Product Description

In 2003, fraud and identity theft cost consumers at least $437 million dollars. In 2004, the U.S. Federal Trade Commission received 247,000 consumer complaints in 2004 (up 15% from 2003), from individuals whose identity was stolen, and according to Reuters.com (2/2005), Americans lost $548 million dollars to identity theft and consumer fraud in 2004. Don't allow yourself to become a part of the statistics!

How Personal and Internet Security Works illustrates in vivid detail the many dangers faced by those who use the Internet to send or receive email, surf the Web, conduct personal business, use a credit card, or even travel to airports and how those dangers can be solved. You'll also get detailed explanations of Internet privacy issues such as spyware, phishing, identity theft, data mining, biometrics, and security cameras, as well as Homeland Security issues such as airport scanning and terrorist screening.

Customer Reviews (1)

The big disappointment
I purchased this book online without getting a chance to look inside (the option was not available for this title...I believe I know why). In many cases buying a book by its title works out, but in this case it did not. Had I realized that this "award winning author of more than 30 books" also wrote a book called "Complete Idiot's Guide to Internet Privacy and Security", I certainly would have passed on the purchase.

For a book of 280 pages, it contains very very little real content. Each chapter begins with a one page description of the topic (probably the most useful part of the book), followed by a series of two page spreads on each subtopic. Each two page spread is completely covered by a computer generated graphic, and 4 - 8 small paragraphs, enough to fill up at most 1/2 of one of the two pages. The graphics usually attempt to depict the subtopic, but most of the time there are a few items in the graphic that relate to the topic, but the graphics alone add no value to the topics, and often are a distraction from the few small paragraphs on the two pages. Had the graphics been absent, and the text condensed into normally spaced pages, no content or meaning would have been lost, and this would have amounted to about a 70 page book full of commonly known buzzwords and surface information many already know.

As an example of how Gralla treats each subtopic, consider this analogy. If I were to read a book on how an automobile engines work, I would expect it to say something about the carburator, spark plugs, timing, camshaft, crankshaft, pistons, etc. The "Gralla" equivalent of this description would be something like "The gas goes in the engine, the spark plugs fire, and the wheels go round". For some, maybe that is enough. But for me, a book called "How Works" should tell you how it works!

So, if all you need is the "gas, sparkplug, wheels" version of how things work in the internet security world, and you have $20 or so dollars to throw at it, then this is the book for you. However, if you would like to dig a little deeper, save your $20.00 and look for a more technical book on the subject, as I am off to do. What a big disappointment, and a waste of $20. ... Read more

Product Description
This book constitutes the refereed proceedings of the 4th European Symposium on Research in Computer Security, ESORICS '96, held in Rome, Italy, in September 1996 in conjunction with the 1996 Italian National Computer Conference, AICA '96. The 21 revised full papers presented in the book were carefully selected from 58 submissions. They are organized in sections on electronic commerce, advanced access control models for database systems, distributed systems, security issues for mobile computing, network security, theoretical foundations of security, and secure database architectures. ... Read more

Product Description
Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.
Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cryptographic techniques, intelligent tokens, public key infrastructures, IAM technologies) is provided.
The book features detailed discussions of practical experiences in different sectors, including the automotive industry, financial services, e-health, and e-government.
... Read more

Customer Reviews (2)

Security Review
This book gives a good theoretical overview on the topic. It is short, though, on actual practical real-world solutions in the IAM space.

Solid book for infosec consultants
This book has the look and feel of a business school textbook, moving from topic to topic in a fairly academic matter.It is a combination of 14 essays from prominent authors in the topics they are writing on.This allows for a book that can treat a wide range of concepts and still maintain credibility and a tone of expertise with the downside being the structure of each essay is slightly different between authors.As such, it is meant more as a higher-level introduction to concepts and ideas that swirl around the information security industry but it is couched in the language of business in the hopes that enterprises will adopt a measure of culture change in the area of security.The book seems to have a more European focus, but it is not without value to an American audience.

The book begins with an introduction by the editors laying out what they view as three areas driving enterprise security and what they hope to accomplish with the book.They finger security threats, creating new business opportunities, and regulatory compliance as the main drivers of security investment for the enterprise.In their experience, the editors see businesses still creating processes and applications designed around speed and convenience with security being an afterthought.The editors then establish 4 items they wish to see changed in industry: review of information security requirements, assuming legal liability for poor security practices (it'll never happen), creating a security-aware culture, and security against insider threats.The rest of the book doesn't seem to truly address how to bring these four changes to fruition.

The rest of the book is divided into three sections: (1) Concepts & Trends (better described as emerging security technologies), (2) Practical Experiences, and (3) Technologies & Standards.As far as organization, it would seem better to have Practical Experiences come last in the book and address the technologies discussed previously; however this is not a serious deficiency in the book.

Parts 1 and 3 are presented to the reader from a high-level perspective.It assumes little prior technical knowledge and thus is accessible to a wide audience, particularly the business community.It helps the reader understand why these technologies are beneficial from an economic standpoint.Readers who are technically savvy may get easily bored from this section unless they are trying to develop a "business case" for the adoption of security mechanisms for their organization.In that regard, these essays help bridge the gap between "tech heads" and the "pointy-haired management".

The Practical Experience section is a collection of four case studies of four different organizations facing four different problems.It helps the reader to understand the challenges and obstacles in actual implementation of technologies.It helps bridge the gap between book-learning and real-world experience.3 of the 4 essays revolve around PKI and digital identities.It is clear based on the focus of the editors that authentication is important to them, however and expansion of case studies based on their other goals would make the text that much more effective.

All in all, the book is a valuable primer for consultants and non-savvy managers who are seeking to get their minds around security and how best to sell the investment of security. ... Read more

Product Description
Halting the Hacker: A Practical Guide to Computer Security, Second Edition combines unique insight into the mind of the hacker with practical, step-by-step countermeasures for protecting any HP-UX, Linux, or UNIX system. Fully updated for today's key threats, tools, and solutions, this book shows you how hackers work and the best ways to respond: not just what to do, but why. Through dozens of real-world examples, you'll master the skills and mindset to protect yourself against today's attacks -- and tomorrow's. ... Read more

Customer Reviews (8)

Hooray for "Halting"
This review is a collaborative writing project completed by the students in a "Technology and Ethics" class at DeVry University in beautiful Colorado Springs, Colorado.It is based on a quick look at the book under consideration.

This book has several virtues.It provides a simple step-by-step process to keep hackers out.It also provides supportive links where you can download software to protect your hardware as well as business information.The simple wording allows you to concentrate on your work while helping you protect what you are working on.

Although this book is outdated, it would still be helpful in setting up a security policy.The illustrations in this book would not be suitable for some business environments; however they would be useful for the individual computer user.

I would recommend this book to beginners in the computer technology field.This book comes with a useful CD-ROM that contains software and added resources.

Valuable for anyone needing to know about info security
It is ironic that the advent of the computer promised to dramatically reduce paper usage; today's 1,000-page-plus computer-security tomes have probably single-handedly deforested whole regions of the earth. A happy exception to this trend of titanic texts is Halting the Hacker.Which is relatively concise yet highly informative.

It provides a good overview of core information security issues and concepts. It takes a big-picture approach to information systems security, not bogging down the reader in arcane minutiae.

Halting the Hacker delves into more intricate details and includes a CD-ROM with many security tools.

Overall, it is valuable for anyone needing to know about information systems security without sacrificing a forest in the process.

Second Edition is First Rate!
This new expanded edition of Halting the Hacker came out in 2002 and is nearly double the size of the original edition.It takes the insight of how hackers attack systems from Pipkin's first edition and delves into the details of how to protect your Unix and Linux systems.

Real-life stories about hackers and companies who were hacked are sprinkled throughout the book making it an easy read for anyone, not just techies.The tools discussed (and which come with it on the included CD-ROM) makes it a valuable resource for everyone who deals with Unix/Linux systems.

Highly recommended!

Good Starting Overview
This isn't a heavily technical book. Unlike many of the other security books I've reviewed, this isn't full of tcpdump traces and the like. It is, however, a really excellent overview of security that can introduce a system administrator or a general manager to the subject.

There are actually a very few pages that deal with things like disabling unused services, but that's just 14 pages from a 337 page work, and those are really more illustrative than specific. Instead, this covers the who, the how and the why of hackers, the legal climate, and includes examples of actual incidents.

Perhaps a good indication of the target audience is the Glossary, which includes definitions for "back door", "client/server", "Kerberos", "newsgroup" and "Trojan horse".

If you are looking for programmer level information, this isn't what you want. On the other hand, this is much more technical and focused than something you might read in Newsweek or your Sunday newspaper.

Recommended for business owners and managers who need to understand computer security even though others may actually implement it, or as a base introduction for technical people with no previous exposure.

So-so
I got this book to become more familiar with network security.It goes over some good topics and really helps you to understand the "secure your system" concept.However, this book is a basic overview for thenetwork manager and I would suggest that you find some other book to gowithif you wanna buy it.. ... Read more

Product Description
* Biometrics authentication, which relies on fingerprints, speech, or other physical characteristics, is an increasingly important means of protecting critical data
* Gives security professionals specific guidelines, applications, and procedures for implementing a biometric security system in a LAN, WAN, or wireless infrastructure
* Covers fingerprint identification, hand geometry, speaker recognition, face location, retina scanning, and multibiometrics
* Companion Web site contains articles, papers, source code, and product guides ... Read more

Customer Reviews (2)

Informative, expert, immensely useful
This is an immensely informative and practical reference, which is pleasantly surprising - at first appearance it looks like an academic (i.e. theoretical) work.

The authors' premise is that biometric systems, relying on fingerprints, retinal scans, speech patterns and facial thermography, are a highly effective solution for the problems of network security and authentication. He then explains how to assess the most effective form of these biometric methods which will meet an organisations' needs, how to implement such systems and understand their overall strengths and weaknesses.

Although security is a highly-important issue, the contents are of value to those interested in biometric systems in general - for example, this is a technology of interest to labour-hire organisations. Such companies may place many hundreds of casual employees on remote client worksites and need verifiable means to determine the employee's attendance and hours worked - in short, an unfoolable version of the old "time clock" punch-card system.

The authors detail at length the foundational mathematics or principles behind each biometric system covered, and spend equal time describing genuine implementations - using readily available (commercial) hardware and software. Helpful screenshots, tables and diagrams accompany these practical components and give full confidence that the reader can reproduce the results themselves (with the appropriate hardware and software, of course). For software developers, sample source code is also provided showing how the biometric devices can be managed from within Visual Basic programs.

Completing the book is a companion Web site with updated source code, articles and case studies.

For those who see value in biometric systems within their organisation - whether for secure authentication or other purposes - this book is a welcome and useful reference, replete with expert advice and guidelines. It is definitely a "must read".

Biometric Puzzles Revealed
There is a lot of mystery and myth concerning biometrics and the authors did a good job of exposing the facts and revealing the truth."Implementing Biometric Security" breaks down the various forms of biometric technology into easily understandable blocks of information.Very few books breakdown the different forms of biometrics to the point that this one does. This is a true guide in helping you choose between biometric authentication systems.I'd recommend it a must read prior to investing time or money into a biometric business solution.The book is chock full of data.I found myself learning something new on almost every turn of the page.The good news is that I found it a fairly easy read and a great reference book.As a bonus, there is a companion site that has some readily available programs to get your biometric effort up and running.An excellent book for your work or personal IT library. ... Read more

Product Description
Real case studies on Internet fraud written by real fraud examiners

Internet Fraud Casebook: The World Wide Web of Deceit is a one-of-a-kind collection of actual cases written by the fraud examiners who investigated them. These stories were hand-selected from hundreds of submissions and together form a comprehensive, enlightening and entertaining picture of the many types of Internet fraud in varied industries throughout the world.

• Each case outlines how the fraud was engineered, how it was investigated, and how perpetrators were brought to justice
• Topics included are phishing, on-line auction fraud, security breaches, counterfeiting, and others
• Other titles by Wells: Fraud Casebook, Principles of Fraud Examination, and Computer Fraud Casebook

This book reveals the dangers of Internet fraud and the measures that can be taken to prevent it from happening in the first place. ... Read more

Product Description
This digital document is an article from Security Management, published by American Society for Industrial Security on August 1, 1996. The length of the article is 3911 words. The page length shown above is based on a typical 300-word page. The article is delivered in HTML format and is available in your Amazon.com Digital Locker immediately after purchase. You can view it with any web browser.

From the supplier: Casinos are highly vulnerable to fraud and cheating given the frenzied gambling environment and the fast exchange of cash and chips. The most common crimes perpetuated against casinos include card marking, 'cooler' scams and slot machine tampering. To curb such crimes, casinos should deploy surveillance personnel and equipment to areas where these crimes occur. In addition, they should train security personnel in identifying potential criminals and criminal activities.

Citation Details
Title: The fraud prevention jackpot. (security measures at casinos)
Author: Anthony J. Luizzo
Publication: Security Management (Refereed)
Date: August 1, 1996
Publisher: American Society for Industrial Security
Volume: v40Issue: n8Page: p70(6)

Distributed by Thomson Gale ... Read more

Product Description
"This is a very important book . . . mandatory reading for anyone thinking about getting into e-commerce."-Peter G. Neumann Moderator of the Risks Forum and author of Computer Related Risks

The World Wide Web is changing the way the world engages in business. With this paradigm shift comes uncertainty about how secure e-commerce transactions are over an inherently insecure medium-the Internet. Businesses have learned the hard way that there is no "silver bullet" solution-not encryption, not firewalls, not even secure protocols. Like a chain, the security of e-commerce is only as strong as its weakest link.

Written by security expert Anup K. Ghosh, E-Commerce Security highlights the weak links and provides best defenses for individuals and enterprises connected to the Internet. This valuable guide addresses vulnerabilities in four essential components of electronic commerce-the data transport protocol, Web server, Web clients, and the network server operating system.

E-Commerce Security:
* Exposes the dangers of new Internet innovations in today's Web browsers, including push technology and desktop integration with the Internet
* Methodically explains the dangers of active content programs downloaded from Web sites, such as Java applets, ActiveX controls, and JavaScript
* Provides a comparison of different secure protocols for e-commerce, including digital cash protocols used in smart cards
* Presents security considerations for Web servers, online databases, and server-side application software
* Details shortcomings in firewall technology and other host security measures.Amazon.com Review
Online security investigator and research scientist Anup Ghoshtakes a realistic look at the state of security for electroniccommerce. He is neither a Pollyanna believing that all is fine, nor adoomsayer predicting catastrophe for transactions lacking virtualplate armor. In fact, he feels that some levels of security areexcessive. But he emphasizes that any security system is only asstrong as its weakest point. If you're going to trust your money toonline transactions, you need to know where your weaknesses lie andhow to correct them.

To that end, Ghosh discusses real-lifesecurity failures, how they occurred, and how recurrences can beprevented. He then takes a systematic look at the areas of risk. Onechapter deals with potential problems in active Web content, such asJava applets, ActiveX controls, and push technology. He examines dataprotocols to secure transactions with the warning that the data can bevulnerable before and after the secure transmission. The weaknesses ofserver hardware and software come under scrutiny as well. Ghosh callsfor greater attention to security as software is being developed andlooks at what advances are likely to be coming down theroad. --Elizabeth Lewis ... Read more

Customer Reviews (4)

well organized and well written
This is an outstanding book--well organized and well written, it serves as an introduction as well as review.

Highly recommended for beginners because it is very easy to understand and a brilliant introduction to e-commerce security issues. Also highly recommended for experienced users, as it provides a good overview in a concise manner.

great overview of the security issues for internet commerce
This book is an excellent overview of the fundamental problems that need to be solved in order to build a secure internet-commerce system.It covers client-, server-, protocol-, and OS- related security holes andpitfalls.The author did a very good job of both painting the broadpicture as well as giving concrete, real-world examples.I'm new to thee-commerce domain and this book did an excellent job of introducing me tothe manifold pitfalls awaiting the unaware.I also very much liked how theauthor recommended concrete but general steps to take in order to avoid orminimize each category of vulnerability which he identified.A fascinatingbook on a fascinating topic.

An overall
A very good starting book to understand the security aspects of e-commence. Correct views(e.g. The auther emphasized the importantance of the security of two communication ends)and moderate knowledge.

Good coverage of Web-related e-commerce security issues
The title is ever so slightly misleading in that the topic is not electronic commerce as a whole, but the (admittedly most popular) Web segment of it. However, within this limit, the book does provide solidcoverage and good advice for a whole range of issues.

Chapter one is ageneral introduction to the factors involved, looking at some recent"attacks" of various types, and then reviewing the client,transport, server, and operating system components to be examined in theremainder of the book.Client (generally browser) flaws are coveredthoroughly in chapter two.The breadth of coverage even includes mentionof topics such as the concern for privacy considerations with cookies. Active content is the major concern, with an excellent discussion ofActiveX (entitled "ActiveX [In]security"), a reasonably detailedreview of the Java security model, and a look at JavaScript. Unfortunately, very little of this touches directly on e-commerce as such,except insofar as insecure client technology is going to make e-commerce aharder sell to the general public.While covering the transport oftransaction information, in chapter three, Ghosh makes an interestingdistinction between stored account systems (where you want to secure thetransmission of identification data) and stored value systems (where thedata, once transmitted, is useless to an eavesdropper).Many booksconcentrate on either channel security or electronic cash systems, so thiscomparison is instructive.

A server involves multiple programs, and mayinvolve multiple machines. Server security can quickly become complex, andthis is quite evident in chapter four.While a great deal of useful andthought-provoking information is presented, the complicated nature of theundertaking works against this chapter.Not all topics are dealt withthoroughly, or as well as the previous material was.Oddly, one issue notcovered in depth is the firewall, which is handled very well in chapterfive, with operating system problems.Ghosh sets up a classificationscheme for OS attacks, illustrated by specific weaknesses in Windows NT andUNIX.

The book ends in chapter six with a call for certification ofsoftware, greater attention to security in all forms of software, and,interestingly, for greater use of component software.(From the jacketmaterial, it appears that Ghosh is currently involved in the promotion ofcomponent software systems.)

Each chapter ends with a set of references. Unlike all too many books with bibliographies stuff with obscure citationsfrom esoteric journals, the bulk of the material listed is available on theInternet.A separate section lists Web sites used in the text.

Thevarious issues dealt with in the book are explained clearly, and generallypresent counsel on the best practices for secure online commerce. A compactbut comprehensive guide to the current state of electronic transactionsecurity. ... Read more

Product Description
Bringing order to the lawless frontier

Almost daily, the boomtown growth of online activity generates more opportunities for cybercrime, identity theft, loss of data, and invasion of your privacy. To this lawless high-tech frontier comes the cavalry, mounted on (or in) blue PT Cruisers--Geeks On Call. Now they're helping you build that all-important first line of defense, with quick, easy-to-follow solutions to the most common security problems, plus simple steps you can take to protect your computer, your privacy, and your personal information--today.
* Keep your virus protection up to date
* Identify and remove spyware
* Recognize phishing scams
* Practice safe chatting and instant messaging
* Learn to encrypt data for security
* Protect your laptop and wireless connection
* Create secure passwords
* Safely use public computers

Geeks On Call(r) is the premier provider of on-site computer services. The certified, trained and tested technicians from Geeks On Call provide expert computer installation and networking services, on-site repairs, security solutions and system upgrades for residential and commercial customers numbering in the hundreds of thousands each year. Founded in 1999, Geeks On Call began franchising in 2001. For more information, call 1-800-905-GEEK or visit www.geeksoncall.com. Geeks On Call franchises are independently owned and operated. ... Read more

Customer Reviews (1)

offers no technical answer to phishing
If you are new to the Web and the Internet, this book suggests how you can protect yourself against the various types of malware lurking out there in the Net. Like beware of downloading attachments from unknown senders. These might be viruses that could ruin your machine. It is recommended that you install an antivirus program, that can keep an eye out for the latest viruses.

And be careful of the numerous phishing emails that purport to be from eBay, Paypal or your bank, urging you to login to your account. The book gives no effective technical means to detect phishing. Instead, you are urged to manually exercise caution when getting one of those messages. This advice is typical of what is currently considered standard wisdom in antiphishing. Few, including the book's author, appear to have conceived of a simple antidote. ... Read more

Product Description
Learn how to conduct thorough security examinations via illustrations and virtual simulations
A network security breach (a hack, crack, or other invasion) occurs when unauthorized access to the network is achieved and havoc results. The best possible defense is an offensive strategy that allows you to regularly test your network to reveal the vulnerabilities and close the holes before someone gets in. Written by veteran author and security expert John Chirillo, Hack Attacks Testing explains how to perform your own security audits.
Step by step, the book covers how-to drilldowns for installing and configuring your Tiger Box operating systems, installations, and configurations for some of the most popular auditing software suites. In addition, it includes both common and custom usages, scanning methods, and reporting routines of each. Finally, Chirillo inspects the individual vulnerability scanner results and compares them in an evaluation matrix against a select group of intentional security holes on a target network. Chirillo tackles such topics as:
* Building a multisystem Tiger Box
* Basic Windows 2000 Server installation and configuration for auditing
* Basic Linux and Solaris installation and configuration
* Basic Mac OS X installation and configuration for auditing
* ISS, CyberCop, Nessus, SAINT, and STAT scanners
* Using security analysis tools for Mac OS X
* Vulnerability assessment
Bonus CD!
The CD contains virtual simulations of scanners, ISS Internet Scanner evaluation version, and more. ... Read more

Customer Reviews (5)

Way outdated
This book may have had some value when it was written, but most of the content is obsolete by now.

Moreover, it spends a good portion of the text describing how to install the products and most of the rest is dedicated to the description of the options (essentially a cut-and-paste) from the manuals.

A waste of time (money and paper).

I Learned Absolutely Nothing From This Book
I expected this book to cover security audits.

This book is a step by step guide to using a handfull of auditing tools (including installation).

If you have never seen an auditing tool like Nessus or hping then this book may teach you something. However, after reading this book alone, you will by no means have the knowledge required to conduct a security audit. You are only shown how a few tools work. Not what to do with the information provided, not what it means, nothing.

Excellent starting place for security evaluation training
John Chirillo routinely stuffs his books with a wide variety of hard to find technical gems.This book is no exception as he has created an exceptional manual on security auditing.His compilation of tools is excellent and the book descriptions and how-to's, even better.For those that are inclined, he outlines the building of a Tiger Box (testing system) which takes full advantage of the tools contained on the CDROM.The head to head comparisons of the popular security tools help you in selecting the security tool that is right for you.If you are playing catch up in the mad-cap world of Internet security, this book can help you level the playing field.The CDROM also contains the highly functional Tiger Tools Suite which takes the difficult job of security testing to the level of simple mouse clicks.This is a good book to break in a beginner and is full of information to satisfy the security veteran.

Good Beginner Guide to Vulnerability Assessments
I enjoyed the detail in this book and the configurations are technically sound. The author covered the best known software with clear instructions on getting up and running and then performing an audit with each package. The book closes with an interesting evaluation ranking chart and compares each package based on number of issues detected. The text is easy to follow and formatted well. This is a good beginner guide to vulnerability assessments (veterans need not apply).

How to conduct 1/7th of your security audit
I find this to be a rather confusing book.

The title suggests I will learn how to conduct my own security audit,
but when I've finished the book, all that seems to remain is how
I install Windows 2000 Server and Linux/Solaris, a number of brief
user guides about various vulnerability scanners, and a short comparison
of them.Where did the audit bits go? Looking for them in the table of
contents produces nothing.

There is a description of what a security audit should include in the
introductory text of Part I. It's almost hidden away -- Part I is
titled "Building a Multisystem Tiger Box", and not even the table of
contents hints that there's more important information here.

The book says a security audit consists of seven phases:
blind testing, knowledegable penetration, Internet security and services,
dial-up audit, local infrastructure audit, WAN audit and reporting.
It comes as a disappointment to find, then, that only
phase 1 (blind testing) and phase 4 (dial-up audit) will be covered.
I hoped I would get pointers where to look for information how to do
the remaining five phases, but it seems to have been omitted.

The dial-up audit, furthermore, seems to have been lost. The only place
where it is mentioned in the book (according to the index) is in this
description.

My personal reaction is of course to retitle the book: "How to
do 1/7ths of a security audit". I feel a bit cheated.

The book goes on to describe how to set up a multi-boot system to use
for security audits (chapters 1-3). As far as I see, it's just basic
installation walkthroughs, without any discussions of why a particular
configuration choice is made, or how it affects the purpose of using
the multi-boot system. Also, very little is said about theproblems
involved in multi-booting (such as choosing good partition sizes), and
there is nothing on how much disk is required, though the Solaris
description suggests 5 Gb for Solaris alone. The problem of sharing
information between the different environments is not touched upon either,
but will be encountered very quickly by anyone actually using the system in practice.

Nor is there anything about why Windows 2000 Server is used for the
installation description (what with all the bits about Active Directory, domains,
trust etc.), and there's nothing at all about the problems
and benefits of being able to conduct an audit both entirely outside a Windows

domain, as well as being part of it.

Part II is about using security analysis tools on windows. Again it starts
off with an introductory part (again hidden away to anyone
using the table of contents) describing audits of the SANS Top 20 Vulnerabilities.
I can't imagine why the table of contents does not mention this: it
is important. Some of the suggestions, though, (such as the question of missing
backups) does not really come withing the scope of the book, or even the full
seven phase security audit described earlier: security policies are not
covered. This is rather confusing: it feels as if something was missing from the book.

The main chapters of Part II describe the capabilities of Cerberus
Internet Scanner, CyberCop Scanner, ISS Internet Scanner, Harris STAT,
and TigerSuite 4.0.The descriptions are more of the nature of short
user guides -- it would have been far more useful to have actual
pratical experience from using them.

The last product (TigerSuite 4.0) can hardly be compared with the other
vulnerability scanners, and it's not clear from the description in what way
it may complement them. The only practical application described in that
of tracerouting, but it could easily have been done with already available tools.

Part III does the same, but for Linux, Solaris and Mac OS X. The different chapters
describes various Unix programs: hping2, Nessus, nmap, SAINT, SARA.
As the introductory part gives a list of Linux commands, it appears to
be intended for the novice, but already in the chapter on hping2 the
reader is expected to read and understand substantial material from tcpdump
without any help from the text.

The reason hping2 is included seems to be
on the idea that it can be used for IP spoofing -- indeed, there's a
fairly long description how spoofing was used by Kevin Mitnick to gain access to
another system. But just how this connects with hping2 is not explained.

Part IV is titled "Vulnerability Assessment" and contains one single
chapter in which the result from running the various vulnerability scanners
against a specially designed target network are compared in various tables.
No interpretation is provided, unfortunately.

In addition to the odd lacunas in the table of contents that already have been
mentioned, the text appears to has been badly served by the editor: there are
numerous ambiguities sprinkled around. One if the best can be found on the very
first line of the introduction:

"The objective of this book is to fill a gap found in most books on
security: How security examinations can be conducted via illustrations
and virtual simulations."

Most readers will hopefully be able to figure out what the intended meaning is.

Those 'virtual simulations' (whatever they may be) are found on the CD:
short recorded demo walkthroughs of how to use some of the tools described in
the book.

The two stars are mainly for the information on the vulnerability scanners.
Had the book described the pitfalls in using automated tools (such as the
inevitable false positives) and went into the pratical issues around using
the tools it would easily have obtained a third star, provided the title had been
modified to indicate that the book is mainly about tools.

I would recommend the book "Hack I.T. -- security through penetration testing"
by Klevinsky, Laliberte and Gupta instead. It works with a smaller scope -- that
of the penetration test, not the full security audit -- but covers it far better. ... Read more

Product Description
A keen insider's guide to investment rip-offs, scams and conartists.This book takes an investigative look at the reasons why Ponzi schemes and pyramid frauds are thriving everywhere. It closely examines why over 100,000 Americans are suckered into the schemes every year. Tips are offered to detect schemes and respond when they occur. The purpose of the book is to educate consumers and make them aware of how scams work.
... Read more

Product Description
This digital document is an article from National Underwriter Property & Casualty-Risk & Benefits Management, published by The National Underwriter Company on December 3, 2001. The length of the article is 1273 words. The page length shown above is based on a typical 300-word page. The article is delivered in HTML format and is available in your Amazon.com Digital Locker immediately after purchase. You can view it with any web browser.

Citation Details
Title: Time Is Right For Claim--Made Settlements In Securities Fraud Class Actions. (D & Q Settlement Alternative).(Brief Article)
Author: Joseph P. Monteleone
Publication: National Underwriter Property & Casualty-Risk & Benefits Management (Magazine/Journal)
Date: December 3, 2001
Publisher: The National Underwriter Company
Volume: 105Issue: 49Page: 23(2)

Article Type: Brief Article

Distributed by Thomson Gale ... Read more

Product Description
This digital document is an article from Real Estate Issues, published by The Counselors of Real Estate on September 22, 2008. The length of the article is 4181 words. The page length shown above is based on a typical 300-word page. The article is delivered in HTML format and is available immediately after purchase. You can view it with any web browser.

Citation Details
Title: Green building representations and the emerging potential for securities fraud liability.(FOCUS ON GREEN BUILDING)
Author: Brian D. Anderson
Publication: Real Estate Issues (Magazine/Journal)
Date: September 22, 2008
Publisher: The Counselors of Real Estate
Volume: 33Issue: 3Page: 53(6)

Distributed by Gale, a part of Cengage Learning ... Read more

Product Description
This digital document is an article from Security Management, published by American Society for Industrial Security on December 1, 1992. The length of the article is 3590 words. The page length shown above is based on a typical 300-word page. The article is delivered in HTML format and is available in your Amazon.com Digital Locker immediately after purchase. You can view it with any web browser.

From the supplier: Credit card fraud is fluorishing because it is easy to do. Personal identification is not necessary when using credit cards and authorization procedures are inadequate in detecting the crime immediately. Card fraud cannot be solved or removed by one technological advancement. The credit card industry in coordination with other affected groups must search for better security measures to clamp down on this crime before it gets uncontrollable.

Citation Details
Title: Card fraud: discover the possibilities. (credit card)(includes related article)
Author: Barry Masuda
Publication: Security Management (Refereed)
Date: December 1, 1992
Publisher: American Society for Industrial Security
Volume: v36Issue: n12Page: p71(4)

Distributed by Thomson Gale ... Read more

Product Description
This digital document is an article from Security Management, published by American Society for Industrial Security on May 1, 2001. The length of the article is 869 words. The page length shown above is based on a typical 300-word page. The article is delivered in HTML format and is available in your Amazon.com Digital Locker immediately after purchase. You can view it with any web browser.

Citation Details
Title: E-Business Fraud Fighters Unite.(Brief Article)
Author: Peter Piazza
Publication: Security Management (Refereed)
Date: May 1, 2001
Publisher: American Society for Industrial Security
Volume: 45Issue: 5Page: 37

Article Type: Brief Article

Distributed by Thomson Gale ... Read more

Product Description
This digital document is an article from Security Management, published by American Society for Industrial Security on March 1, 1991. The length of the article is 2535 words. The page length shown above is based on a typical 300-word page. The article is delivered in HTML format and is available in your Amazon.com Digital Locker immediately after purchase. You can view it with any web browser.

Citation Details
Title: Guarding against cults. (cults involved in financial fraud)
Author: Larry Kahaner
Publication: Security Management (Refereed)
Date: March 1, 1991
Publisher: American Society for Industrial Security
Volume: v35Issue: n3Page: p54(5)

Distributed by Thomson Gale ... Read more

Product Description
This digital document is an article from National Underwriter Property & Casualty-Risk & Benefits Management, published by The National Underwriter Company on February 25, 2002. The length of the article is 1124 words. The page length shown above is based on a typical 300-word page. The article is delivered in HTML format and is available in your Amazon.com Digital Locker immediately after purchase. You can view it with any web browser.

Citation Details
Title: 401(k) Suits follow securities fraud litigation. (Specialty Market Report).
Author: Joseph P. Monteleene
Publication: National Underwriter Property & Casualty-Risk & Benefits Management (Magazine/Journal)
Date: February 25, 2002
Publisher: The National Underwriter Company
Volume: 106Issue: 8Page: 11(2)

Distributed by Thomson Gale ... Read more