BKCMSCFN.RVW 20080205 "Computer Security Fundamentals", Chuck Easttom, 2006, 0-13-171129-6, U$52.00/C$51.95 %A Chuck Easttom %C One Lake St., Upper Saddle River, NJ 07458 %D 2006 %G 0-13-171129-6 %I Prentice Hall %O U$52.00/C$51.95 800-576-3800 416-293-3621 201-236-7139 %O http://www.amazon.com/exec/obidos/ASIN/0131711296/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0131711296/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0131711296/robsladesin03-20 %O Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 344 p. %T "Computer Security Fundamentals" This is a textbook, and the preface states that it is intended for students. The author and reviewers are all from colleges, and one presumes that they know something about textbooks. They do not, however, demonstrate much knowledge of security. Chapter one is supposed to be an introduction to cyber crime and security, but important terms are poorly defined, and many are missing. The material seems to be sensational rather than educational. Fundamental concepts are presented oddly as well. Security is divided not into the fairly standard confidentiality, integrity, and availability, but into malware, intrusions, and denial of service (DoS), which leaves out all kinds of important issues. A terse overview of risk analysis is rather simplistic, but much better than the rest of the content. The questions included at the end of the chapter are trivial: the exercises are more time-consuming but no more difficult. Chapter two contains random topics about networks and the Internet. The structure is as disorganized as most of the book: the subject of domain name service comes between a discussion of media access control addresses and an illustration of RJ45 jacks, a type of physical plug. Screenshots of network scanning utilities make up chapter three. Chapter four, about denial of service attacks, confuses DoS and Man- in-the-Middle offensives. Malware, in chapter five, is treated even worse than is normally the case, stating outright that there is no difference between viruses and worms, confusing viruses with buffer overflow conditions, and providing almost no information at all on the types of virus protection. Chapter six has more screenshots and typically useless recommendations on hardening Windows systems: the reader is advised to disable unnecessary services, but is not given any information about how to find, enable, or disable services, or determine which services are necessary or otherwise. Chapter seven's outline of encryption is highly unreliable. We are told that there are two types of encryption, transposition and substitution, and that within substitution there are two divisions: symmetric and asymmetric. (Most modern symmetric algorithms use combinations of transposition and substitution, and asymmetric algorithms use mathematical transformations.) PGP, a cryptosystem, is compared with the RSA algorithm. (PGP, in fact, can use the RSA algorithm: this is a bit like comparing apples with refrigerators.) Two of the three virtual private network protocols that are discussed in regard to encryption protocols have no encryption capability. A list of some Internet frauds is given in chapter eight. Chapter nine, supposedly about corporate espionage, tells us that information has value and we should have some information security. (Rather ironically, the advice that is given is irrelevant to the issue of insider abuses, which is the most common form of business espionage and fraud.) Cyber terrorism and information warfare gets the usual lurid (and inaccurate) treatment in chapter ten. Entitled "Cyber Detective," chapter eleven says that you can find information about people by using Web search engines. A few security utilities are briefly described in chapter twelve. This is a book that is very long on page format, and rather short on content. The material is unreliable and incomplete. I would not want to take a course that used this as a text, and I certainly wouldn't hire anyone simply on the basis that they passed such a course. copyright Robert M. Slade, 2008 BKCMSCFN.RVW 20080205