Book Title: Computer Security Handbook, 5th Edition
Author(s): Seymour Bosworth, M.E. Kabay, Eric Whyne
Publisher: Wiley
Date of Publishing: 10th March 2009
ISBN(13): 9780471716525
Price (UK&US price – full price, not discounted price): £150, $220.95
URL of Amazon UK web page: Computer Security Handbook
URL of Amazon UK (Kindle) web page: Not available.
URL of Amazon US web page: Computer Security Handbook (2 Volume Set)
URL of Amazon US (Kindle) web page: Not available.
Three inches thick, eight parts, 77 chapters, and 2040 pages – this is a significant reference document! From the first edition in 1973 when it had 12 chapters and 162 pages, to the current version it has been on steroids. Just since the last edition, published in 2002, it has added 23 chapters and 900 pages! The contributors and particularly the three main authors are all well known, experienced individuals in their field.At over 2000 pages, I am not going to read the whole book! It is a handbook and is meant more as a reference. In performing this review I have chosen three chapters by three different authors at random as being representative of the book as a whole:1. Chapter 15 – Penetrating Computer Systems and Networks2. Chapter 27 – Intrusion Detection and Intrusion Prevention Devices3. Chapter 55 – Cyber InvestigationPenetrating Computer Systems and Networks. This chapter is 36 pages of interesting, readable quality material. Right from the off it is recognised that there are “Multiple factors involved in system penetration” and that human behavior can defeat just about any security measure. The chapter is subdivided into four areas including non-technical and technical techniques, and also considers political and legal issues. The chapter includes an interesting section about the history of Penetration Testing starting way back in 1993 with the publication of “Improving the Security of Your Site by Breaking into it”. The section covers some of the scanning techniques used by the common scanning tools. It also addresses some of the exploits that can be used against machines for example buffer overflow, password cracking and rootkits. This chapter provides a thorough grounding in this complex area. The chapter then completes with a summary, further reading and notes, this same comfortable structure is consistently used throughout each chapter of the handbook. Intrusion Detection and Intrusion Prevention Devices. A shorter chapter at 16 pages, it nonetheless addresses a number of interesting topics. Intrusion Detection and Prevention are described along with where they fit within Security Management. Intrusions are defined as “violations of security policy” and characterised as “attempts to affect the confidentiality, integrity or availability of a computer or network”. The chapter covers a brief history of IDS and IPS systems from as early as the 70’s and 80’s and the early works on Audit originating from the mid 50’s! Much of the early work was funded by the US military. The next section addresses the main concepts of intrusion detection (and then prevention) including information sources (or event generators), the analysis engine and then the response. Various types of information sources are compared, including network, operating system and applications. Issues associated with the many types of information sources are identified such as the balance between collecting too much or too little raw information, collecting the information from appropriate places around the system, the event records must be able to support legal processes and the sensitive nature of the collected information and how it is securely stored. Altogether this chapter is an excellent reference of a complex topic.Cyber Investigation. This chapter has 26 pages. The introduction to this chapter points out that Cyber Investigation (or digital investigation) as a relatively new discipline which has made huge advantages over the last 15 years. Cyber Investigation is now a discipline accepted by the IT community, law enforcement and the forensic science community. Cyber Investigation is described in terms of a taxonomy. This taxonomy has been developed and accepted by the DFRWS (the Digital Forensics Research Workshop). The chapter steps through the framework and describes the Identification, Preservation, Collection, Examination, Analysis and Presentation and describes each of the classes in more detail. The practicalities of an end to end digital investigation (EEDI) are presented in nine steps, each of which is formally defined. Some of the tools and techniques common to the Cyber Forensics Community are discussed together with where they fit into the various steps. This is a completely new field for me, and as a complete beginner I found it most informative, well structured and relatively easy to read. After reading these three random chapters in a fair amount of detail, I found that I did not want to put the book down, and spent much time reading interesting snippets from other chapters of interest. It is a major source of information which I will be happy to have on my (reinforced) bookshelf! Pity an electronic version is not available, nor is a .pdf version provided with the book.
As with previous editions of this book, the final chapter is written by a guest security luminary – in this edition it is Dr. Peter G. Neumann who has contributed “The Future of Information Assurance.”
This book will appeal to students, practitioners, and researchers alike and those concerned with computer and network security will greatly benefit from this handbook. The 5th edition of the book has grown considerably from the last version and even with its substantial price tag still represents considerable value. It is a major source of information which I will be happy to have on my (reinforced) bookshelf!
Marks: 5 out of 5
*****