Security+ Guide to Network Security Fundamentals [Paperback]

Paul Campbell (Author), Bel Calvert (Author), Steven Boswell (Author)

Book Description

ISBN-10: 0619120177 | ISBN-13: 978-0619120177 | Publication Date: December 20, 2002 | Edition: 1

This comprehensive introductory text provides an overview of network security basics including general security concepts, communication security, infrastructure security, operational and organizational security and cryptography basics. Designed to prepare students for popular network security certifications, this book maps fully to CompTIA's Security+ exam.

Product Details

• Paperback: 536 pages
• Publisher: Course Technology Ptr (Sd); 1 edition (December 20, 2002)
• Language: English
• ISBN-10: 0619120177
• ISBN-13: 978-0619120177
• Product Dimensions: 9.4 x 7.4 x 1.1 inches
• Shipping Weight: 2 pounds
• Average Customer Review: 2.4 out of 5 stars  See all reviews (16 customer reviews)
• Amazon Best Sellers Rank: #2,538,568 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

7 of 7 people found the following review helpful:

4.0 out of 5 stars Security+ Guide to Network Security Fundamenatls, December 15, 2003

By A Customer

This review is from: Security+ Guide to Network Security Fundamentals (Paperback)

To everyone saying the book is incomplete, you are correct. Check the publisher's website for errata and you'll see they admit chapter 6 is jacked and offer a PDF to complete.
I've learned from MS PRESS you should always check for errata first, before you even crack the book open.

See:
http://www.course.com/catalog/downloads.cfm?isbn=0-619-21294-2

6 of 6 people found the following review helpful:

1.0 out of 5 stars Failed the S+ Exam, August 6, 2004

By 

Will Harper "Will Harper" (Virginia Beach, VA) - See all my reviews

This review is from: Security+ Guide to Network Security Fundamentals (Paperback)

I studied the text - all 17 chapters and the Appendix, then I took every one of The included study CD-based CertBlaster "Subject matter drills", then all 4 of the exams (passing every one on the first pass, and coming very close to perfection on the 2nd pass on any given test.)

I took AND FAILED the S+ exam today. ANY SIMILARITY BETWEEN THE STUDY TOOLS, THE TEXT BOOK, AND THE PRACTICE TEST WITH THE REAL TEST WERE RARE!!!! I basically wasted a week and several hundred dollars.

BTW. The Comptia S+ Exam was probably one of the worst knowledge measurement tools (e.g. exam) that I have EVER taken - and I have taken a huge number of them....
Just FYI
Will Harper, MCSE (NT 3,51/NT 4/W2K/XP), MCT, CCNA, A+, N+, CTT+ (and a bunch of other certs) AAS(IT/Networking), BSEE(computers), MBA.

5 of 5 people found the following review helpful:

1.0 out of 5 stars It cannot sink any lower than this..., December 17, 2005

By 

Joaquin Menchaca (San José, CA USA) - See all my reviews
(REAL NAME)   

This review is from: Security+ Guide to Network Security Fundamentals (Paperback)

Generally speaking, this have to be by far one of the worst books I have come across for both the content related to the scope of the subject matter, and also extreme inaccuracies due to total lack of comprehension on the material from the author.

The subject matter is general security concepts as it relates to the Security+ exam. In this scope, I expected the material would focus the technologies themselves as they relate to security that is not specific to any one platform, as after all every major OS uses the Internet and E-mail for example. However, this book is overwhelmingly a Windows only book, and reflects a rather narrow vision of Windows-only problems, technologies, and solutions.

In the narrow view of Windows only security, there were so many deficiencies in this book, I could write a tomb on a material. I'll highlight a small sampling of the stuff that really stands out. When covering DNS, there is no mention of secure updates through TSKIP (page 118), nor was there any mention of Active Directory (LDAP) integrated DNS (page 118). These Windows DNS solutions are really important and fairly easy to configure. On UNIX side, one can block zone transfers completely and restrict it through tcpwrappers or xinetd (Exctended Internet Daemon), and Windows can do something using IPSec policy configuration. The book never touches any concept or thinking of this nature for DNS or any other technology for that matter.

On the topic of Windows domains, the author states that "Active Directory is stored in a Security Accounts Manager (SAM) database" (page 120), which oh my, is oh so wrong. Perhaps in older Windows NT this might have been true, but Active Directory uses a distributed database (LDAP) for storing passwords and such, which an extended Jet database stored on each domain controller. The author goes on to proclaim his ignorance of Active Directory noting that a "primary domain controller (PDC) is the name of the server that houses a SAM database. A domain can also have multiple backup domain controllers (BDCs) that are on other servers in the domain" (page 120). Anyone knowing anything about Active Directory is probably rolling on the floor laughing at this moment.

In the topic of databases, the author only discusses Microsoft SQL Server specific issues, and ignores general database security issues and solutions. In the extremely narrow scope of SQL Server, the author recommends installing a personal firewall to block the virus Slammer. However, if the author understood how Slammer works or read any technical articles published by Microsoft on the issue, he would understand that to stop slammer all one needs to do is have a password for SQL Server. What the author doesn't do is note that MSDE, a limited SQL Server database bundled with many Microsoft and third-party applications, doesn't have any password configured by default. However, a password can be added through use of a command-line tool.

For e-mail technologies, the author dissuades using POP3 with completely inaccurate statements about the protocol (page 192). The problem also being with his arguments besides being flat wrong, is that it is his personal opinion on which technology to use and doesn't use any arguments in regards to security. Additionally the author doesn't even cover how to secure either POP or IMAP using SSL or TLS. In the scope of Microsoft Exchange POP and IMAP, there's no mention of the extreme dangers of using un-encrypted POP or IMAP, where passwords fly across the wire in clear naked text. Exchange is integrated into Active Directory, and as such, passwords for these facilities are passwords into their account. Using insecure IMAP or POP traffic is broadcasting the keys to the fort as the expression goes. This situation is not shared by Unix solutions (as they can be configured differently), but as Exchange forces you to use domain accounts, securing the traffic is extremely, repeat extremely, vital and important for security. The author misses the boat with this concept, like other concepts.

In regards to web technologies, this has to be perhaps the most laughable area. The author confuses JavaScript with Java, and even goes so far as to state that JavaScript is a virtual machine and that JavaScript is based on Java (Page 201). Those laughing right now might know that JavaScript was originally called LiveScript and had nothing to do with Java. It was renamed to JavaScript for marketing purposes to popularize JavaScript in created an illusion that it was related to Java. The author goes on to cover only Internet Explorer on only Windows platform, and states that all browsers suffer from the same security weaknesses as ALL other browsers (page 202). If the author had any inkling about browser technology, he would know that the scripting engine in IE is from embedded solution (OLE) sometimes referred to ActiveScripting. This engine has access to all other OLE libraries including saving viruses, um files, on your computer without any sort of authentication. Thus, even if this engine was rock solid secure, it's base features allow hackers to bad things to your computer. This ActiveScripting is embedded into WSH (Windows Scripting Shell), and also IIS (ASP), which is a cause for many exploits in those systems. Internet Explorer itself is packaged up and is embedded into other applications like Outlook, Outlook Express, Windows Media Player, Windows Messenger, MSN Messenger, etc. As some might know, those applications have had many exploits in the past, especially Outlook. Of course all of this is well beyond the ken of the author.

For wi-fi solutions, this has to be the weakest section in the book. On the coverage of specifically WPA/802.11i, the author doesn't cover enterprise WPA or things like a RADIUS server used to authenticate VPN, dial-up, and WPA. He also doesn't even mention AES or EAP security with WPA.

This book is one of the most appalling books I have come across, and cannot even recommend the book even if only for a good laugh. The quality of books sometimes is concern for many in the industry, and this book sets an all new low standard to shoot for.

(I apologize for being unusually harsh, but I have rarely come across a book so regrettable.)