Customer Reviews

Computer Security for the Home and Small Office

5 star:		(3)
4 star:		(8)
3 star:		(0)
2 star:		(1)
1 star:		(0)

 

 

Mr. Greene examines multiple areas regarding computer security covering subject areas such as hackers, viruses and worms, adware/spyware, data traces (such as file slack space and data traces), internet privacy, internet anonymity, wireless security and many others. A nice thing about this book is the range of topics covered which allows beginner or novice users to expose themselves to a number of concepts that are completely unfamilliar. The author takes the reader step-by-step through important tasks such as disabling services that put your computer at risk of attack, configuring your computer for SSH tunneling, and using netstat and ethereal to monitor connections being made to your computer. These step-by-step instructions make it easy for naive readers to perform basic security functions that would otherwise be reserved for intermediate and power users. One downside to this book is the reader is often given only the minimum explanation on subjects of interest often leaving more questions in the reader's head than were present before the subject was discussed. This is likely due to page constraints inherent in covering such a broad topic and basically puts it in the reader's hands to seek out more information.

The author focuses on hardening Microsoft Windows XP since this is by far the most common operating system on PCs (not to mention it is in dire need of securing due to the way in which it is made and distributed). Despite the emphasis on Windows XP the author covers Linux systems as well since it is gaining popularity and appears to be his personal preference. The author doesn't hide his frustrations with Microsoft and takes every opportunity to explain ways in which Linux is superior. The appendices are quite useful as they contain summaries on important configurations discussed in the book, a glossary of technical terms, a list of commonly used and exploited ports, and a list of helpful online resources.

The recommendation of this book is for beginner to intermediate level users. Being as naïve as I was it was a safe bet that this book would be completely novel to me but depending on how one defines `intermediate user' this book may contain many things an intermediate user is already familiar with. This book is written clearly enough such that no one should fear it being too difficult to understand. To give you an idea of where my knowledge base was when I ordered the book, I knew that firewalls somehow `hide' your computer on the internet and I knew an IP address is how your computer is identified over the internet. That's about it! By no stretch of my imagination do I classify myself as anything more than an `informed beginner' but I'm now aware of many of the risks involved with network computing and I feel I have enough knowledge to manage some of those risks and research them on my own. I highly recommend this book for people who, like me, feel that computer literacy is too overwhelming of a subject to even begin to understand and have often relied on network administrators or that `friend of a friend who knows some stuff about computers' to help you understand how your computer works. This book is by no means the definitive authority on understanding computer networks and computer security but you can be certain it will be less mysterious of a subject after you've read it. I don't give it the full 5 stars because I felt some subjects (in particular netstat) were far too brief and could have been explained in more detail.

(By the way, Amazon.com installs adware on your computer.)

I have to admit that when I just started reading the book, I only hoped to find the entertaining read, written by a cool and famous technology journalist. However, it looks like I was up for a pleasant surprise and the book was way better than that, event delivering some new material on security.

It is important to note that the book is not targeted for security experts in its coverage of material, but presents a clearly written and entertaining "story" of computer security. It covers threats and vulnerabilities, social and technical issues, various platforms (focusing on Linux and Windows). The book possesses a noticeable anti-Windows bias, justified by security history of this platform. Open source solutions such as Linux and Mozilla are recommended by the author. In fact, he implies that in the ideal world only experts should be allowed to run Windows (since it is so hard to secure), while the rest should go with Linux, which is more transparent and behaves predictably (which greatly contributes to its security).

The book offers an amazing breadth of coverage, starting from simple Linux and Windows security tips all the way to malware (such as spyware, viruses and worms), basics of security risk analysis, privacy abuses, erasing trace of activity from computers and even "cyberterrorism". I also liked how well the author presented encryption - usually a difficult subject for security novices.

Highly recommended for those curious about computer security and pretty much everyone using a computer (and, thus likely fighting malware and various bugs). At times, the book does go to more in-depth subjects such as NAT, Windows registry and Linux file system structure, but even in those areas the style seems perfectly acceptable for a security neophyte.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

I recently finished reading and reviewing the book Computer Security for the Home and Small Office by Thomas C. Greene (Apress). While it does seem to lose focus a bit towards the end and has a definite bias (which I agree with!), the overall content and information is vital to know and understand.

The chapter breakdown:
Introducing the Dark Side; Vectors; Social Engineering; From Newbie to Power User; Treasure Hunt; The Open-Source Escape Hatch; Trust Nothing, Fear Nothing; Glossary; Procedures, Processes, and Ports; Online Resources; Index

First off, this is a highly readable and interesting book on how to secure your computer systems against attacks and keep your data private. The author is very vocal in his opinions, and you'll quickly learn where those biases are. He is a major proponent of using Linux and ditching Windows. The only reason you should use IE is because you're forced to. Even with that, he does go into each system and explain in detail what you need to do in order to harden your system. This includes shutting down unnecessary services, running anti-virus software, and using firewalls. All the stuff you'd expect to see in a book like this, and he delivers. The detail is sufficient for most intermediate users to follow, and after you're done you'll have a system that most script kiddies will bypass as it's not worth the time or effort to crack.

Starting in the Trust Nothing chapter, he starts to rant about how security is portrayed in the media, along with the potential conflicts of interest between vunerabilities and the companies who fix them. While interesting material, the focus on home/small office seems to get lost in the mix. I don't know if it's just the style of the writing or what, but I was starting to wonder if we could just move on...

Windows bashers will love the book, Windows defenders will think he's overly critical of the platform. Either way, this is material you can't afford to ignore in today's environment.

Computer Security for the Home and Small Office by Thomas C. Greene is a densely-packed book, full of very good information. Mr. Greene has compiled a detailed list of potential threats complete with solutions. He covers everything from external attacks by hackers, to the possibility of someone taking your hard-drive and mining valuable information from it.

Computer Security starts by discussing firewalls. It gives a very clear explanation of how they work, so you know what they are and are not capable of. It continues by explaining the basics of "Hackproofing". He gives a reasonably balanced approach between sticking with Windows, or moving to Linux.

Thomas goes into great detail on how to replace Microsoft's Internet Explorer (IE) with the open-source Mozilla browser. A number of pages are devoted to the step-by-step locking down of Mozilla. I was disappointed that tightening IE wasn't even mentioned. Mind you, all of what I've described so far only covers the introduction to the book!

The next (first) chapter describes the "Dark Side" of the Internet. Hackers, crackers, and script kiddies, along with their worms, viruses and Trojan horses are clearly explained. He also gives an in-depth example of exactly how a hacker could obtain your information. Following chapters describe the various avenues of attack and how to defend against them, including very nice lists of Windows and Linux services that are suspect and should be shut down.

Chapter 3 discusses Social Engineering. This may be the most important chapter for most business users to read. Technology, no matter how tight, will never stand up to an attack made through an unsuspecting user via social engineering. Chapter 4 is a crash course on TCP/IP ports, the underlying processes that open them, encryption technology (PGP and GPG), and the use of the Secure Shell (SSH), and chapter 5 talks about how to hide all traces of unencrypted data on your hard drive. If the laptop got stolen, you'd certainly want to make sure that no one could glean proprietary information from anywhere on it.

The following chapter is a 14-page diatribe of how Microsoft views Linux as the enemy, and how it tries to suppress its proliferation. While interesting, I felt it was out of place in this book.

The last numbered chapter is carefully crafted to make you very paranoid . Thomas discusses a lot of the political wrangling over security. Obviously, the harder you make it for a hacker to gather information from your computer, the harder law enforcement organizations would have, too. Most governmental officials view that as a very bad thing.

Finally, there are three appendices with plenty of valuable information. Appendix B alone is 90 pages of distilled treasure.

I have to say that you cannot go wrong buying this book. There were a few areas where Thomas Greene seemed to go on a tangent, and not 100% in keeping with the theme of the rest of the book. That marred an other-wise perfect tome. I give this 4 out of 5 stars.

Thomas Greene is most well known for his articles on cybercrime, network and computer security and other information technology subjects for the British tech newspaper The Register. As Associate Editor and journalist for The Register he has a developed a distinctive style and a great reputation.

I have long said that more focus needs to be given to providing security tools and education to the home and small office computer user. Corporations have teams of people and expansive budgets to implement layered security solutions with administrators to monitor and enforce them, but home and small office users have neither the knowledge they need nor the budget to throw blindly into security.

Ironically, all of the money and effort corporations put into computer and network security could be rendered useless if a particularly virulent worm infects the millions of unprotected home users and bogs the Internet down to the point of crippling it.

Greene has seen this same gap in security and wrote this book to fill that gap. He covers a broad range of security topics in language and terms designed for computer security novices to be able to grasp and understand.

One thing this book does that is admirable is that it goes beyond the simple security and recommends open source and alternative solutions- even debating the use of Linux over Windows, giving the user an in depth look at their options.

Home users need this information and I recommend they check this book out.

(...)

Greene devotes his attention to those of you who are not full time computer professionals, and who lack a corporate IT staff to do the dirty work for you. He supposes that it is just you, and possibly your family, with your own machines. These days, for your context, he focuses on computers with a Microsoft or linux operating systems. Sadly, he gives little mention to Apple, though this has a devoted but small following.

He does not just discuss strict technical issues about, say, choosing the right secure settings for OpenSSH. If you don't know what that means, don't worry. In fact, it might mean that you could use this book.

Greene also goes into extended discussions of issues with some security aspects, but are not solely that. Like the merits of linux versus Microsoft. An entire chapter is devoted to this crucial topic. In this sense, the book's title is overly narrow. What he offers is a good discussion of topics you need to be aware of with your machine.

And he can certainly write fluently. This is not a hardcore technical book, with arcane commands and intricate procedures. Most of the book is straight prose that flows. There is a relative dearth of figures. Correctly so. The topics are often not tied to specific applications, where you might need diagrams to show how to go from one screen to another.

Which means there is actually another source of readers for this book. If you are well educated, but just not in computing. For whatever reason, you want a lucid, nontechnical explanation of important computer issues faced by many people. So perhaps consider this book?

This is a self-help IT security book aimed at those who work from a Small Office/Home Office (SOHO). Written by The Register's Associate Editor, it should be no surprise that the book challenges accepted norms such as Microsoft Windows, Office and Internet Explorer, recommending Linux and Open Source alternatives on security grounds. Regardless of the merits of the argument, the book is a worthwhile security awareness text for a general if IT-literate audience.

From the preface: "This is a handbook for ordinary people concerned about computer security and online privacy. It addresses everyday computer users and Netizens with little or no background in information technology, concerned parents, business users, and corporate telecommuters. It speaks as well to corporate security managers struggling to articulate the necessary principles and procedures to nontechnical staff in understandable language ... It's a book written specifically for users that, I hope, can also make the professional's job a bit easier by promoting security awareness ...". I do not agree that the book is suitable for a nontechnical audience. It's not a detailed technical security manual but most of the issues covered are technical in nature, and the descriptions while clearly worded assume a level of technical competence beyond most ordinary computer users I know.

The book is quite thorough, offering more depth and security content than the superficial coverage typical of many books aimed at ordinary PC users. It tackles head-on the installation and use of encrypted email packages such as PGP and GPG, for example.

Advice in chapter 4 on using task manager to check for malware processes ignores the fact that malware authors usually hide their processes from the list. This perhaps hints at a limit on the author's technical knowledge but he is strong in other areas so perhaps this was just an oversight. He does however admit to being a "computer security specialist" not a "computer security expert".

According to the author, the book is meant to be read from cover to cover like a story with activities for the reader to undertake at most stages. Nowhere does the book deal with the change management issues such an approach would cause in an office with more than a small handful of systems.

Chapter 6 is a bare faced rant against Microsoft Windows and related products, mostly on the basis of it being an insecure monoculture, backed up with selected quotations that support the author's position. There is some merit in this point of view but the chapter is heavily biased and unfortunately detracts from the remainder of the book. It would have made a reasonable piece on the Register but not here.

The author indulges in other extended asides and stories of historical interest only that also detract from the book's stated goals. Several paragraphs on BSE (Bovine Spongiform Encephalitis, commonly known as Mad Cow Disease) in at least two places, for instance, can hardly be more unrelated to computer security for home or small office users.

The author's journalistic training shines through in many places. He has presumably researched some areas in depth for The Register, whereas others are less well supported by quotations and commentary. Ironically, the latter are easier to read. I get the impression several of these `illustrations' were included purely because Greene took a journalistic interest in the original stories and has source material available, rather than because of their relevance to the subject of this book.

If you are an IT manager responsible for IT support for a small business, or a student of information security working towards CISSP or a college degree, this book is good value and will give you plenty of things to think about and do. If you are "just" a PC user, the book will probably stretch your abilities to the limit, although if you have the patience and dedication to persist, you may be able to improve security of your PC. For more basic and accessible security advice, try Ben Rothke's Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education).

I agree with what everyone else has written about this book so far, although I did find the book a little difficult at times to follow (maybe I'm just a little dense). But what no one has really pointed out is that the book is highly entertaining to read as well, at least if you appreciate dry humor. I chuckled my way through the whole book.

This could have been a useful book, if it had lived up to its promise: Computer Security for the Home & Small Office. But, for example, the book (page 175-176) discusses securing Internet Explorer in the sentence "Fortunately, there's Mozilla", and then proceeds to discuss how to secure Mozilla. (Firefox as a separate product is not mentioned.) This simply is not helpful to the 90% of Windows computers that use Internet Explorer.

Similarly, a great deal of text discusses Linux, both historically and from a security standpoint, and urges Windows users to switch to Linux as a security improvement. While this is arguably true, it fails to serve the users who have Windows, and the consultants and administrators who must secure Windows. A chapter on how to harden Windows and its associated programs, with recommendations on what Microsoft should do in future versions to improve Windows security, would have been most helpful.

However, parts of the book are quite useful. The discussion of what Windows services can be disabled (pg.49-55) is important. The functional listing of Windows processes and TCP/IP ports (pg 351-387) is valuable.

Surprisingly, for a 2004 book, it fails to mention some current technologies: the Firefox browser, WPA wi-fi security, and Windows XP Service Pack 2.

It seems like every few weeks there are fresh announcements of invasions by computer viruses, worms, identity thefts, spam scams, and other unwanted (often destructive) incursion attempts through the internet. Computer Security For The Home And Small Office by computer security expert Thomas C. Greene is as timely as it is up-to-date and "user friendly". The informed and informative text is organized into seven chapters: Introducing the Dark Side; Vectors; Social Engineering; From Newbie to Power User; Treasure Hunt: The Open-Source Escape Hatch; Trust Nothing, Fear Nothing. Enhanced with a glossary, and appendices on "Procedures, Processes, and Ports" and "Online Resources", Computer Security For The Home And Small Office is a compendium of immediately applicable information presented with a minimum of jargon so that even the most novice of beginners can take steps to insure against the successful invasion of their privacy; protect their systems and databases from exterior corruption; and defend against any form of attack or unwanted intrusion. Every personal, professional, corporate, and community library system should have on hand a reference copy of Thomas Greene's Computer Security For The Home And Small Office.