BKSCRPTG.RVW 20030419 "Security+ Training Guide", Todd King, 2003, 0-7897-2836-2, U$49.99/C$77.99/UK#36.50 %A Todd King %C 201 W. 103rd Street, Indianapolis, IN 46290 %D 2003 %G 0-7897-2836-2 %I Macmillan Computer Publishing (MCP) %O U$49.99/C$77.99/UK#36.50 800-858-7674 info@mcp.com %O http://www.amazon.com/exec/obidos/ASIN/0789728362/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0789728362/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0789728362/robsladesin03-20 %P 699 p. + CD-ROM %T "Security+ Training Guide" Aside from the list of exam objectives, the introduction is an extremely vague and generic document. The set of exam tips even provides suggestions for a format that the text itself admits is inappropriate to the CompTIA Security+ test. Part one, the bulk of the book, breaks the exam topics into nine sections, rather than the five domains proposed by CompTIA. Chapter one supposedly deals with general security concepts. However, the material is padded out with a great deal of gratuitous content and confusing verbiage. The glossary contains such vital items as "lamer" and "luser." The discussions of mandatory, discretionary, and role- based access control do not make the distinctions clear. The review of Kerberos really only mentions tickets, and does not deal with the concepts that allow the use of symmetric encryption in a system that never sends keys in cleartext. The description of "challenge" based authentication systems provides a completely misleading idea of what a challenge actually is or does. Some security factors, such as the list of attacks (with the notable exception of the malware related content), are reasonably well done, but even these tend to be excessively verbose. The practice questions do not test for concepts: they seem to be based strictly on wording in the text, and carelessness in writing the questions makes one answer flatly wrong. Similar problems are involved in the other material. Chapter two demonstrates a fundamental lack of understanding of wireless LAN security technologies and where they are applied. (Wired Equivalent Privacy, dealing with encryption on LANs, and Wireless Access Protocol, providing Web access for cellular telephones, seem to be confused in the author's mind.) Again, a great deal of only marginally relevant material seems to have been included. Devices, media, and topologies, in chapter three, are packaged along with a grab bag of disorganized topics. (Firewall technologies and topologies are, in fact, covered in two separate sections of the same chapter.) Intrusion detection, baselines, and hardening, in chapter four, might be a bit better, but only because the topic is so large that the lists of recommendations do all have some relation to the subject. Chapter five, on cryptographic algorithms, seems to just list them, without providing an understanding of basic concepts. PKI (Public Key Infrastructure) is simply a list of cryptological terms and technologies, and chapter six doesn't provide much in the way of solid definitions for them. As a welcome relief, physical security is covered quite well in chapter seven. Oddly, however, business continuity planning is tacked on to the same chapter, and has numerous gaps. The vital topic of security policy, in chapter eight, is unfortunately treated with a random assortment of material. Similarly, chapter nine's view of security management seems to be primarily administrative (featuring a flurry of Windows 2000 dialogue box screen shots) with a chaser of additional subjects (such as computer forensics). Part two seems to bear almost no relation to the previous material. The "Fast Facts" are arranged in the five CompTIA domains. The questions in the practice exam are completely unlike those given at the end of the chapters. Given the plethora of unnecessary verbiage and the paucity of reliable content, this book has to get the lowest recommendation of the Security+ guides reviewed so far (cf. BKMMSCRP.RVW, BKSCRTYP.RVW, BKSCRTPD.RVW, and BKSCRTPG.RVW). copyright Robert M. Slade, 2003 BKSCRPTG.RVW 20030419