BKSCRTPD.RVW 20030330 "Security+ Certification for Dummies", Lawrence Miller/Peter Gregory, 2003, 0-7645-2576-X, U$29.99/C$44.99/UK#24.50 %A Lawrence Miller %A Peter Gregory peter.gregory@hartgregorygroup.com %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2003 %G 0-7645-2576-X %I John Wiley & Sons, Inc. %O U$29.99/C$44.99/UK#24.50 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/076452576X/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/076452576X/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/076452576X/robsladesin03-20 %P 375 p. + CD-ROM %T "Security+ Certification for Dummies" Part one deals with exam basics. Chapter one has some promotional material on the exam, and some generic test writing tips. Basic networking background content is included in chapter two, which is reasonable in view of the fact that the OSI (Open Systems Interconnection) model is not, strictly speaking, related to security, but so much of the exam touches on networking concepts. There is also a very terse review of the CIA (confidentiality, integrity, availability) triad. Part two addresses the domain of general security concepts. Chapter one's brief but fair information about access control is sporadically interrupted by silly attempts at humour, which serve only to distract and confuse the issue. (Jokes can, at times, help to cement ideas or lighten the study process: these quips do neither.) Lists of attacks and exploits are in chapter four. As an example of the utility of the material, the definition of a virus is all right, as far as it goes, but the protective measures are dated. Part three covers communications security. Some remote access terms and names of related technologies comprise the whole of chapter five. Chapter six has a basic listing of email security systems, but a very terse discussion of Web security, with major holes and gaps. Given the abbreviated content of prior material, the inclusion of a list of command line options for ftp (File Transfer Protocol) and Microsoft Windows file sharing dialogue boxes seems quite odd, as does the inclusion of DNS (Domain Name System) in the topic of directory services. Chapter eight has some discussion of the security issues of wireless LANs, but almost no detail. Part four is the infrastructure domain of the Security+ exam. There is a brief look at devices (mostly network components) and media, in chapter nine. Chapter ten expands on earlier descriptions of firewalls and IDS (Intrusion Detection Systems). "Security Baselines," in chapter eleven, basically deals with hardening of systems, and is mostly concerned with keeping patches up to date. Part five is on cryptography. Chapter twelve presents the basics, and most of it is fine, although it does make odd statements such as that block ciphers have reuseable keys and stream ciphers don't. Some components and services of PKI (Public Key Infrastructure) are described in chapter thirteen, but, as with so many areas in the book, the information is very scant. Part six relates to the operational and organizational domain. Chapter fourteen talks about physical security. Business continuity planning and disaster recovery are discussed in fifteen. Security management, in terms of policies and risk management, is in sixteen. Forensics, in chapter seventeen, concentrates on the chain of evidence. The "part of tens" is a standard feature of the "for Dummies" series. The fact that "check your biorhythm" is the first suggestion in chapter eighteen does not inspire confidence in the quality of the advice. Of the ten references in chapter nineteen some are great and some are mediocre. The same holds true for the URLs (Uniform Resource Locators) in chapter twenty. There doesn't seem to be a lot of point to the list of other certifications in chapter twenty one. The sample questions provided at the ends of the chapters are extremely simplistic, and require rote memorization of phrases, rather than any degree of understanding. Trevor Kay's "Mike Meyers' Security+ Certification Passport" (cf. BKMMSCRP.RVW) is slightly but definitely superior to this work. The "Security+ Study Guide and DVD Training System" (cf. BKSCRTYP.RVW) is roughly the same quality as the current work, but has more depth, background, and material. However, overall, I would have to recommend Krutz and Vines entry into the Security+ field (cf. BKSCRTPG.RVW) over any of them. copyright Robert M. Slade, 2003 BKSCRTPD.RVW 20030330