Customer Reviews

Security+ Guide to Network Security Fundamentals

5 star:		(4)
4 star:		(2)
3 star:		(0)
2 star:		(1)
1 star:		(9)

 

 

To everyone saying the book is incomplete, you are correct. Check the publisher's website for errata and you'll see they admit chapter 6 is jacked and offer a PDF to complete.
I've learned from MS PRESS you should always check for errata first, before you even crack the book open.

See:
http://www.course.com/catalog/downloads.cfm?isbn=0-619-21294-2

I studied the text - all 17 chapters and the Appendix, then I took every one of The included study CD-based CertBlaster "Subject matter drills", then all 4 of the exams (passing every one on the first pass, and coming very close to perfection on the 2nd pass on any given test.)

I took AND FAILED the S+ exam today. ANY SIMILARITY BETWEEN THE STUDY TOOLS, THE TEXT BOOK, AND THE PRACTICE TEST WITH THE REAL TEST WERE RARE!!!! I basically wasted a week and several hundred dollars.

BTW. The Comptia S+ Exam was probably one of the worst knowledge measurement tools (e.g. exam) that I have EVER taken - and I have taken a huge number of them....

Just FYI

Will Harper, MCSE (NT 3,51/NT 4/W2K/XP), MCT, CCNA, A+, N+, CTT+ (and a bunch of other certs) AAS(IT/Networking), BSEE(computers), MBA.

Generally speaking, this have to be by far one of the worst books I have come across for both the content related to the scope of the subject matter, and also extreme inaccuracies due to total lack of comprehension on the material from the author.

The subject matter is general security concepts as it relates to the Security+ exam. In this scope, I expected the material would focus the technologies themselves as they relate to security that is not specific to any one platform, as after all every major OS uses the Internet and E-mail for example. However, this book is overwhelmingly a Windows only book, and reflects a rather narrow vision of Windows-only problems, technologies, and solutions.

In the narrow view of Windows only security, there were so many deficiencies in this book, I could write a tomb on a material. I'll highlight a small sampling of the stuff that really stands out. When covering DNS, there is no mention of secure updates through TSKIP (page 118), nor was there any mention of Active Directory (LDAP) integrated DNS (page 118). These Windows DNS solutions are really important and fairly easy to configure. On UNIX side, one can block zone transfers completely and restrict it through tcpwrappers or xinetd (Exctended Internet Daemon), and Windows can do something using IPSec policy configuration. The book never touches any concept or thinking of this nature for DNS or any other technology for that matter.

On the topic of Windows domains, the author states that "Active Directory is stored in a Security Accounts Manager (SAM) database" (page 120), which oh my, is oh so wrong. Perhaps in older Windows NT this might have been true, but Active Directory uses a distributed database (LDAP) for storing passwords and such, which an extended Jet database stored on each domain controller. The author goes on to proclaim his ignorance of Active Directory noting that a "primary domain controller (PDC) is the name of the server that houses a SAM database. A domain can also have multiple backup domain controllers (BDCs) that are on other servers in the domain" (page 120). Anyone knowing anything about Active Directory is probably rolling on the floor laughing at this moment.

In the topic of databases, the author only discusses Microsoft SQL Server specific issues, and ignores general database security issues and solutions. In the extremely narrow scope of SQL Server, the author recommends installing a personal firewall to block the virus Slammer. However, if the author understood how Slammer works or read any technical articles published by Microsoft on the issue, he would understand that to stop slammer all one needs to do is have a password for SQL Server. What the author doesn't do is note that MSDE, a limited SQL Server database bundled with many Microsoft and third-party applications, doesn't have any password configured by default. However, a password can be added through use of a command-line tool.

For e-mail technologies, the author dissuades using POP3 with completely inaccurate statements about the protocol (page 192). The problem also being with his arguments besides being flat wrong, is that it is his personal opinion on which technology to use and doesn't use any arguments in regards to security. Additionally the author doesn't even cover how to secure either POP or IMAP using SSL or TLS. In the scope of Microsoft Exchange POP and IMAP, there's no mention of the extreme dangers of using un-encrypted POP or IMAP, where passwords fly across the wire in clear naked text. Exchange is integrated into Active Directory, and as such, passwords for these facilities are passwords into their account. Using insecure IMAP or POP traffic is broadcasting the keys to the fort as the expression goes. This situation is not shared by Unix solutions (as they can be configured differently), but as Exchange forces you to use domain accounts, securing the traffic is extremely, repeat extremely, vital and important for security. The author misses the boat with this concept, like other concepts.

In regards to web technologies, this has to be perhaps the most laughable area. The author confuses JavaScript with Java, and even goes so far as to state that JavaScript is a virtual machine and that JavaScript is based on Java (Page 201). Those laughing right now might know that JavaScript was originally called LiveScript and had nothing to do with Java. It was renamed to JavaScript for marketing purposes to popularize JavaScript in created an illusion that it was related to Java. The author goes on to cover only Internet Explorer on only Windows platform, and states that all browsers suffer from the same security weaknesses as ALL other browsers (page 202). If the author had any inkling about browser technology, he would know that the scripting engine in IE is from embedded solution (OLE) sometimes referred to ActiveScripting. This engine has access to all other OLE libraries including saving viruses, um files, on your computer without any sort of authentication. Thus, even if this engine was rock solid secure, it's base features allow hackers to bad things to your computer. This ActiveScripting is embedded into WSH (Windows Scripting Shell), and also IIS (ASP), which is a cause for many exploits in those systems. Internet Explorer itself is packaged up and is embedded into other applications like Outlook, Outlook Express, Windows Media Player, Windows Messenger, MSN Messenger, etc. As some might know, those applications have had many exploits in the past, especially Outlook. Of course all of this is well beyond the ken of the author.

For wi-fi solutions, this has to be the weakest section in the book. On the coverage of specifically WPA/802.11i, the author doesn't cover enterprise WPA or things like a RADIUS server used to authenticate VPN, dial-up, and WPA. He also doesn't even mention AES or EAP security with WPA.

This book is one of the most appalling books I have come across, and cannot even recommend the book even if only for a good laugh. The quality of books sometimes is concern for many in the industry, and this book sets an all new low standard to shoot for.

(I apologize for being unusually harsh, but I have rarely come across a book so regrettable.)

I am a network engineer with almost 10 years experience. I have typically shied away from certification tests because I have always found them to be of the "right answer, wrong answer and TEST ANSWER" category. Security+ is absolutely no different but my job required that I take this certification. I signed up for a class at the local college and this was the textbook for that class.

I read the book cover to cover twice, skimmed it twice more, answered the end-of-chapter questions, took the practice exam included on the cd over 20 times and passed everytime with scores 85% and higher. I failed the security+ exam. The difference between the questions on the test and the topics in this book was amazing. DO NOT RELY ON THIS HORRIBLE BOOK TO GET YOU THRU THE TEST. IT IS A COMPLETE WASTE OF TIME AND MONEY.

If I could have given it negative stars, I would.

This textbook does not cover the material in the Security+ Exam. Entire test subjects are not included, and the lab exercises are terrible. The lab manual only includes a few useful labs and some of them are so outdated they are irrelevant. Authors contradict each other, and the chapters do not hold together well. If you're looking for a lightweight topical introduction, this may work for you, but it won't help you pass the certification exam. This is a very weak introduction to network security, and there are better books available that do cover the content you need to pass the exam. Consider instead "Principles of Computer Security: Security+ and Beyond" ISBN: 0072255099

I'm using this book for a class. We're up to chapter 6 now, and while I'm learning a lot of basic concepts, I've stumbled several times on the writing. It's terribly unclear in places, and clarity is essential in some of these places -- to be short, it's poorly written.

The scope of the book is so wide that it necessarily is shallow. The illustrations are a bit silly and are not a great improvement to clarifying the concept. I am reminded of manuals that go into overwhelming detail as to what mouse-clicks or menu items to select, but don't explain why you want to do this to begin with.

I haven't taken any certification exams as yet, but I would only recommend this book as a brief introduction to subjects that are covered more thoroughly and competently in other books.

What a waste of my money! This book didn't help me learn security hardly at all. Why? Well, I'll give you several reasons.

First of all, the book is written by several authors and it shows. They frequently contradict each other, even on definitions of terms, and the material overlaps so much it's like deja vu.

The other major problem is that the explanations in the book are horrible and disjointed. Concepts and terms are referenced as if the reader already knows them--even though they aren't explained until later on.

And let's not forget the typos and poor English that dot this book. Was this even edited before going to press? I am so completely dissatisfied with this textbook. It's not valuable for anything except maybe firewood. I didn't take the Security+ test, but I can tell this book would be woefully useless for it. Avoid this item!

The book covers the exam blueprint, as well as outline basic security practices. I've heard a lot people state that this test is very basic. It is basic, however the information covered is quite broad. The book does a good job of explaining technologies and inner workings of security. I also used the accompaning lab manual, which was a little too easy, but a nice compliment to the book. Highly recommend if your getting into security or wish to take the Security+ exam.

This is probably one of the worst books I have ever used. Material is repeated verbatum several times over and the labs are the same in several chapters. Concepts are not explained clearly and in varying degrees. The edition I had was riddled with mistakes that even novice users were able to pick out. Worst of all is the organization - it looks like the authors just copied and pasted everything toghether. This book will definately not prepare you for the exam and is a pain to read.

There is no mention of DAC, MAC access controls. All viruses and exploits that are mentioned are way out of date and not categorized properly. PKI and IDS are are not explained clearly at all. I was very unimpressed with the depth in which the topics were covered.