Average Reviews:
(More customer reviews)After reading the CERT Guide to System and Network Security Practices, you may feel as if you've been speaking with your mother about computer security, as most of the advice detailed in the book is common sense. But, as Voltaire astutely noted, common sense is not so common.
The truth is that there is really nothing new in this book that CERT (Computer Emergency Response Team...) has not been saying in one way or another for the last decade. But that should not in the least underscore the importance of the book, as it provides an excellent treatment of securing information assets. In fact, the book subtly echoes the sentiment of George Santayana, who stated that "those who cannot remember the past are condemned to repeat it." This is true with information security. As even with all of the strides that have been made and new security technologies that have been developed, a large percentage of security breaches are the result of systems that were either incorrectly configured or ineffectively secured.
While many people erroneously think that a firewall is the foundation of information security, the truth is that an effective set of information security policies and procedures are. In fact, policy is such a critical element within the effective and successful operation of information technology systems, that systems can't be effective unless they are deployed in the context of working policies that govern their use and administration...
As an example, Marcus Ranum defines a firewall as "the implementation of your Internet security policy. If you haven't got a security policy, you haven't got a firewall. Instead, you've got a thing that's sort of doing something, but you don't know what it's trying to do because no one has told you what it should do." The sad fact is that most firewalls permit so much traffic through that it is often difficult to tell where the firewall ends and the router begins...
The truth be told, when Mother in her infinite wisdom says something, it is good advice. When a consultant says the same thing, it is called a Best Practice. Some of the best practices that CERT has long recommended are: using effective passwords, ensuring systems are patched against recent vulnerabilities, hardening the operating system, removing unnecessary services, protocols, and accounts, and more. None of these recommendations is exactly rocket science; even so, this aspect of Security 101 is overlooked in many, if not most, organizations...
The beauty of the book is that it is vendor agnostic. It doesn't cover the specific details of the operating system or software application; rather, it focuses on the policies and procedures needed to make that system secure. With that, the book will be current, even with operating systems' changes and upgrades.
Many computer books today have scores, if not hundreds, of pages of screen prints and source code, which often only serve to increase their page count. This book has none of that, and is instead a systematic and methodical method of how to secure networks. The book is a good complement to Security Engineering by Ross Anderson.
While Security Engineering lays the foundation for the engineering aspect of information systems security, the CERT guide builds on that framework. The book details the underpinning to securing information assets, namely: Hardening, Preparing, Detecting, Responding, and Improving. Each chapter in the book builds on those pillars and does not leave a stone unturned when it comes to securing systems. The beauty of the book is that even though it is completely vendor agnostic, its topics are germane to every network operating system.
If your mother were involved with information security, she would tell you to read this book. Listen to her.
Click Here to see more reviews about: The CERT® Guide to System and Network Security Practices
Now, the world's leading information security response organization has written the ultimate guide to system and network security for working administrators. SEI's Computer Emergency Response Team (CERT) offers a practical, start-to-finish approach to developing secure networks, covering every stage of the process: planning, implementation, maintenance, intrusion detection, response, recovery, and beyond. Reflecting CERT's role as the world's #1 computer security response team, this book presents up-to-the-minute information on new attacks, viruses, and other IT security threats. Coverage includes: establishing effective security practices and policies, deploying firewalls, securing network servers and public web servers, security desktop workstations, intrusion detection, response, and recovery. This book not only shows how to enhance computer security today: it shows how to learn from experience to build even more secure systems tomorrow. For all system and network professionals, and other IT professionals concerned with security.
Click here for more information about The CERT® Guide to System and Network Security Practices
No comments:
Post a Comment