Joined: 18 Apr 2002
|Posted: Thu Sep 25, 2003 9:28 am Post subject: Book Review - All In One Security+ Certification Exam Guide
All In One - Security+ Certification Exam Guide
Author: Gregory White
Publisher: Osborne McGraw-Hill
Book Specifications: Hard Cover, 558 pages, CD
User Level: Assumes basic underlyings of Security
Special Discounted Security Forums Price : £30 UK GBP - http://www.mcgraw-hill.co.uk/securityforums
Amazon.co.uk: All In One Security+ Certification Exam Guide
Amazon.com: All In One Security+ Certification Exam Guide
This All-In-One guide is a comprehensive exam guide covering the new foundation level security certification for networking professionals; Security+ from CompTIA. The book includes 100% coverage of all exam objectives for the Security+ Certification, and also serves as an in-depth reference for use in the workplace after the exams
My reasons for reading the book are based on both interest and certification. From compTIA themselves:
|The CompTIA Security+ certification tests for security knowledge mastery of an individual with two years on-the-job networking experience, with emphasis on security
Based purely on the above information and after recently passing the CCNA, I wanted another 'formal' qualification dealing with general security and the exam seems a good stepping stone. More detailed information can be found at the compTIA site : http://www.comptia.org/certification/security/
For anyone taking Microsoft certifications this exam can be used as an elective exam for MCSA and MCSE, more specifics can be found on the MS site : http://www.microsoft.com/traincert/mcp/comptia.asp
To deviate slightly from the standard review format I have decided to break the review down into two parts. The first will be an overview into the book as a whole with a more detailed focus on an area I am inexperienced in such as cryptography. The second part of the review will follow when I find time to take the exam and comment on its usefulness directly to the test itself
The book has 19 chapters, each ending with a review and answers / questions relating to the test. Also attached is a CDROM containing simulated exams with practice questions & answers, learnkey video training and the complete ebook.
Part I: Authentication
1: General Security Concepts
Part II: Malware and Attacks
2: Types of Attacks and Malicious Software
Part III: Security in Transmissions
3: Remote Access
5: Web Components
6: Wireless and Instant Messaging
Part VI: Security for the Infrastructure
7: Infrastructure Security
8: Intrusion Detection Systems
9: Security Baselines
Part V: Cryptography and Applications
11: Public Key Infrastructure
12: Standards and Protocols
Part VI: Operational Security
13: Operational/Organizational Security
14: Disaster Recovery, Business Continuity, and Organizational Policies
Part VII: Administrative Controls
15: Security and Law
16: Privilege Management
17: Computer Forensics
18: Risk Management
19: Change Management
Part VIII: Appendixes
A: About the CD-ROM
B: OSI Model and Internet Protocols
Style And Detail
A link to an example chapter is provided, chapter 13 covers Operational / Organizational Security : http://www.osborne.com/products/0072226331/0072226331_ch13.pdf
The book is laid out into topics within each chapter which generally are split into paragraphs aided by diagrams where relevant. Some sections describe a service or a daemon in general whereas others give real examples and screenshots or different operating systems, for example: SSL certificates in IIS, enabling public services in Mac OS X through to console dumps from Linux based systems.
Notes & Tips are scattered throughout reinforcing specific exam points or pointing to more information such as RFCs. At the end of each chapter there are multiple choice questions with their answers following and brief reasoning.
The book is geared towards the exam and is presented in definition format so could be used for reference if needed. I found some sections did not go into enough detail, whereas others such as public key infrastructure were more comprehensive. There is a balance between technical definitions and theory, which is good as gives you the chance to think about the likes of risk management and physical security which are easily brushed aside.
The attached CD contains each chapter in pdf format for easy and searchable reference. Next is the mastersim which is a simulation based assessment tool with 14 random questions at a time. They imitate an actual system, for example one question prompts you to run a dictionary attack using l0phtCrack on a windows 2000 server account, another emulates basic IIS security , others are simple answers based on diagrams
Lastly on the CD is the masterexam test software which has three training modes of increased complexity. This also checks for live updates online to ensure the latest questions are presented. This also has both open and closed book modes for reference and exam testing respectively.
I found the book interesting to read, the diversity of the chapters also helped with the mixture of cryptography, forensics, intrusion detection and remote access.
In relation to the exam itself I cannot say how similar the questions are although the weighting of the chapters reflects the breakdown of exam questions. The questions are easily answered based on the chapters context and the CD compliments the book well with its test simulator. A lot of the information I am already familiar with which is a bonus, I would be confident to take the exam based on reading the book and using the test material provided.
I will post a reply to this thread if I manage to find the time to take this exam with results and how relevant the book was.
Security Forums Discount
The publishers Mcgraw Hill have kindly setup a discount section for Security Forums' users. Discounts can be up to 30% off the RRP and postage is free on all orders over £20 in the UK & Central Europe.
Highly Recommended 8 / 10
This review is copyright 2003 by the author and Security-Forums.com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Last edited by chris on Wed Feb 04, 2004 12:40 am; edited 3 times in total
Joined: 27 May 2002
|Posted: Mon Dec 29, 2003 12:58 am Post subject:
Since I took the beta Security + test version, it wasn't the same as is current production version. But I didn't have the luxury of any cert books available so all my study material was from individual chapters from different books and many info sources from the net.
My one suggestion for any interested in Security + is don't put all your study material resoucres into any one book. A main reference/learning book is good along with other resources being other books or articles from the net. i.e. if your weak in crypto (I am) then search the net for into articles and build upon that.
I didn't have any questions on wireless security 802.11b or Bluetooth which blew me away and I made it know known at our sme meetings that was not acceptable for a professional level cert. I'm glad to see it's there now. This was not the only hole in the exam but is a good illustration of one.
Security information has come along way in just a few years for people new to security. I'm glad to see it, since there was virtually none just a few years back for new people.