REVIEW: "Corporate Computer and Network Security", Raymond R. Panko

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Aug 25, 2005.

  1. BKCPCNSC.RVW 20050614

    "Corporate Computer and Network Security", Raymond R. Panko, 2004,
    0-13-038471-2
    %A Raymond R. Panko pankosecurity.com
    %C One Lake St., Upper Saddle River, NJ 07458
    %D 2004
    %G 0-13-038471-2
    %I Prentice Hall
    %O 800-576-3800 +1-201-236-7139 fax: +1-201-236-7131
    %O http://www.amazon.com/exec/obidos/ASIN/0130384712/robsladesinterne
    http://www.amazon.co.uk/exec/obidos/ASIN/0130384712/robsladesinte-21
    %O http://www.amazon.ca/exec/obidos/ASIN/0130384712/robsladesin03-20
    %O Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
    %P 522 p.
    %T "Corporate Computer and Network Security"

    In the preface (for teachers), Panko states that this is a text for a
    security course. The book is said to be based on the CISSP (Certified
    Information Systems Security Professional) "exam," although there is a
    definite lack of material dealing with architecture, physical
    security, and security management.

    Chapter one is a list of possible attacks and security problems.
    There are "Test Your Understanding" questions sprinkled throughout,
    but they are mostly on the level of fact-based reading checks. (One
    of the later examples asks "What is shoulder surfing?" immediately
    under a paragraph on shoulder surfing.) There is also a chapter "1a"
    with a collection of very terse "case studies" (one is only a sentence
    in length). Access control and a tiny mention of physical security is
    in chapter two. (As well as a very strange mention of wireless LANs:
    the author considers WLAN access to be a factor of site security.)
    There are odd and sometimes careless mistakes: "rters" is said to be
    four characters. The emphasis seems to be on minutiae rather than
    concepts. A lot of material is repeated: two separate paragraphs deal
    with piggybacking, only five paragraphs apart. The facts are
    generally correct, but the discussions are often misleading if not
    wrong: a confusing deliberation of what is probably false acceptance
    incorrectly refers to the situation as false rejection. Chapter three
    reviews the TCP/IP protocol suite. (Again, the conceptual material is
    weak: Panko asserts that the real world uses an amalgam of the OSI
    [Open Systems Interconnection] and TCP/IP models, whereas the TCP/IP
    protocol suite is generally described with reference to the OSI model.
    Anyone who has actually used the OSI protocols knows why the rest of
    the world uses TCP/IP.) Network attacks are discussed in chapter
    four. (Oddly, in the midst of a list of net probing activities comes
    a mention of looking up corporate information on the Security and
    Exchange Commission's EDGAR database.) There is also a rather limited
    section on malware. Chapter five looks at firewalls. Some generic
    advice on hardening hosts or desktop computers is given in chapter
    six. Chapters seven and eight contain miscellaneous references to
    cryptographic ideas or practices. Most of the discussion of
    application security, in chapter nine, is limited to Web and e-
    commerce problems. Chapter ten is a rather mixed bag of incident
    response, automated intrusion detection, and business continuity
    planning. Security should be managed, says chapter eleven, but it
    doesn't give an awful lot of help on how it can be done. Most of
    chapter twelve looks at computer related laws.

    The book seems to be a very loosely structured compilation of points
    related to security. The lack of overall organization means that
    material is often disjointed and repetitive. As with anything, in the
    hands of a good teacher this could be used for a computer security
    course text. In the hands of one who followed the text closely, the
    course would be a bit ragged.

    copyright Robert M. Slade, 2005 BKCPCNSC.RVW 20050614

    --
    ======================

    ============= for back issues:
    [Base URL] site http://victoria.tc.ca/techrev/
    or mirror http://sun.soci.niu.edu/~rslade/
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Book reviews: [Base URL]mnbk.htm
    Review mailing list: send mail to
    or
     
    Rob Slade, doting grandpa of Ryan and Trevor, Aug 25, 2005
    #1
    1. Advertising

  2. "Rob Slade, doting grandpa of Ryan and Trevor" <> wrote in
    message news:4PpPe.14$...
    > BKCPCNSC.RVW 20050614
    >
    > "Corporate Computer and Network Security", Raymond R. Panko, 2004,
    > 0-13-038471-2
    > %A Raymond R. Panko pankosecurity.com
    > %C One Lake St., Upper Saddle River, NJ 07458
    > %D 2004
    > %G 0-13-038471-2
    > %I Prentice Hall
    > %O 800-576-3800 +1-201-236-7139 fax: +1-201-236-7131
    > %O http://www.amazon.com/exec/obidos/ASIN/0130384712/robsladesinterne
    > http://www.amazon.co.uk/exec/obidos/ASIN/0130384712/robsladesinte-21
    > %O http://www.amazon.ca/exec/obidos/ASIN/0130384712/robsladesin03-20
    > %O Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
    > %P 522 p.
    > %T "Corporate Computer and Network Security"


    <snip>

    Another excellent review, Rob, but one comment:

    In my experience, software guys often talk IP, but many network hardware
    contractors still talk in OSI. Damned awkward for troubleshooting, just a
    lamentable fact.

    Might show more about the author's roots than anything else.

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Aug 27, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thad

    DP Review Leica Digilux 2 Review

    Thad, May 11, 2004, in forum: Digital Photography
    Replies:
    9
    Views:
    564
    ArtKramr
    May 12, 2004
  2. Mike McGee
    Replies:
    0
    Views:
    1,127
    Mike McGee
    Dec 4, 2003
  3. Doug MacLean
    Replies:
    1
    Views:
    868
  4. Replies:
    2
    Views:
    427
    =?ISO-8859-1?Q?R=F4g=EAr?=
    Sep 1, 2007
  5. Replies:
    0
    Views:
    1,015
Loading...

Share This Page