Joined: 10 Aug 2002
Location: Portland, Oregon USA
|Posted: Mon Jul 28, 2003 10:23 pm Post subject: Book Review - Maximum Security 4th Edition
Maximum Security, 4th edition - A Hacker's Guide To Protecting Your Computer Systems and Network
Author(s): Anonymous (and 17 Contributing Authors)
Book Specifications: Soft-cover, 946 pages with CD-ROM
Category: Internet/Intranet Security
User Level: Intermediate-Advanced (Prior General Networking Knowledge needed)
Suggested Publisher Price: $49.99 USA/ $77.99 CAN/ £36.50 Net UK (inc of VAT)
Info from back cover:
Maximum Security is designed for system administrators and managers who need to find out how to protect their computers, networks, and Internet sites from unauthorized intrusions.
...this unique guide to Internet and network security identifies the security holes and faults inherent in a wide variety of computer systems and netowrks, and then describes how to go about fixing them.
Although I am technically very strong in computer hardware and the functioning of the Windows Operating System environment, I am not so hot on the nuts and bolts of computer security. For this reason, I was asked to review this book. Security-Forums Dot Com desired to know if this book indeed was aimed at management personal with an intermediate knowledge of computer systems.
What I have discovered is that this book not only explains the possible security risks, but goes into detail of defining the risk; and how to avoid it.
Contents at a Glance
To give you a feel for what the book covers, I have listed the sections below:
Part 1 - Security Concepts
Part 2 - Hacking 101
Part 3 - A Defender's Toolkit
Part 4 - Weapons of Mass Destruction
Part 5 - Architecture, Platforms, and Security
Part 6 - Security and Integrated Services
Part 7 - References
Review comments on Section 1
This section was primarily aimed at Corporate managers, IT Admins, and Security consultants. It educates the reader in how to evaluate a company's Security standing, and suggests methods of establishing policy, proceedures and training to protect the company's digital assets. Overall, it is the most dry section of the book, aside from the References section. Yet I suggest you at least browse through Part 1 to gain some great URLs and Mailing List addresses.
Review comments on Section 2
A great detailed explanation of what TCP/IP is, and how it works. Also covered is how spoofing attacks are performed, and how you can prevent them. Expect to be referring heavily to the Glossary as you read this section, unless you are an expert in the Network Security field. The section ends by dispelling several myths concerning what actually can be done in an attack.
Review comments on Section 3
This is where the meat of the book begins, starting out with an in-depth discussion on firewalls. Although you are not taught how to use specific tools to their full capacity, you are given a general idea of what the tools can do. This allows you to make an educated selection of which tools you wish to employ in your efforts to build and maintain a secure network.
Review comments on Section 4
Here we find out just what tools and techniques the Script-Kiddies like to use to crack a system. Although the examples are slightly outdated, you will come to understand just how the process works. Plus the Author was kind enough to list numerous resources which you may use to keep updated on the new tools and techniques.
Review comments on Section 5
Now we get down to specific platforms and their needs. This has proven to be wonderful material for future referance. If you need only one reason to buy this book, this is it!
Review comments on Section 6
The first part of this section covering how to program software and applications with security in mind could have been left out. I beleive that is a topic better left for a book of it's own. This chapter tended to harm the style and theme of the book, and should be left out in future editions.
Yet this section is not a total loss, the chapter covering Wireless Security is priceless. If you intend to build a wireless network, you will want to first read this last part of Section 6.
Review comments on Section 7
As mentioned earlier, this is the desert region of the book. I did find myself getting excited over reading the contents of the accompanying CD. I also predict I will be referring to this section the most in the future.
This book will deeply disappoint you if you are looking for some casual reading. However, as an introduction to the world of Network Security, it is the best teaching aid I have seen to date. You will walk away with the ability to understand what the security geeks are talking about after you have read this wonderful book.
I very highly recommend this book to those who are involved with computers in general, whether it be at home or the office. Most professionals in the field of Computer Security will find this book very useful for referance, however; I doubt they will learn anything new which they are not already aware of.
I have to give this an SFDC Rating of 9/10. I would have gone higher, if it were not for the un-needed material in Section 6.
This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Last edited by Tom Bair on Sat Feb 12, 2005 8:49 pm; edited 7 times in total
Joined: 18 Apr 2002
Location: Kuala Lumpur, Malaysia
|Posted: Mon Jul 28, 2003 10:46 pm Post subject:
Indeed I have heard it's an excellent book and I chose PCWriter to do the review as he's technically very strong but hasn't had a lot of experience in the security side of networks and computer so I thought it would be a good review if he read it and made his comments.
I did rather fancy it for myself but after looking around I probably know 90% of it allready as it's not a highly technical book, more of an overall overview.
Glad to see it turned out as expected.