Feature Articles   MS-Security Blog   Favorite Links  Tech Book Reviews  Discussion Board  MS-Security Home

                                                                                Book Reviews Archives

 This section will contain a new review each month of a tech and/or security book that I've read and enjoyed (or not).

 We'll print your tech book reviews!  Want to sing the praises of your favorite tech/security book, or warn others away from one you wish you hadn't spent your hard-earned money on? Send us your review and a brief bio of the reviewer, and we'll post it here. Write to deb@ms-security.org.

 March 6, 2006
Computer Security for the Home and Small Office by Thomas C. Greene (Apress 2004)

I'm often asked by friends, relatives and other non-technical computer users to recommend resources that will provide information about computer and networking security in plain language. I have dozens of thick tomes that go into details of security protocols and encryption algorithms for IT pros, but that's not what they need. They need something like this slim but comprehensive volume written by the associate editor of The Register, a British information technology journal (http://www.theregister.com/) that boasts the motto "Biting the hand that feeds IT."

Although I don't agree with all of the advice given (there's a definite anti-Microsoft and pro-Linux/Mozilla bias), but the book provides a good overview of security concepts and practices without slipping too deeply into tech jargon or flying over the average user's head. The "Dark Side" chapter that explains different types of malware and attacks, the "Vectors" chapter that addresses where the vulnerabilities lie, and an entire "Social Engineering" chapter devoted to the all-too-human aspects of getting hacked are especially worthwhile.

The author attempts to take readers from newbie to power user by introducing and explaining common security mechanisms such as PGP encryption, hashing algorithms, SSH, SSL, and wireless security - although this last is covered much too briefly and only discusses WEP, with no mention of the more secure WPA for 802.11 wireless protection.

Despite the author's preference for open source software, he acknowledges the popularity of Windows and provides plenty of tips on how to secure both. However, the best parts of this book are not the "how to" sections, but the "mindset" information. The chapter titled "Trust Nothing, Fear Nothing" is a good example.

Will this little book answer all your computer security questions? Not by a long shot. But if you're interested in more than just step-by-step instructions on securing your computers, it makes a good read and I'm glad it found a place on my bookshelf.
                                                                                                                                                                                            - Deb Shinder