BKISJSAM.RVW 20040719 "Internet Security", Tim Speed/Juanita Ellis, 2003, 1-55558-298-2, U$44.99 %A Tim Speed %A Juanita Ellis %C 225 Wildwood Street, Woburn, MA 01801 %D 2003 %G 1-55558-298-2 %I Digital Press %O U$44.99 800-366-BOOK Fax: 617-933-6333 fax: +1-800-446-6520 %O http://www.amazon.com/exec/obidos/ASIN/1555582982/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1555582982/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1555582982/robsladesin03-20 %P 398 p. %T "Internet Security: A Jumpstart for Systems Administrators and IT Managers" The introduction starts out by talking about wild west bank robbers and then admits that those stories have nothing to do with the topic at hand. Inexplicably, the theme continues to be used throughout the book. Chapter one gives a timeline of Internet related historical events, and an overview of the base protocols of the TCP/IP suite at various levels of detail. (There are also some screenshots from Microsoft Windows.) The security review process provided in chapter two is not bad, although it gets weaker as it moves into details. Cryptography is explained on an "it works by magic" level in chapter three. Chapter four talks about some of the technologies discussed earlier, but the purpose of the repetition is unclear. Firewalls are described in chapter five, and a checklist for evaluating them is provided, but many points on the review form will be difficult for any but the expert to assess. Aspects of authentication are discussed in chapter six, but there is very limited explanation on most points. Factors involved in public key infrastructures are handled in much the same way in chapter seven. Chapter eight, supposedly about messaging security, starts out with viruses and other malware, drifts through spam, and ends up with a number of issues regarding proper configuration of email systems. A reasonably good overview of risk management and mitigation is given in chapter nine, although the material could use a bit more structure. The content on incident response, disaster recovery, and business continuity, in chapter ten, is not as good, but still fair. Those who know security will recognize the patterns underlying the material that the authors present. Those who have tried to explain security concepts, however, will understand that what is given in the text is superficial and sometimes misleading. IT managers who do not require details may be able to take a very limited familiarity with terms and concepts from this work. System administrators will need considerably more detail, and need material with a greater comprehension of areas of strength and weakness in the various aspects and technologies of security. copyright Robert M. Slade, 2004 BKISJSAM.RVW 20040719