Customer Reviews

Computer Security for the Home and Small Office

5 star:		(3)
4 star:		(3)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

I recently finished reading and reviewing the book Computer Security for the Home and Small Office by Thomas C. Greene (Apress). While it does seem to lose focus a bit towards the end and has a definite bias (which I agree with!), the overall content and information is vital to know and understand.

The chapter breakdown:
Introducing the Dark Side; Vectors; Social Engineering; From Newbie to Power User; Treasure Hunt; The Open-Source Escape Hatch; Trust Nothing, Fear Nothing; Glossary; Procedures, Processes, and Ports; Online Resources; Index

First off, this is a highly readable and interesting book on how to secure your computer systems against attacks and keep your data private. The author is very vocal in his opinions, and you'll quickly learn where those biases are. He is a major proponent of using Linux and ditching Windows. The only reason you should use IE is because you're forced to. Even with that, he does go into each system and explain in detail what you need to do in order to harden your system. This includes shutting down unnecessary services, running anti-virus software, and using firewalls. All the stuff you'd expect to see in a book like this, and he delivers. The detail is sufficient for most intermediate users to follow, and after you're done you'll have a system that most script kiddies will bypass as it's not worth the time or effort to crack.

Starting in the Trust Nothing chapter, he starts to rant about how security is portrayed in the media, along with the potential conflicts of interest between vunerabilities and the companies who fix them. While interesting material, the focus on home/small office seems to get lost in the mix. I don't know if it's just the style of the writing or what, but I was starting to wonder if we could just move on...

Windows bashers will love the book, Windows defenders will think he's overly critical of the platform. Either way, this is material you can't afford to ignore in today's environment.

It seems like every few weeks there are fresh announcements of invasions by computer viruses, worms, identity thefts, spam scams, and other unwanted (often destructive) incursion attempts through the internet. Computer Security For The Home And Small Office by computer security expert Thomas C. Greene is as timely as it is up-to-date and "user friendly". The informed and informative text is organized into seven chapters: Introducing the Dark Side; Vectors; Social Engineering; From Newbie to Power User; Treasure Hunt: The Open-Source Escape Hatch; Trust Nothing, Fear Nothing. Enhanced with a glossary, and appendices on "Procedures, Processes, and Ports" and "Online Resources", Computer Security For The Home And Small Office is a compendium of immediately applicable information presented with a minimum of jargon so that even the most novice of beginners can take steps to insure against the successful invasion of their privacy; protect their systems and databases from exterior corruption; and defend against any form of attack or unwanted intrusion. Every personal, professional, corporate, and community library system should have on hand a reference copy of Thomas Greene's Computer Security For The Home And Small Office.

I am a home user. Greene's book is very instructive and untwists much of the complex structure of computer security. It is well written and witty in places. His detailed modifications to Win XP would have been nice to incorporate but I am a Win 98 user.

Greene devotes his attention to those of you who are not full time computer professionals, and who lack a corporate IT staff to do the dirty work for you. He supposes that it is just you, and possibly your family, with your own machines. These days, for your context, he focuses on computers with a Microsoft or linux operating systems. Sadly, he gives little mention to Apple, though this has a devoted but small following.

He does not just discuss strict technical issues about, say, choosing the right secure settings for OpenSSH. If you don't know what that means, don't worry. In fact, it might mean that you could use this book.

Greene also goes into extended discussions of issues with some security aspects, but are not solely that. Like the merits of linux versus Microsoft. An entire chapter is devoted to this crucial topic. In this sense, the book's title is overly narrow. What he offers is a good discussion of topics you need to be aware of with your machine.

And he can certainly write fluently. This is not a hardcore technical book, with arcane commands and intricate procedures. Most of the book is straight prose that flows. There is a relative dearth of figures. Correctly so. The topics are often not tied to specific applications, where you might need diagrams to show how to go from one screen to another.

Which means there is actually another source of readers for this book. If you are well educated, but just not in computing. For whatever reason, you want a lucid, nontechnical explanation of important computer issues faced by many people. So perhaps consider this book?

Mr. Greene examines multiple areas regarding computer security covering subject areas such as hackers, viruses and worms, adware/spyware, data traces (such as file slack space and data traces), internet privacy, internet anonymity, wireless security and many others. A nice thing about this book is the range of topics covered which allows beginner or novice users to expose themselves to a number of concepts that are completely unfamilliar. The author takes the reader step-by-step through important tasks such as disabling services that put your computer at risk of attack, configuring your computer for SSH tunneling, and using netstat and ethereal to monitor connections being made to your computer. These step-by-step instructions make it easy for naive readers to perform basic security functions that would otherwise be reserved for intermediate and power users. One downside to this book is the reader is often given only the minimum explanation on subjects of interest often leaving more questions in the reader's head than were present before the subject was discussed. This is likely due to page constraints inherent in covering such a broad topic and basically puts it in the reader's hands to seek out more information.

The author focuses on hardening Microsoft Windows XP since this is by far the most common operating system on PCs (not to mention it is in dire need of securing due to the way in which it is made and distributed). Despite the emphasis on Windows XP the author covers Linux systems as well since it is gaining popularity and appears to be his personal preference. The author doesn't hide his frustrations with Microsoft and takes every opportunity to explain ways in which Linux is superior. The appendices are quite useful as they contain summaries on important configurations discussed in the book, a glossary of technical terms, a list of commonly used and exploited ports, and a list of helpful online resources.

The recommendation of this book is for beginner to intermediate level users. Being as naïve as I was it was a safe bet that this book would be completely novel to me but depending on how one defines 'intermediate user' this book may contain many things an intermediate user is already familiar with. This book is written clearly enough such that no one should fear it being too difficult to understand. To give you an idea of where my knowledge base was when I ordered the book, I knew that firewalls somehow 'hide' your computer on the internet and I knew an IP address is how your computer is identified over the internet. That's about it! By no stretch of my imagination do I classify myself as anything more than an 'informed beginner' but I'm now aware of many of the risks involved with network computing and I feel I have enough knowledge to manage some of those risks and research them on my own. I highly recommend this book for people who, like me, feel that computer literacy is too overwhelming of a subject to even begin to understand and have often relied on network administrators or that 'friend of a friend who knows some stuff about computers' to help you understand how your computer works. This book is by no means the definitive authority on understanding computer networks and computer security but you can be certain it will be less mysterious of a subject after you've read it. I don't give it the full 5 stars because I felt some subjects (in particular netstat) were far too brief and could have been explained in more detail.

(By the way, Amazon.com installs adware on your computer.)

I have to admit that when I just started reading the book, I only hoped to find the entertaining read, written by a cool and famous technology journalist. However, it looks like I was up for a pleasant surprise and the book was way better than that, event delivering some new material on security.

It is important to note that the book is not targeted for security experts in its coverage of material, but presents a clearly written and entertaining "story" of computer security. It covers threats and vulnerabilities, social and technical issues, various platforms (focusing on Linux and Windows). The book possesses a noticeable anti-Windows bias, justified by security history of this platform. Open source solutions such as Linux and Mozilla are recommended by the author. In fact, he implies that in the ideal world only experts should be allowed to run Windows (since it is so hard to secure), while the rest should go with Linux, which is more transparent and behaves predictably (which greatly contributes to its security).

The book offers an amazing breadth of coverage, starting from simple Linux and Windows security tips all the way to malware (such as spyware, viruses and worms), basics of security risk analysis, privacy abuses, erasing trace of activity from computers and even "cyberterrorism". I also liked how well the author presented encryption - usually a difficult subject for security novices.

Highly recommended for those curious about computer security and pretty much everyone using a computer (and, thus likely fighting malware and various bugs). At times, the book does go to more in-depth subjects such as NAT, Windows registry and Linux file system structure, but even in those areas the style seems perfectly acceptable for a security neophyte.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org