the organization of the Security+ objectives, part
general security concepts and chapter one is on access
factors are dismissed a little bit too concisely: it
is difficult to
justify the blanket statement that biometric authentication
extremely accurate and secure." (Biometrics does
get a bit more
explanation in the chapter on physical security, but
there is no
indication of that in this location.) For the first set
questions, the emphasis is on simple definitions and
but later questions do become somewhat more complex.
A variety of
attacks are described in chapter two, generally reasonably.
material is unfortunately poor, concentrating on older
technologies (such as the almost extinct boot sector
viruses and older
DOS precedence-based companions) and failing to provide
outlines of the basic antivirus technologies.
two looks at communications security. Chapter three
remote access, but the content has limited application
Technologies related to Internet application security
are reviewed in
chapter four. The highlights are touched on, but the
lack of detail
can be troubling. Cookies are discussed, with some mention
privacy, but the potential problem of cross-site tracking
is not dealt
with at all, and neither is the danger of HTML (HyperText
Language) formatted messages when the topic turns to
material on wireless networking and security, in chapter
five, is very
weak. The explanation of direct-sequence spread spectrum
is not clear
at all, a mention of SSL (Secure Sockets Layer) makes
no reference to
the description in the previous chapter (and almost contradicts
and security itself gets short shrift in the haste to
trot out the
alphabet soup of related technologies.
three deals with infrastructure security. Chapter six
through a list of networking components, cabling, and
again with limited allusion to security. Network topologies
intrusion detection systems are discussed in chapter
hardening, generally by applying patches and disabling
reviewed in chapter eight.
is in part four. Most of the basic content in chapter
nine is sensible, but it is clear from the paragraphs
on double- and
triple-DES (Data Encryption Standard) that the author
does not fully
understand the subject. Chapter ten reviews key management,
but it is
not clear why the topic was separated from that of PKI
five deals with operational and organizational security.
Physical security, in chapter eleven, is covered fairly
Disaster recovery is confined to backups and fault tolerance:
twelve supports Kenneth Myers contention (cf. BKMGTCPD.RVW)
people concentrate on recovering technology rather than
and would be improved by a broader view that incorporated
of the operation. Chapter thirteen lists some areas that
covered in a security policy. Forensics is dealt with
chapter fourteen also throws in education and training.
the book still adheres, rather slavishly, to the arbitrary
structure of the Security+ list of objectives, the content
generally pretty reasonable, providing background explanations
important concepts, and keeping the descriptions of many
specific technologies limited to the fundamental ideas.
The text does
tend to be terse, given the size of the book, but most
should be available to the student. This does vary by
seem to be merely going through the motions. The work
improved with some removal of duplicated material. For
are three separate discussions of social engineering,
and two could be
replaced with cross-references. Despite its smaller size,
recommend this volume over the Syngress "Security+
Study Guide and DVD
Training System" (cf.
BKSCRTYP.RVW), but not emphatically.
copyright, Robert M. Slade, 2003 BKMMSCRP.RVW 20030207