<< 1 >>
Rating: 
Summary: Good intro to cryptography
Review: Cryptography is one of the most intimidating aspects of computer security, conjuring up, as it does, such concepts as hash functions and public-key infrastructures. For the average user who wants to know about cryptography without gaining the proficiency of a cryptographer, Cryptography for Dummies is the perfect introduction.
The book details the core elements of cryptography that the average user needs to understand, leaving the theoretical topics to more long-winded texts. Emphasis is put on simplicity and straightforwardness, with as little gibberish as possible. Screen shots and illustrations are used effectively without being condescending or insulting.
As the book progresses, the chapters plumb more detail. Those wishing just a quick introduction should stop after part one. For the more ambitious, sections on public-key infrastructures, secured sockets layer, authentication systems, and virtual private networks lie ahead.
Rating:
Summary: A crypto book my mom can understand
Review: I don't usually have the need to buy Dummies books, but my mom's workplace was thinking of encrypting their data (she works in health care and they need to protect patient data carefully now). I bought her this book and she was thrilled with it. The book gave her some step-by-step example on how to encrypt email and the explanations of how crypto works made sense to her. Yes, the book is a bit simplistic, but that's what it is supposed to be! I applaud the author for taking on such a complex subject. Although other books are more technical, this is a good book for someone who needs an introduction to the subject.
Rating: 
Summary: Rather disappointing from a CISSP
Review: I started out giving this book a 3 - 3.5 stars, by the time I finished Chapter 5 it dropped to 2.5. Now that I finished the book I believe it deserves no more than 2.Part 1 (Ch1 - Ch4) of the book started off well, with a lot of What, How and Why. Later chapters of the book are mainly What - this is the name of the protocol and this is what it stands for. Nothing one couldn't find easily on the Net. The author spent three whole chapters on PKI, and it is some of the worst explanation I've ever read. I came away dumber and know less about PKI. The book has credibility problems, and here is why: p.219 TCP/IP was discussed in the context of a single protocol, and that IPsec was touted as a replacement of TCP/IP. TCP/IP is a suite of protocols, including application protocol such as FTP, HTTP, telnet...etc and data link layer protocols such as Ethernet, Token Ring.. etc. Exactly how does IPsec "upgrade or enhance" these protocols ? The author suggests combining IPsesc with normal VPN tunneling protocols to provides the best solution for encrypted data transport. I don't know what "normal" VPN tunneling protocol means, but 9 out of 10 VPN products on the market already provides IPsec as an option. It is just another protocol to do VPN, and it is the preferred option compare to PPTP (even Microsoft would agree to that). Don't think of them as two different technology. The entire book makes no mention of IPv6, didn't even earn an index entry. How can one discuss IPsec for secure transport without knowledge of IPv6, which has it already built-in. p. 225 The suggestion that one should employ a CISSP to do penetration test because they are more "proficient" and likely to know what they are doing without "damaging" your network - its quite simply laughable. Yes I know, CISSP is quite bankable. Government and large companies loves them. They are the ones who do risk management, set security policy and go to lunch with CIOs. It is however, a certification that has been described as a mile wide and an inch deep. Meaning, a CISSP would have a good "introductory" overview of the different aspects of the security landscape, but not necessary the deep technical knowledge to carry out an attack. Not to be dis-respectful to all the hard working CISSPs out there, I myself, is working to become one. CISSP should be a minimum requirement for all security professionals. It is not, however, a technical cert. p. 229 The author had this to say on war chalking, "I have seen these marks myself on sidewalks in San Francisco and New York, so I know this is not rumour." You mean you never heard of it until now ? Also, almost no mention of the Twofish algorithm in AES submission, although Bruce Schneier was briefly cited in the Appendix. Quite disappointing, the book does introduce users to some terminology of the field, and some of the links are quite useful - hence, the 2 stars.
Rating: 
Summary: This book made it easier to do my job
Review: This book is an excellent introduction to the field. Perfect for someone who is concerned with information security within their organization, a nice starting place for someone considering a career in security, and very useful to the IS staff person who gets stuck with the job when there isn't money to pay for an expert. I do security training for end users and am considering using content from this book and Network Security For Dummies to develop a basic course. It's nice to have some of these concepts explained in plain English. Makes it easier to do my job.
Rating:
Summary: Great intro into Cryptography
Review: This book was excellent for getting you over that hill of understanding. If you don't have much back ground in cryptography or don't need to know the nitty-gritty details of how it all works then this is the book for you. The book is well indexed and fairly up to date. The only problem I found with this book is that sometimes it went back over some things already covered but, this is a minor issue. I used it extensively for doing an intro research paper on cryptography.
<< 1 >>
| 
