[ISN] REVIEW: "Internet Security", Tim Speed/Juanita Ellis

InfoSec News isn at c4i.org
Fri Aug 27 06:09:45 EDT 2004

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade at sprint.ca>

BKISJSAM.RVW   20040719

"Internet Security", Tim Speed/Juanita Ellis, 2003, 1-55558-298-2,
%A   Tim Speed
%A   Juanita Ellis
%C   225 Wildwood Street, Woburn, MA  01801
%D   2003
%G   1-55558-298-2
%I   Digital Press
%O   U$44.99 800-366-BOOK Fax: 617-933-6333 fax: +1-800-446-6520
%O  http://www.amazon.com/exec/obidos/ASIN/1555582982/robsladesinterne
%O   http://www.amazon.ca/exec/obidos/ASIN/1555582982/robsladesin03-20
%P   398 p.
%T   "Internet Security: A Jumpstart for Systems Administrators and
      IT Managers"

The introduction starts out by talking about wild west bank robbers
and then admits that those stories have nothing to do with the topic
at hand.  Inexplicably, the theme continues to be used throughout the

Chapter one gives a timeline of Internet related historical events,
and an overview of the base protocols of the TCP/IP suite at various
levels of detail.  (There are also some screenshots from Microsoft
Windows.)  The security review process provided in chapter two is not
bad, although it gets weaker as it moves into details.  Cryptography
is explained on an "it works by magic" level in chapter three. 
Chapter four talks about some of the technologies discussed earlier,
but the purpose of the repetition is unclear.  Firewalls are described
in chapter five, and a checklist for evaluating them is provided, but
many points on the review form will be difficult for any but the
expert to assess.  Aspects of authentication are discussed in chapter
six, but there is very limited explanation on most points.  Factors
involved in public key infrastructures are handled in much the same
way in chapter seven.  Chapter eight, supposedly about messaging
security, starts out with viruses and other malware, drifts through
spam, and ends up with a number of issues regarding proper
configuration of email systems.  A reasonably good overview of risk
management and mitigation is given in chapter nine, although the
material could use a bit more structure.  The content on incident
response, disaster recovery, and business continuity, in chapter ten,
is not as good, but still fair.

Those who know security will recognize the patterns underlying the
material that the authors present.  Those who have tried to explain
security concepts, however, will understand that what is given in the
text is superficial and sometimes misleading.  IT managers who do not
require details may be able to take a very limited familiarity with
terms and concepts from this work.  System administrators will need
considerably more detail, and need material with a greater
comprehension of areas of strength and weakness in the various aspects
and technologies of security.

copyright Robert M. Slade, 2004   BKISJSAM.RVW   20040719

======================  (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca      slade at victoria.tc.ca      rslade at sun.soci.niu.edu
Any fool can criticize, condemn and complain - and most do.
                                         - Dale Carnegie (1888-1955)
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade

More information about the ISN mailing list