Access to a computer system or the internet requires the transfer of data to gain "entry" and is subject to a host of security breaches. The safest way to access any system is to have a secure login name and password. But when your connection is suspect using that login information can be like opening the door to anyone.
SpinSafe
Secure Remote Access
Computer Security
Internet Security
Personal Security
The Little Black Book of Computer Security
Product Description
Every day, new reports of viruses, worms, trojans, spyware, and just plain hacker mischief appear. If you’re an IT manager, it is hard to keep up and can seem like a losing battle. The hackers are winning the war — or are they? The Little Black Book of Security tells you how to go about keeping your network hacker-free. As a concise guide to IT security presented in an easy-to-read checklist format, this book provides a quick reference to the whole range of procedu… More >>
Reader's Comments
Leave a Comment
The technologies of computer security are based on logic. As security is not necessarily the primary goal of most computer applications, designing a program with security in mind often imposes restrictions on that program's behavior.
Security Resource Links
Secure Web Hosting
Personal VPN SSL Services
Seamlessly secures your data over any wireless or wired network to WiTopia’s Secure Internet Gateways. Great for Hotspots, when traveling, or anywhere. |
|
Seamlessly secures your data over any wireless or wired network to WiTopia’s Secure Internet Gateways. Great for Hotspots, when traveling, or anywhere. |
PPTP is best for customers desiring ultimate ease of use and not wishing to install any additional software on their computer or device. |
 personalVPN SSL & PPTP Bundle Mac Edition Unleash maximum geek power with our preeminent VPN plan. It ensures unparalleled flexibility, ease of use, and security across the widest range of devices. |
|
personalVPN SSL & PPTP Bundle Windows Edition Unleash maximum geek power with our preeminent VPN plan. It ensures unparalleled flexibility, ease of use, and security across the widest range of devices. |
 CloakBox™ with 12 Months Included Service Extend the Power of personalVPN™ to every computer on your home or small business network as well as enjoy greatly extended Wi-Fi range and strong security for your wireless computers. |
The book is excellent as a checklist approach to security and how broad security really is. The weakness lies in the detail. For example, the author suggests removing the following characters as part of input validation (&, !, #, $, %, *, @). Unfortunately if you field is for email the @ will be required. In addition, if someone is doing a SQL attack the still have all the great ones left (< , >, =, ‘).
My rating was based on the checklist, not on the technical advise.
Rating: 4 / 5
The book is written so that anybody can pick it up and use it. The author does not bother going into great detail explaining the security concerns or the various steps that he includes to resolve or mitigate the issues. However there is enough information there to point you in the right direction. That is the strength of the book, it is small and concise, but provides the information that administrators, or I.T. managers, or even everyday computer users, need to analyze their own security and identify areas that need strengthening. If the reader does not know the difference between a POST and a GET command, they will need to go elsewhere. But this book will at least have let them know that those are areas they should be concerned with. The Black Book won’t make you a security guru, but it can be a great tool to help you audit and lock down your computer security.
Rating: 5 / 5
Some computer security books are written for complete novices, while others assume some level of knowledge on the part of the reader. The Little Black Book of Computer Security does neither.
Joel Dubin’s book is written in such a way that anybody can pick it up and use it as an action plan. Dubin does not bother going into great detail explaining the security concerns or the various steps that he includes to resolve or mitigate the issues. But, there is enough information there to point you in the right direction.
That is the strength of the book really. It is small and concise, but provides the information that administrators, or I.T. managers, or even everyday computer users, need to analyze their own security and identify areas that need strengthening.
If the reader is going through the Secure Your Web Site chapter and doesn’t understand what the ‘Root Directory’ is, or what the difference between a POST and a GET command are, they will need to go elsewhere to educate themselves. But, this book will at least have let them know that those are areas they should be concerned with.
The Black Book won’t make you a security guru, but it can be a great tool to help you audit and lock down your computer security.
Rating: 4 / 5
As a complete novice, I found this book to be very helpful. I oversee a growing business with equally growing IT needs, and I have been increasingly concerned about the security of my computer systems. I was looking for something to give me a brief overview of the process and found it in this book. It also wasn’t too technical for a businessperson, such as myself, to understand. I recommend to any business manager involved in IT security.
Rating: 5 / 5
This book is a very different approach to Information Security. I have to say, I think this style is long over do. The style that Joel uses is a checklist format to most security issues facing companies today. The book starts off with an introduction to Information Security, including many definitions and terms. This is the only place I really have any issues with the book. Some of the definitions are not in line with the Information Security community’s definition. Without going into too much detail, I highly recommend that anyone who reads this book, please take the definitions lightly. Focus more on the actual content of the book.
The first step the author takes is to categorize attacks. He does this to help layout the rest of the book. After categorizing attacks and risks, he introduces you to assessing your systems. This is where this book excels. The format from this point forward is in the form of lists. Almost checklist like in some chapters. The checklist could be used by anyone in technology that needs to understand or quickly get a grasp of what should be considered when auditing systems.
The Email chapter is a good example of how these outlines are provided and how they can be helpful. The chapter starts out with a few paragraphs about overall security of email, such as sniffing and spoofing as threats. It then quickly turns to outline format starting with overall posture, encryption, providing privacy to specific users, and then heads to Spam and Infections. In this chapter the author also tangents and provides a sidebar on how fake emails can be generated and sent. This information could help one understand the simplicity in the attacks as well give some firepower to the reader to present to management when trying to gain funding for extra protection.
Chapters that follow are Writing Policies, HR and Physical security, Software Access Controls, Email Security, Malware protection, Web site and Perimeter protection, Intrusion Detection and Response, Disaster Recovery, Wireless, Securing Code, Operating System Security, Protecting Privacy, Preventing Identity Theft, and Protecting Children.
Each of these chapters provides an outline of absolute items that must be considered when discussing security on any of the subjects. The outlines are very well organized and some will even go into detail about other considerations. The book rounds out with future security trends and some cheat sheets, useful web links and other goodies that any reader could find helpful.
Overall this book is for anyone in the technical field, whether hands on or management. The book is written in such a way that anyone wanting to audit or assess a specific in their environment would find this book helpful.
I recommend this book and give it 4 stars.
Rating: 4 / 5