Arts & Photography
Audio CDs
Audiocassettes
Biographies & Memoirs
Business & Investing
Children's Books
Christianity
Comics & Graphic Novels
Computers & Internet
Cooking, Food & Wine
Entertainment
Gay & Lesbian
Health, Mind & Body
History
Home & Garden
Horror
Literature & Fiction
Mystery & Thrillers
Nonfiction
Outdoors & Nature
Parenting & Families
Professional & Technical
Reference
Religion & Spirituality
Romance
Science
Science Fiction & Fantasy
Sports
Teens
Travel
Women's Fiction
|
 |
Introduction to Computer Security |
List Price: $59.99
Your Price: $51.04 |
 |
|
|
|
| Product Info |
Reviews |
<< 1 >>
Rating: 
Summary: Timeless computer science textbook on Security
Review: For those looking for a step-by-step book for securing your Windows XP box, you have come to the wrong place. This is a textbook covering security fundamentals from mathematical concepts, like cyphers and encryption, to the analysis of intrusions, viruses and worms through to policy aspects. About as concrete as it gets in terms of implementation comes in the second to last chapter on securing the internals of a C program.
This book provides an excellent grounding in the fundamentals of security. A must have for anyone studying security, or for those looking for a deeper understanding of IT security fundamentals.
Rating: 
Summary: No, this book is not for the practical administrator
Review: I hate to be the fly in the ointment of the other reviews. But as someone who is more concerned with protecting his networks than trying to figure out the math behind the security, I found this book's title and description on the back cover as well as in the preface to be *highly* misleading.
By reading the preface and the back of the book, you gain absolutely no indication that this book is mired in mathematical theory with very little practical application to the everyday, IT environment. The only possible audience for this book comprises computer science students and software engineers who are into encryption, cipher algorithms, and related theories. There is absolutely no indication of that until you actually start getting into the chapters.
That is not to belittle Mr. Bishop, what he knows, or what he does. I have no doubt that as a professor at the University of California at Davis he is well respected and very knowledgeable of his field. I'm equally sure that in a scientific, trivia challenge, his knowledge and experience would beat me into the ground until I was just a thin, red film. I'm only saying that this book is not one that I can recommend to anyone who is looking for practical, security solutions, contrary to what the title might infer. It is far too mathematical in nature and creates complexities to the theories of computer security that frankly do not apply to the day-to-day systems and network administrator.
In the real world practical, IT solutions include identifying how potential intruders might gain entry to the network. Practical solutions also include how to identify weaknesses in the existing network infrastructure as well as weaknesses in the existing authentication mechanism, among others. Once these weaknesses are identified, IT people need practical solutions to eliminate those weaknesses. Even if the potential solutions are not practical at the current time, identifying what can happen until such time must happen for in order to plan the next stage of securing the environment.
These matters are certainly discussed but not in ways that most IT professional would consider to be valuable. Discussions on the Chinese Wall Model, lattices, and the Extended Euclidean algorithm are not going to be of any practical use whatsoever when you are looking to select and implement an authentication mechanism for a heterogeneous enterprise, nor are they going to be of value when you're looking a Sarbanes-Oxley auditor in the eye and he asks "So, please explain your network security implementations and how you plan on securing your login procedures."
Unfortunately, even those topics that have no direct relation to mathematics, such as availability and the implementation of an auditing system, are described through mathematical formulae. To most IT personnel, auditing involves intruder detection, log scanning, network monitoring, SNMP traps, and of course reporting tools to determine when there is suspicious activity. If I went to my manager and said that we have to anticipate pending connections based on the formula a + b is greater than cb, he'd tell me to contact the confidential, Employee Help line. I can only imagine what he'd tell me if I said that we have to tune our incoming-packet, time-out value in the Solaris kernel to be based on the Linux implementation of the Berstein and Shenk formula of h(s1,sa,sp,da,dp,s1) + n + ((2^24)*t) + [h(s2, sa,sp,da,dp,s2) mod 2^24].
Now, in fairness my review might be rather harsh, but I think it's more the frustration that this book's description is not accurate to its contents and expectations that it puts on the potential reader. Perhaps it is accurate when it comes to the actual content as suggested by the other glowing reviews, but it most certainly is not when it comes to the expected audience or what their expectation might be. In this case I'm sure that this is the right book, but the way that the preface and and back cover are written clearly are not indicative of the intended audience.
Metaphorically speaking, I was expecting to find directions so that I could drive to the nearest grocery store. Instead, I ended up reading about the physics of depressing the accelerator pedal with just the right amount of pressure in combination with the thermodynamics of the detonation of a combustible, fuel substance with a mixture of oxygen and the appropriate temperature and aperture of the ignition mechanism to create the most efficient energy source within a controlled environment. Additionally, I received information about the methodologies of harnessing that thermodynamic energy and converting it through the appropriate gear and torque mechanisms to a forward thrust thus making it possible to move the vehicle in the direction intended while simultaneously balancing out the appropriate fluid injection and combustion level. Also taken into consideration was the manipulation of the speed impedance lever so as to reduce or cease in its entirety the inertial momentum, regardless of direction, of the vehicle when necessary. Let us not forget the guidance controlling mechanism thus altering the directional inertia of the vehicle so as to project it to the destination position to which I expect the vehicle to travel.
Even with all of that, I still don't know where the nearest grocery store is.
Rating:
Summary: More rigour than most computer books
Review: Most books on computer security describe and show how to use cryptography. But often due to lack of space and audience expertise, they often do not give any detailed theory of cryptosystems. There is relatively little maths in such books. In turn, cryptography books fall into roughly two piles. One is highly mathematical and abstract; deliberately independent of any operating system or implementation. The other uses those theorems from the previous type of book, and is more tied to some software package that implements them.
Bishop's book stands differently. The level of the maths and the notation and the rigour with which he describes the cryptosystems would not be out of place in an algorithms book. But it is not all maths. There are chapters on Identity and on Access Control Mechanisms that are traditional sysadmin-type discussions. Veterans of running DEC's VMS machines will see much familiar material. But these discussions are also characterised by a level of analysis uncommonly seen in most sysadmin books. Bishop tries to show how behind such things like Access Control Lists, there is a systematic logic. Other books that might be tied to a given operating system or package might bury you in details, and obscure a general model.
If you have wanted to dig deeper into the subject and have good background in discrete maths, Bishop is worth reading.
Rating:
Summary: Good Balance of Theory and Practice
Review: The only people who hate security systems more than the end users who have to put up with a badly designed system are those who want to break into systems that have good security.
Security for computer systems is very real and growing problem. Far beyond the virus that might come on an e-mail, white collar crime is much more expensive than other kinds. A grocery store holdup might net a few hundred dollars, a bank robbery a few thousand, the average white collar crime is in the hundreds of thousands. And the price of information may be worth life itself as in the case of the Enigma codes in World War II.
This book is balanced at at interesting level above the how to and below the highly theoretical. It has some of the theory, and some of the how to. More important, it explains the why and the how, the broad concepts that enable a manager concerned with security, or the new security manager to set up an effective system that is tailored to the risk, the company, the employees, and others who might have some access to their computer system.
I would rate this book at an intermediate level to move the reader higher up the professional scale. Highly recommended.
<< 1 >>
|
|
|
|
