BKSECPSG.RVW 20031019 "Security+ Study Guide", Michael Pastore, 2003, 0-7821-4098-X, U$49.99/C$79.95/UK#37.99 %A Michael Pastore %C 1151 Marina Village Parkway, Alameda, CA 94501 %D 2003 %G 0-7821-4098-X %I Sybex Computer Books %O U$49.99/C$79.95/UK#37.99 800-227-2346 info@sybex.com %O http://www.amazon.com/exec/obidos/ASIN/078214098X/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/078214098X/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/078214098X/robsladesin03-20 %P 555 p. + CD-ROM %T "Security+ Study Guide" The introduction has a kind of pre-test, a set of opening questions. This is, in the right hands, a great idea. Unfortunately, in this case, the questions are very simplistic, and the answers are either incomplete or concentrate exclusively on one possibility. Chapter one reviews general security concepts, as well as access control, and network security. The structure is quite random. Again, the end-of-chapter questions are rather odd: one asks which access method relies on pre-established access, and, of MAC, DAC, RBAC, and Kerberos (all of which have to have access established in advance) the correct answer is said to be MAC. Chapter two outlines attack strategies, TCP/IP basics, TCP/IP attacks, and has some very bad information about viruses. (A boot sector infector is *not* inherently a stealth virus.) Infrastructure and connectivity, in chapter three, lists network components and a few protocols. Monitoring network activity turns into a grab bag of topics (including intrusion detection and incident response) in chapter four. More random information, mostly about hardening systems, but not detailed or helpful, is in chapter five. Chapter six looks at physical security, business continuity, and bits of security management. A list of cryptographic terms with some added stories is in chapter seven, while eight reviews some related protocols and a bit of public key infrastructure management. Chapter nine discusses backups and miscellaneous security policies. Chapter ten, under the heading of security management, gets into the chain of custody, policies, change management, and regulations. Overall, the organization of this material is very poor. As the book progresses, there are increasing amounts of repeated material. Even for the Security+ exam, this is probably not a useful guide. copyright Robert M. Slade, 2003 BKSECPSG.RVW 20031019