concentrate exclusively on one possibility.
Chapter one reviews general security concepts, as well as access
control, and network security. The structure is quite random. Again,
the end-of-chapter questions are rather odd: one asks which access
method relies on pre-established access, and, of MAC, DAC, RBAC, and
Kerberos (all of which have to have access established in advance) the
correct answer is said to be MAC. Chapter two outlines attack
strategies, TCP/IP basics, TCP/IP attacks, and has some very bad
information about viruses. (A boot sector infector is *not*
inherently a stealth virus.) Infrastructure and connectivity, in
chapter three, lists network components and a few protocols.
Monitoring network activity turns into a grab bag of topics (including
intrusion detection and incident response) in chapter four. More
random information, mostly about hardening systems, but not detailed
or helpful, is in chapter five. Chapter six looks at physical
security, business continuity, and bits of security management. A
list of cryptographic terms with some added stories is in chapter
seven, while eight reviews some related protocols and a bit of public
key infrastructure management. Chapter nine discusses backups and
miscellaneous security policies. Chapter ten, under the heading of
security management, gets into the chain of custody, policies, change
management, and regulations.
Overall, the organization of this material is very poor. As the book
progresses, there are increasing amounts of repeated material. Even
for the Security+ exam, this is probably not a useful guide.
copyright Robert M. Slade, 2003 BKSECPSG.RVW 20031019
-- ====================== email@example.com firstname.lastname@example.org email@example.com "If you do buy a computer, don't turn it on." - Richards' 2nd Law ============= for back issues: [Base URL] site http://victoria.tc.ca/techrev/ or mirror http://sun.soci.niu.edu/~rslade/ CISSP refs: [Base URL]mnbksccd.htm Security Dict.: [Base URL]secgloss.htm Security Educ.: [Base URL]comseced.htm Book reviews: [Base URL]mnbk.htm [Base URL]review.htm Partial/recent: http://groups.yahoo.com/group/techbooks/ Security Educ.: http://groups.yahoo.com/group/comseced/ Review mailing list: send mail to firstname.lastname@example.org or email@example.com