Security Administrator Street Smarts: A Real World Guide to CompTIA Security+ Skills Review

Average Reviews:

(More customer reviews)Not an Exam Cram type of book, this book is aimed at giving newcomers to the security field a solid background and understanding of what the job entails. Only incidentally does this book follow the CompTIA Security+ certificate examination (Exam #SY0-101) recommendations and thus provide a dual purpose.
The book is organized into tenphases or major sections. Each phase then has a series of Tasks to be performed. The first phase is entitled 'The Grunt Work of Security.' In it you start by making a security assessment of your network. By phase 10 you have completed hardening, securing the storage, set up user accounts, protected against virus and other malware attacks and more. In phase 10 you study troubleshooting.
I found the book to be easy reading, and the phase/task approach worked well for me. It provides a well needed break in the reading. And let's face it, reading about security is a lot less exciting than reading about Harry Potter.

Click Here to see more reviews about: Security Administrator Street Smarts: A Real World Guide to CompTIA Security+ Skills

A step-by-step guide to the tasks involved in security administration
If you aspire to a career in security administration, one of your greatest challenges will be gaining hands-on experience. This book takes you through the most common security admin tasks step by step, showing you the way around many of the roadblocks you can expect on the job. It offers a variety of scenarios in each phase of the security administrator's job, giving you the confidence of first-hand experience.
In addition, this is an ideal complement to the brand-new, bestselling CompTIA Security+ Study Guide, 5th Edition or the CompTIA Security+ Deluxe Study Guide, 2nd Edition, the latest offerings from Sybex for CompTIA's Security+ SY0-301 exam.
Targets security administrators who confront a wide assortment of challenging tasks and those seeking a career in security administration who are hampered by a lack of actual experience
Walks you through a variety of common tasks, demonstrating step by step how to perform them and how to circumvent roadblocks you may encounter
Features tasks that are arranged according to four phases of the security administrator's role: designing a secure network, creating and implementing standard security policies, identifying insecure systems in an existing environment, and training both onsite and remote users
Ideal hands-on for those preparing for CompTIA's Security+ exam (SY0-301)

This comprehensive workbook provides the next best thing to intensive on-the-job training for security professionals.

Get 34% OFF

Click here for more information about Security Administrator Street Smarts: A Real World Guide to CompTIA Security+ Skills

Read More...

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems Review

Average Reviews:

(More customer reviews)To use "American Idol" lingo, you've already read reviews by Randy Jackson and Paula Abdul. It's time for the truth from Simon Cowell -- Practical Packet Analysis (PPA) is a disaster. I am not biased against books for beginners; see my five star review of Computer Networking by Jeanna Matthews. I am not biased against author Chris Sanders; he seems like a nice guy who is trying to write a helpful book. I am not a misguided newbie; I've written three books involving traffic analysis. I did not skim the book; I read all of it on a flight from San Jose to Washington Dulles. I do not dislike publisher No Starch; I just wrote a five star review for Designing BSD Rootkits by Joseph Kong.
PPA is written for beginners, or at least it should be intended for beginners givens its subject matter. It appears the author is also a beginner, or worse, someone who has not learned fundamental networking concepts. This situation results in a book that will mislead readers who are not equipped to recognize the numerous technical and conceptual problems in the text. This review will highlight several to make my point. These are not all of the problems in the book.
p 21: This is painfully wrong on multiple levels: "When one computer needs to send data to another, it sends an ARP request to the switch it is connected to. The switch then sends an ARP broadcast packet to all of the computers connected to it... The switch now has a route established to that destination computer... This newly obtained information is stored in the switch's ARP cache so that the switch does not have to send a new ARP broadcast every time it needs to send data to a computer." This misconception is aggravated on p 62 in the discussion of ARP.
p 65, Figure 6-5: The TCP three way handshake is not SYN - ACK - SYN.
p 78, Figure 7-3: The TCP three way handshake is not SYN - ACK - ACK.
p 79: Packet 5 is not "the packet that was lost and is now being retransmitted." Packet 2 is.
p 80: There is no "ICMP type 0, code 1 packet."
p 85: This boggles the mind: "Immediately after that ARP packet, we see a bunch of NetBIOS traffic... If that other IP address wasn't a sign that something is wrong, then all of this NetBIOS traffic definitely is. NetBIOS is an older protocol that is typically only used as a backup when TCP/IP isn't working. The appearance of NetBIOS traffic here means that since Beth's computer was unable to successfully connect to the Internet with TCP/IP, it reverted back to NetBIOS as an alternate means of communication -- but that also failed. (Anytime you see NetBIOS on your network, it is often a good sign that something is not quite right.)"
p 85: This "troubleshooting" example highlights the different default gateways for Barry and Beth as being the "biggest anomaly" causing Beth's computer to not work. The author ignores the fact that Barry and Beth have computers with the same MAC addresses.
p 89: Traces recorded at a client and server are compared. The author says "The two capture files look amazingly similar; in fact, the only difference between the two files is that the source and destination addresses on the SYN packets have been switched around." Good grief.
p 106: Another "troubleshooting" scenario wonders if a "slow network" problem is related to the fact that tracerouting out from a host fails to produce a response from the router. However, the traceroute continues past the router, so connectivity exists (missed by the author). He says "we know our problem lies with our network's internal router because we were never able to receive an ICMP response from it. Routers are very complicated devices, so we aren't going to delve into the semantics of exactly what is wrong with the router."
pp 107-8: Yet another "troubleshooting" issue wonders why seemingly "double packets" are seen while sniffing on a host. The author wonders if "misconfigured port mirroring" could be the problem, ignoring his statement that the trace was collected on the host in question. He doesn't notice that each "double packet" has a unique MAC address pairing, i.e., packet 1 involves 00:d0:59:aa:af:80 > 00:01:96:3c:3f:54 and packet 2 involves 00:01:96:3c:3f:a8 > 00:20:78:e1:5a:80. Assuming 00:d0:59:aa:af:80 is the only MAC address for the troubled host, there is no way this machine could see traffic "bouncing back" -- the destination MAC address for the dupe packet is 00:20:78:e1:5a:80.
p 110: Another "troubleshooting" example fails to recognize that packets 1-18 and 29 are part of one unique TCP session, and 19-28 are an entirely different session. Packet 29's RST ACK is not an "acknowledgement" of the RST in packet 28; besides not being an actual protocol mechanism, those packets are from different sessions anyway!
p 112: "More ominously, most of the traffic is being sent with the TCP PSH flag on, which forces a receiving computer to skip its buffer and push that traffic straight through, ahead of any other traffic. That is almost always a bad sign." It's a bad sign when you don't know what you're talking about, apparently.
p 129: "Display filters make it easy to search for traffic such as DCEPRC (sic), NetBIOS, or ICMP, which should not be seen under normal circumstances." I guess Windows networks never use at least DCERPC regularly?
This book should not have been published. The author should sit down with Interconnections, 2nd Ed by Radia Perlman, Troubleshooting Campus Networks by Priscilla Oppenheimer/Joseph Bardwell, and The Internet and its Protocols by Adrian Farrel, and learn how networks operate. Then he should have Gerald Combs REALLY provide a technical edit of PPA, since it's clear Mr Combs probably skimmed this book without catching the issues noted above.
The only positives I can say for PPA is that, like other No Starch books, it's form factor and readability is excellent. The diagrams are clear (albeit often misunderstood) and the obvious typos are few. As far as learning anything, the mention of "Expert Infos" on p 100 was nice.

Click Here to see more reviews about: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems

Click here for more information about Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems

Read More...

The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice Review

Average Reviews:

(More customer reviews)Are you a beginning security professional; as well as, a network and system administrator? If you are, then this book is for you! Author Jason Andress, has done an outstanding job of writing a book that can be used to develop a better understanding of how to protect information assets and defend against attacks; as well as, how to apply these concepts practically.
Andress, begins by covering some of the most basic concepts of information security. In addition, the author covers the security principles of identification and authentication. He then discusses the use of authorization and access control. The author then, discusses the use of auditing and accountability. He continues by discussing the use of cryptography. In addition, the author covers operational security. He then discusses physical security.
The author then shows you how to protect networks from a variety of different angles. Then, he explores hardening as one of the primary tools for securing the operating system and the steps that might be taken to do so. Finally, he shows you different ways in which to secure applications.
This most excellent book, provides the reader with a basic knowledge of information security in both theoretical and practical aspects. Perhaps more importantly, the concepts discussed in this book can be used to drive security projects and policies, in order to mitigate some of the issues discussed.

Click Here to see more reviews about: The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice

Get 40% OFF

Click here for more information about The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice

Read More...

ScreenOS Cookbook Review

Average Reviews:

(More customer reviews)Simply put, anyone who is currently evaluating or managing ScreenOS based Firewalls should own this book and have it close by.
The 1st chapter of the book alone shows the most useful commands that every administrator needs to know. It also details the architecture of ScreenOS which is the key to creating and implementing a relevant security policy in any network.
The book is well written and organized with CLI commands in bold and CLI responses in plain text which make it easy to differentiate what the user should be typing and what they should be seeing. (There are also some GUI screen shots in the book as well.) The book has excellent examples of packet walks, O.S. Architecture, and network diagrams.
A huge benefit of the book is that it doesn't bore the user with the history of the Internet or TCP/IP, etc. It jumps right in to specific examples and configuration guidelines relevant to what the chapter is trying to cover. The book is also very current and covers almost the latest version of ScreenOS. A great example is that there is an excellent chapter on configuring NSRP (HA) with Dynamic Routing Protocols (to sync routes from DRP's) and how that is configured in ScreenOS 6.0 which was the first release to support that feature. ScreenOS 6.0 is a very current release of ScreenOS.
As a user of ScreenOS for 5 years, I can absolutely say this book will be a welcome addition to my library!
Last note: Chapter 21 covers VSYS or Virtual Systems which is a major strength of ScreenOS and not well understood by many users. That chapter alone makes the book worth the cost.


Click Here to see more reviews about: ScreenOS Cookbook


Written by key members of Juniper Network's ScreenOS development team, this one-of-a-kind Cookbook helps you troubleshoot secure networks that runScreenOS firewall appliances. Scores of recipes address a wide range of security issues, provide step-by-step solutions, and include discussions of why the recipes work, so you can easily set up and keep ScreenOS systems on track.ScreenOS Cookbook gives you real-world fixes, techniques, and configurations that save time -- not hypothetical situations out of a textbook. The book comes directly from the experience of engineers who have seen and fixed every conceivable ScreenOS network topology, from small branch office firewalls to appliances for large core enterprise and government, to the heavy duty protocol driven service provider network. Its easy-to-follow format enables you to find the topic and specific recipe you need right away and match it to your network and security issue. Topics include:

Configuring and managing ScreenOS firewalls
NTP (Network Time Protocol)
Interfaces, Zones, and Virtual Routers
Mitigating Denial of Service Attacks
DDNS, DNS, and DHCP
IP Routing
Policy-Based Routing
Elements of Policies
Authentication
Application Layer Gateway (SIP, H323, RPC, RTSP, etc.,)
Content Security
Managing Firewall Policies
IPSEC VPN
RIP, OSPF, BGP, and NSRP
Multicast -- IGPM, PIM, Static Mroutes
Wireless
Along with the usage and troubleshooting recipes, you will also find plenty of tricks, special considerations, ramifications, and general discussions of interesting tangents and network extrapolation. For the accurate, hard-nosed information you require to get yourScreenOS firewallnetwork secure andoperating smoothly , no book matches ScreenOS Cookbook.

Get 14% OFF

Click here for more information about ScreenOS Cookbook

Read More...

Network Security for Dummies Review

Average Reviews:

(More customer reviews)I bought this Network Security for Dummies after spending two frustrating hours in a large bookstore looking at one security text after another and finding that they were all written for people who already know a lot about networks. I suppose the assumption is that you won't get into network security until you have experience running a network, but the small company where I work only just set up a network and we need security right away. We can't afford to pay someone to run the network or be in charge of security. To my relief, the author of Network Security for Dummies understands this. It is obvious that she is just as knowledgeable about protecting networks as the authors of the other books I looked at (I was pretty amazed at what I found when I searched the web for the NRO, which the cover says is where she used to work). But she has taken the time to explain things to those of us who don't live and breathe computers. And she does so without talking down to you. At work we have already used some of the techniques she suggests and I feel confident we can make our network a lot more secure than it was, without spending a lot of money, but with the added advantage of really understanding what we are doing.

Click Here to see more reviews about: Network Security for Dummies

CNN is reporting that a vicious new virus is wreaking havoc on the world's computer networks. Somebody's hacked one of your favorite Web sites and stolen thousands of credit card numbers. The FBI just released a new report on computer crime that's got you shaking in your boots. The experts will tell you that keeping your network safe from the cyber-wolves howling after your assets is complicated, expensive, and best left to them. But the truth is, anybody with a working knowledge of networks and computers can do just about everything necessary to defend their network against most security threats.
Network Security For Dummies arms you with quick, easy, low-cost solutions to all your network security concerns. Whether your network consists of one computer with a high-speed Internet connection or hundreds of workstations distributed across dozens of locations, you'll find what you need to confidently:
Identify your network's security weaknesses
Install an intrusion detection system
Use simple, economical techniques to secure your data
Defend against viruses
Keep hackers at bay
Plug security holes in individual applications
Build a secure network from scratch

Leading national expert Chey Cobb fills you in on the basics of data security, and he explains more complex options you can use to keep your network safe as your grow your business. Among other things, you'll explore:
Developing risk assessments and security plans
Choosing controls without breaking the bank
Anti-virus software, firewalls, intrusion detection systems and access controls
Addressing Unix, Windows and Mac security issues
Patching holes in email, databases, Windows Media Player, NetMeeting, AOL Instant Messenger, and other individual applications
Securing a wireless network
E-Commerce security
Incident response and disaster recovery

Whether you run a storefront tax preparing business or you're the network administrator at a multinational accounting giant, your computer assets are your business. Let Network Security For Dummies provide you with proven strategies and techniques for keeping your precious assets safe.

Get 7% OFF

Click here for more information about Network Security for Dummies

Read More...

CompTIA Security+ Deluxe Study Guide: SY0-201 Review

Average Reviews:

(More customer reviews)I purchased this book 3 weeks before I sat for the exam. The book content, flash cards and 4 practice exams were just the right balance to pass the exam. I would recommend this book to anyone needing/wanting to get the Security+ certification.

Click Here to see more reviews about: CompTIA Security+ Deluxe Study Guide: SY0-201

CompTIA Security+ Deluxe Study Guide gives you complete coverage of the Security+ exam objectives with clear and concise information on crucial security topics. Learn from practical examples and insights drawn from real-world experience and review your newly acquired knowledge with cutting-edge exam preparation software, including a test engine and electronic flashcards. Find authoritative coverage of key topics like general security concepts, communication security, infrastructure security, the basics of cryptography and operational and organizational security. The Deluxe edition contains a bonus exam, special Security Administrators' Troubleshooting Guide appendix, and 100 pages of additional hands-on exercises.

For Instructors: Teaching supplements are available for this title.
Note: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.

Get 30% OFF

Click here for more information about CompTIA Security+ Deluxe Study Guide: SY0-201

Read More...

Beautiful Security: Leading Security Experts Explain How They Think Review

Average Reviews:

(More customer reviews)This collection of essays is a very clearly written introduction to a number of current topics and techniques in computer security. It is not a how-to book, but it includes several case studies and gives you a good idea of what is happening in the field. For the most part the book does not assume prior knowledge in the field, although occasionally a bit of hacker or security jargon is used without being defined.
For me the most interesting chapters were the one with case studies. In this book you will learn how to steal people's credit card numbers at airports (run a cut-rate WiFi access point), how to scan for malicious websites without getting infected (harder than it looks, and a constant battle of measures and countermeasures), and the true history of Pretty Good Privacy, as told by its inventor, Phil Zimmermann (not as lurid as the versions you have probably heard, but still full of twists and turns). You'll learn the going rates for stolen personal and financial information (not that much, so if you're going to steal it, you need to steal a lot) and how to run your own cyber money-laundering network (which seems to be where most of the money and the risk is). Microsoft plays a prominent role in the book, sometimes as hero, sometimes as chump.
The layout and production of the book are very good, and it has a good index (a glossary would have been nice, too). I have a couple of minor gripes: the book is set in itty-bitty type (I measured it at 8 points on 12 point line spacing); and although the book has two editors, the preface is written in the first person singular (apparently by Oram, but this is not stated).
The book's title, "Beautiful Security", was probably modeled on Oram's previous collection Beautiful Code: Leading Programmers Explain How They Think (Theory in Practice (O'Reilly)), but it doesn't really fit the content of this book. Some of the essays mention beauty in the body or the title, but this is usually a token appearance, or is explained as meaning that security should be built in rather than tacked on. The preface states that the purpose of the book is to convince the reader that security is not bureaucratic drudgery but is an exciting career, and I think the book is successful at this.

Click Here to see more reviews about: Beautiful Security: Leading Security Experts Explain How They Think

Get 17% OFF

Click here for more information about Beautiful Security: Leading Security Experts Explain How They Think

Read More...

Computer and Information Security Handbook (The Morgan Kaufmann Series in Computer Security) Review

Average Reviews:

(More customer reviews)Wow! This is the most comprehensive book on information security out there! I keep it handy in my office at all times and have bought copies for all my employees, who refer to it on a near-daily basis. This really is a must-have for anyone in the industry to keep on top of the latest state-of-play for infosec. 5 stars!!

Click Here to see more reviews about: Computer and Information Security Handbook (The Morgan Kaufmann Series in Computer Security)


This book presents information on how to analyze risks to your networks and the steps needed to select and deploy the appropriate countermeasures to reduce your exposure to physical and network threats. It also imparts the skills and knowledge needed to identify and counter some fundamental security risks and requirements, inlcuding Internet security threats and measures (audit trails IP sniffing/spoofing etc.) and how to implement security policies and procedures.

In addition, this book also covers security and network design with respect to particular vulnerabilities and threats. It also covers risk assessment and mitigation and auditing and testing of security systems.

From this book, the reader will also learn about applying the standards and technologies required to build secure VPNs, configure client software and server operating systems, IPsec-enabled routers, firewalls and SSL clients.

Chapter coverage includes identifying vulnerabilities and implementing appropriate countermeasures to prevent and mitigate threats to mission-critical processes. Techniques are explored for creating a business continuity plan (BCP) and the methodology for building an infrastructure that supports its effective implementation.

A public key infrastructure (PKI) is an increasingly critical component for ensuring confidentiality, integrity and authentication in an enterprise. This comprehensive book will provide essential knowledge and skills needed to select, design and deploy a PKI to secure existing and future applications.

This book will include discussion of vulnerability scanners to detect security weaknesses and prevention techniques, as well as allowing access to key services while maintaining systems security.

Chapters contributed by leaders in the field cover theory and practice of computer security technology, allowing the reader to develop a new level of technical expertise.
This book's comprehensive and up-to-date coverage of security issues facilitates learning and allows the reader to remain current and fully informed from multiple viewpoints.
Presents methods of analysis and problem-solving techniques, enhancing the readers grasp of the material and ability to implement practical solutions.

Get 24% OFF

Click here for more information about Computer and Information Security Handbook (The Morgan Kaufmann Series in Computer Security)

Read More...

CEH: Official Certified Ethical Hacker Review Guide: Exam 312-50 Review

Average Reviews:

(More customer reviews)This book is great. Why? Well it's not just because its a great study guide for the CEH exam (Certified Ethical Hacker), but also for the amount of info crammed into a small book. If you're wanting to learn the basics of ethical hacking, then this is the book. Its a quick read, packed full of interesting workable senarios.
What this book is:
1. A great book for your junior security people.
2. Very easy to work through the chapters as labs.
3. Lots of references to cool programs you can find and download.
What this book isn't:
1. Your not going to learn any code.
2. If you're already a better than average hacker this book is not for you.
3. You won't get CEH certified with this book as a stand alone.
4. You do need a basic understanding of networking, security and systems. (This book isnt hacking for dummies).

Click Here to see more reviews about: CEH: Official Certified Ethical Hacker Review Guide: Exam 312-50

Get 37% OFF

Click here for more information about CEH: Official Certified Ethical Hacker Review Guide: Exam 312-50

Read More...

Hacking: The Next Generation (Animal Guide) Review

Average Reviews:

(More customer reviews)I'm always skeptical about books that propose to cover such a vast spectrum of subjects, the book in question however does a wonderful job at explaining in plain english what is happening behind an attack, it unveils the possible motives and end result, and I personally found it a superb manuscript on what is happening today in the fields of hacking and social engineering.
On a more technical side it covers XSS attacks and blended exploits, again in plain english. Though the authors also throw some code in there to keep the techiest of us entertained, personally I found the inclusion of code somewhat unnecessary. 'Plain english' would suffice especially because I found that this would otherwise be the perfect book to hand to someone less techy who wants to know what is happening out there in the wild and to some extent what they need to look out for if they intend to be security conscious. Could they ignore the code? sure! will they? depends on the individual and his/her aversion to programming. It still keeps its five stars though, I cant fault a book for having too much information. The book also covers phishing attacks, that chapter was a very worth wile read. I hold no interest or curiosity in phishing attacks and after reading it I was surprised on what I had learned.
The chapters on social engineering and information gathering were very interesting as well. The authors made a clear effort to mention current online tools that attackers can use to acquire information on a target (may that be a person or a corporate entity) and go into deeper detail on how such an attack can develop into face to face contact with a target. The way the book is written makes it feel like a story, like one attack unfolds into another and that is really why this book is such good fun to read.
If there's something I can fault in this book its really its life span. You have to get it now for it to matter. In 2 years time all this will be old, stale news and at the speed things change in the IT/IS world its really quite inevitable. Social engineering will always be social engineering but the tools used to gather information will surely change.

Click Here to see more reviews about: Hacking: The Next Generation (Animal Guide)

Get 38% OFF

Click here for more information about Hacking: The Next Generation (Animal Guide)

Read More...

Network Security Bible Review

Average Reviews:

(More customer reviews)This is a great book; it goes in great detail about security in all aspects of the computer industry. However it lacks one critical aspect, how do I do that? Like all network and computer professionals, I do not know everything, so when you tell me I should do something a certain way I'd hope that you will also tell me how to do it. With this book I found myself saying, maybe they will tell me what to do later, over and over, never happens. If you want to buy a book that's a reference manual, this is the one to get. If you are looking for a "how to" as well as a "what to look for" book, consider looking elsewhere.

Click Here to see more reviews about: Network Security Bible

Get 39% OFF

Click here for more information about Network Security Bible

Read More...

Mike Meyers' CompTIA Security+ Certification Passport, Second Edition (Mike Meyers' Certification Passport) Review

Average Reviews:

(More customer reviews)With all the hype I've read about Mike Meyers' books, I thought this one was going to be a good one to help me study for the SY0-201 exam. With all the study material I got (three other books besides this one from Sybex, Syngress, and McGraw Hill), this was the least helpful. It's easy to read, but it's very redundant. I don't need to be told that all software should be running the latest security patches and updates 10 times before I turn the page. I need something a little more than that to help me pass the test. If you're going to use this book to help you study, I recommend getting another book or even a brain dump to cover everything this book doesn't.

Click Here to see more reviews about: Mike Meyers' CompTIA Security+ Certification Passport, Second Edition (Mike Meyers' Certification Passport)


From the #1 Name in Professional Certification

Get on the fast track to becoming CompTIA Security+ certified with this affordable, portable study tool. Inside, network security expert T.J. Samuelle guides you on your career path, providing expert tips and sound advice along the way. With an intensive focus only on what you need to know to pass the CompTIA Security+ exam, this certification passport is your ticket to success on exam day.

Featuring:

Itineraries--List of official exam objectives covered

Get 43% OFF

Click here for more information about Mike Meyers' CompTIA Security+ Certification Passport, Second Edition (Mike Meyers' Certification Passport)

Read More...

CompTIA Security+Study Guide: Exam SY0-201 Review

Average Reviews:

(More customer reviews)The book is built on a clean language, the ideas are well organized inside each chapter, but you could perceive that chapters themselves are not in the optimal order...Sometimes you have to jump from one chapter to another to cover completely an idea exposed in this book.
On the other hand, you will have to buy additional simulations and practice questions to complete your preparation, because this book does not offer you practice questions with the appropiate level of complexity compared to the real exam.

Click Here to see more reviews about: CompTIA Security+Study Guide: Exam SY0-201

Comprehensive Coverage to Help You Prepare for the SY0-201 Exam and Beyond

This CompTIA Authorized Study Guide provides complete coverage of the objectives for CompTIA's Security+ Exam (SY0-201), with clear and concise information on crucial security topics. Learn from practical examples and insights drawn from real-world experience and review your newly acquired knowledge with cutting-edge exam preparation software, including a test engine and electronic flashcards. Find authoritative coverage of key exam topics like general security concepts, communication security, infrastructure security, the basics of cryptography and operational and organizational security.

Coverage includes:

General Security Concepts
Identifying Potential Risks
Infrastructure and Connectivity
Monitoring Activity and Intrusion Detection
Implementing and Maintaining a Secure Network
Securing the Network and Environment
Cryptography Basics, Methods, and Standards
Security Policies and Procedures
Security Administration

FEATURED ON THE CD:

Sybex Test Engine including an assessment test and practice exam
Chapter Review Questions
Electronic Flashcards
Entire book in a searchable PDF

Note: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.

For Instructors: Teaching supplements are available for this title.

Get 41% OFF

Click here for more information about CompTIA Security+Study Guide: Exam SY0-201

Read More...

CompTIA Security+ SYO-201 Cert Guide Review

Average Reviews:

(More customer reviews)This is a review for the CompTIA Security+ Cert Guide.
I am a trainer/course developer for a technical school and am in charge of developing a new Security+ course to begin in 2011. I reviewed this and several other books (along with other study materials) to use in the course.
This is a very nicely laid out book. The organization is exactly what I need to base my course around. The book starts small with basic subjects, and progressively builds on them.
Doesn't waste time, gets to the core of Security+ objectives quickly. But, there are also real-word examples, plus hands-on labs and videos. There are lots of questions which are an excellent prep for the actual CompTIA Security+ test. Two practice exams are at the end of the book, with a third on the disc. The disc also has videos that compliment the hands-on labs. Great glossary and index. Plus there are extras for instructors like me that can be downloaded for free. This book made it very easy for me to design my course, whereas I was struggling with other books, trying to match them up to our schedule and timeframe.
I always recommend a second (and perhaps even a third) test preparation source. It's always good to get two viewpoints when studying for an exam.
Accordingly, I plan to use this book along with the Security+ Exam Cram for the course. I use Mr. Prowse's materials for the A+ course as well, and Mr. Harwood's guides for the Net+. They all work very well together, and allow for the student to progress quickly from course to course.
While I am using this book for a technical class, it would work very well for the person who is studying on their own also. I highly recommend it.

Click Here to see more reviews about: CompTIA Security+ SYO-201 Cert Guide

CompTIA® Security+ SY0-201 Cert GuideDavid L. ProwseDVD Features Complete Practice ExamMaster every topic on CompTIA's new Security+ SY0-201 exam.Assess your knowledge and focus your learning.Get the practical workplace knowledge you need!Start-to-finish Security+ SY0-201 preparation from computer security consultant, Security+ trainer, and author David L. Prowse.Master every Security+ SY0-201 topic!Core computer system security conceptsOS hardening and virtualizationApplication securityNetwork design elements and threatsPerimeter securityNetwork media and devices securityPhysical security and authentication modelsAccess control methods and modelsVulnerability and risk assessmentMonitoring and auditingCryptography, including PKI Redundancy and disaster recoveryPolicies, procedures, and peopleTest your knowledge, build your confidence, and succeed!Two practice exams in the book, and an additional exam on the DVD, help you prepare and assess your readinessPacked with visuals to help you learn quicklyKey topics are highlighted to focus your studyExam preparation tasks include a review of key topics, memory table exercises, key terms, hands-on labs, and review questionsDVD Features Complete Practice ExamDetailed explanations of both correct and incorrect answersMultiple test modesRandom questions and order of answersDVD also features complete video solutions to the Hands-On Labs in the bookShelving Category: CertificationCovers: CompTIA Security+

Get 38% OFF

Click here for more information about CompTIA Security+ SYO-201 Cert Guide

Read More...

Network Warrior Review

Average Reviews:

(More customer reviews)Upshot: And you may find yourself...in a machine room or data center. You will need this book. Pros: If you just passed your CCNA exam, or have started working with enterprise level Cisco kit, there's a lot here for you. Cons: If you DON'T work with Cisco kit, why are you here?
For anyone not acquainted with data-centers & network operations, this book shows you how the other hardware half lives. When the author says `you should have passed the CCNA' he's very serious. There are NO EXPLANATIONS of basic Cisco terms. If you are not versed in TCP/IP and SOME Cisco kit, you will be spending a LOT of time in Google. And probably asking yourself why you bought this book.
Those cautions aside, there are gems of `best practices' for non Cisco or smaller network techs here: Amid the Cisco jargon you will find practical advice even for your small business or SOHO LAN, like in Ch. 27 `Basic Firewall Theory', or Chapter 29 on different flavors of 802.11x WiFi and how to secure it. The author even introduces IPv6, with one of the most straightforward explanations I've read yet.
But what really makes this book worth it are the backstories & practical advice from a veteran to new engineers on how to handle failure scenarios as well as the politics involved in maintaining large networks.
In fact, everything from Chapter 39 (`Failure'), Chapter 40 (`GAD's Maxims') to Chapter 41 (`Avoiding Frustration') would be welcome in any IT, infosec or dev reference.
In short, I would somewhat recommend this book for non-CCNA folks interested in Network Engineering or Infrastructure. But I would highly recommend Network Warrior for the audience for which it was intended.
Disclosure: I received the eBook download from O'Reilly for review purposes. I'm not a CCNA but have been around.

Click Here to see more reviews about: Network Warrior


Pick up where certification exams leave off. With this practical, in-depth guide to the entire network infrastructure, you'll learn how to deal with real Cisco networks, rather than the hypothetical situations presented on exams like the CCNA. Network Warrior takes you step by step through the world of routers, switches, firewalls, and other technologies based on the author's extensive field experience. You'll find new content for MPLS, IPv6, VoIP, and wireless in this completely revised second edition, along with examples of Cisco Nexus 5000 and 7000 switches throughout.

Topics include:

An in-depth view of routers and routing
Switching, using Cisco Catalyst and Nexus switches as examples
SOHO VoIP and SOHO wireless access point design and configuration
Introduction to IPv6 with configuration examples
Telecom technologies in the data-networking world, including T1, DS3, frame relay, and MPLS
Security, firewall theory, and configuration, as well as ACL and authentication
Quality of Service (QoS), with an emphasis on low-latency queuing (LLQ)
IP address allocation, Network Time Protocol (NTP), and device failures

Get 39% OFF

Click here for more information about Network Warrior

Read More...

CISSP Study Guide Review

Average Reviews:

(More customer reviews)Obviously I am biased since I am a fellow SANS instructor, but will try to support my thoughts with data. I agree with another poster that the one star ratings are unfair, especially the guy that had not read the book; too funny. Well I have read the book, cover to cover on airplanes and some sections I have read twice. Why four stars? I am concerned that if this is the only CISSP prep you have, you will not be fully prepared for the exam. On the other hand, if you have taken a CISSP review course or read another book, this will be a great supplemental tool. I am a big fan of the Shawn Harris CISSP prep book as well, but you really can't take that monster with you on a trip, this book fit right in my carry on outside pocket.
OK, let's drill down into the book:
Ch 1: How to pass the exam, 5*s, clear and practical
Ch 2: Information Security Governance, 5*s, complete, concise, nothing missing that I can see
Ch 3: Access Control: 4*s, this chapter gets a bit muddy, the authors chose to cover some of the data flow access models in Ch 6 which is fine. First half of the chapter is true to the spirit of the book, the types of attackers section seems to be a touch superficial, thought the Metasploit "Point, click and root" was a chuckle.
Ch 4:Cryptography, 5*s, in my view this is the strongest chapter in the book, clearest explanations I have ever seen with one exception, in 2nd edition I would rework the Vienere Cipher section.
Ch 5: Physical Security, 5*s, complete, concise, let's you review the material in the shortest amount of time
Ch 6:Security Architecture, 4*s, I think there is a risk that the exam could cover more virtualization than the book prepares the candidate for. Not that I have knowledge of what is on the exam, but it is one of the most important topics in security right now and it only gets three paragraphs. I would also rework polyinstantiation, most of the sections are crystal clear, but this is a bit muddy.
Ch 7: Business Continuity, 4*s, I think this chapter could have been a touch shorter to be true to the spirit and approach of the book, all the information is there, but I had to force myself to read it, in second edition, suggest a do over.
Ch 8: Telecommunications, 5*s, authors are true domain experts, so they are able to concisely explain the material
Ch 9: Application Development Security, 5*s, same comment as above, since the authors know this stuff cold, they can make it very clear
Ch 10: Operations Security, 5*s, I do wish ISC2 would get on board with the better incident response model, but that is not the author's fault, this chapter is also true to the spirit of the book.
Ch 11: Legal regulations, 5*s, authors did a better job overall than I do with my course ( I will start the rewrite this week). I would suggest adding the concept of attestation to Chain of Custody.
The remainder of the book is a self test and the authors have additional practice testing on their web site. The Glossary is complete and also concise.


Click Here to see more reviews about: CISSP Study Guide


The CISSP Study Guide is aligned to cover all of the material included in the exam, complete with special attention to recent updates. The10 domains are covered completely and as concisely as possible with an eye to passing the exam thr first time. Each of the 10 domains has its own chapter that includes specially-designed pedagogy to aid you in passing the exam.

Clearly Stated Exam Objectives
Unique Terms / Definitions
Exam Warnings
Helpful Notes
Learning By Example
Stepped Chapter Ending Questions
Self Test Appendix
Detailed Glossary
Web Site (http://booksite.syngress.com/companion/conrad) Contains Two Practice Exams and Ten Podcasts-One for Each Domain

Get 37% OFF

Click here for more information about CISSP Study Guide

Read More...

Build Your Own Security Lab: A Field Guide for Network Testing Review

Average Reviews:

(More customer reviews)I'll be completely honest. I went through this in about two hours, and I plan on returning it. It simply didn't have anything new for me. I was expecting it to be more along the lines of setting up a virtual network, attempting to hack the VMs, and then checking the procedures to see if you did it right.
Instead, this book covers things like how to install OSes into VMs, gives basic overviews of tools, etc. However, this is a great book if you're at the appropriate level for it. I think this makes a good follow-up to CompTIA's Security+ certification. It'll help novices get their feet wet with actual hands-on activities. I've done nearly everything in this book on my own, and that's really the only problem with it. While I didn't pay a great deal of attention to every bit of text, it seemed to be technically accurate and free from errors.
I wish I could give a more detailed review, but I thought I'd at least post this since no one has reviewed it yet. Just take your skill level into account when considering this title. If you want more advanced books, check out the Hacking Exposed series, Grey Hat Hacking, and the Penetration Tester's Open Source Toolkit.

Click Here to see more reviews about: Build Your Own Security Lab: A Field Guide for Network Testing

If your job is to design or implement IT security solutions or if you're studying for any security certification, this is the how-to guide you've been looking for. Here's how to assess your needs, gather the tools, and create a controlled environment in which you can experiment, test, and develop the solutions that work. With liberal examples from real-world scenarios, it tells you exactly how to implement a strategy to secure your systems now and in the future.
Note: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.

Get 40% OFF

Click here for more information about Build Your Own Security Lab: A Field Guide for Network Testing

Read More...