Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Books Media Book Reviews

Computer Security for the Home and Small Office 146

Posted by timothy from the opposite-of-obscurity dept.
Andrew Murphy writes " The Register's security guru Thomas Greene has written a book for the average computer user, though it contains a great deal of information that professionals need to know. It's insightful, instructive, and calls for open source software even on Windows for enhanced security. The single most interesting feature is the author's emphasis on open source software as a security feature per se. He rightly notes that there are no secrets in OSs, and teaches users to leverage this transparency regardless of their platform. As early as the introduction, Mozilla is urged as a secure replacement for IE and OE, and this came before the Scob outbreak." Read on for the rest of Murphy's review.
Computer Security for the Home and Small Office
author Thomas C. Greene
pages 405
publisher Apress
rating 9
reviewer Andrew Murphy
ISBN 1590593162
summary No secrets means that open source software, when it survives, tends toward robustness -- so it can help even if you run a closed-source operating system.

The book covers popular OSs replacements for Windows applications and utilities; it explains vulnerabilities; it offers practical setup information for both Windows and Linux to harden a system and make it extremely difficult to attack.

The Preface describes the book in general terms. The Introduction explains firewalls and their limitations, and explains how to install Mozilla to limit email and http exploits and spam.

Chapter One debunks the malicious-hacker mythology and shows that most so-called hackers are only script kiddies who are easily thwarted with commonsense tactics.

Chapter Two explains malware, spyware, bad system configurations, and the scores of other routes to system exploitation and privacy invasion that firewalls and antivirus software don't address. It includes a step-by-step guide to simplifying and hardening a system. Most importantly, it offers a useful guide to turning off unnecessary services and networking components for both Windows and Linux, and setting sensible user permissions, and is liberally illustrated with screen shots.

Chapter Three offers a good breakdown of social engineering and phishing scams, and how to defend against them.

Chapter Four is about using common tools, like Ethereal, Netstat, PGP, etc. It explains how to monitor an Internet connection to spot software secretly reaching out or phoning home to remote servers; how to monitor your system for signs of malicious processes; and how to use PGP and GnuPG to encrypt sensitive files and Internet correspondence. This is one of the best introductions to using encryption available anywhere.

Chapter Five explains how to eliminate all traces of Web activity from your computer and defeat forensic recovery of stored data; how to surf the Web anonymously using an encrypted connection and defeat remote monitoring; how to set up and use SSH (SecureShell) to conceal both your identity, and the data content of your Internet sessions from all third parties, including your ISP. The many hiding places of sensitive or incriminating data are revealed for both Windows and Linux users.

Chapter Six explains the advantages and disadvantages of migrating from Windows to Linux; why Linux is easier to configure for security, and why it's better suited to less technically-inclined users; how to judge whether Linux is right for you, and the issues you should consider before migrating. The author is clearly biased towards Linux, but he understands that most users will stick with Windows. Hence the emphasis on tools that run on Windows.

Chapter Seven is a catchall essay explaining security from an anecdotal point of view. There were places where it got a bit tedious, but the idea is to look at security as a process or a frame of mind, not a specific series of computer settings. The material in this section is informative in only a general sense. The real configuration information comes in chapters Two, Four, and Five.

There are several indexes with useful information on firewalls, ports, Trojan activity, sources of information, and more. Most of this information is conveniently located and linked at the author's website, BasicSec.org

Overall, the book is exceptionally well written for a tech manual. The author is a good writer and his prose flows nicely. The book is highly readable, and even witty in parts. I found myself laughing aloud on several occasions. The author has the art of The Register's irreverent presentation. I enjoyed reading it. But it is not perfect, so I give it a 9 out of 10.

My biggest criticism is that the book shifts back and forth from practice to theory and back again. It's good that readers learn the reasons for the (very sensible) procedures and settings listed; but I felt that the book was organized wrong. This is a minor issue, and the book remains exceptionally useful; but instead of interlacing the various parts, theory and practice might better have been separated in two distinct sections. It's difficult simply to flip to a section of this book and learn what needs to be done: there is a lot of theoretical talk between each practical item. It's very good talk, and very instructive talk, all right, but I would have preferred that it be located in a particular place. I would rather not have to read the entire book through in order to tweak my system for good security. Unfortunately, the author has structured the book so that a read-through is necessary.

Overall, this book will tell professionals what they need to do, and novices everything that professionals ought to know, but probably don't. It's in plain English, so no one should worry that they can't grasp it. You can make your computer, or your network, very hard to attack, whether you use Windows or Linux. This book will show you how in excellent detail. You've got to read the whole thing, unfortunately -- but it will work nicely for you, casual user and sysadmin alike.

You can purchase Computer Security for the Home and Small Office from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.
This discussion has been archived. No new comments can be posted.

Computer Security for the Home and Small Office More

Computer Security for the Home and Small Office

Comments Filter:

  • Re:Oh (Score:5, Funny)

    by Anonymous Coward on Wednesday August 11, 2004 @02:36PM (#9941709)
    Don't misoverestimate this place.

    It contains all of the information that the average /. reader claims to already know and/or brags about knowing.

  • Lesson 1 Install Service Pack 2 (Score:3, Funny)

    by Raindeer ( 104129 ) on Wednesday August 11, 2004 @02:47PM (#9941815) Homepage Journal
    Simple

  • Re:There are not secrets... (Score:3, Funny)

    by FooAtWFU ( 699187 ) on Wednesday August 11, 2004 @03:12PM (#9942034) Homepage
    "What do you mean you use to be a man? Nah, no big deal, I'm cool with that...although I did always wonder why I caught you reading /. --that explains it."

    Sir (or madam):
    That was too much information.

  • I.Q. Test (Score:2, Funny)

    by Anonymous Coward on Wednesday August 11, 2004 @03:14PM (#9942054)
    A more secure home user? Simple. Make Internet use dependant on the user's I.Q.

    50 or below: Fox News, CNN, MSNBC, Hotmail, any .gov
    75 or below: Microsoft, Dell, Compaq, etc.
    100 or Below: Slashdot, any .net
    125 or Below: Any .com, save....
    150 or below: Apple.com

    Pfeh. Letting blind people drive. Why, oh why are there so many accidents??

  • Re:This book should be open source (Score:1, Funny)

    by Anonymous Coward on Wednesday August 11, 2004 @03:33PM (#9942205)
    Also, with a bit of subtle social engineering, I bet you can determine a lot of passwords...

  • Re:Impressive link collection (Score:4, Funny)

    by downbad ( 793562 ) on Wednesday August 11, 2004 @03:48PM (#9942332)
    Because Mozilla has bigger buttons.

  • Review of the review. (Score:4, Funny)

    by veg_all ( 22581 ) on Wednesday August 11, 2004 @04:05PM (#9942459)
    The first couple of paragraphs consist of an intro and a
    description of the preface.

    The third paragraph describes the first chapter.

    The fourth paragraph describes the second chapter.

    The fifth paragraph describes the third chapter.

    The sixth paragraph describes the fourth chapter.

    The seventh paragraph describes the fifth chapter.

    The eight paragraph describes the sixth chapter.

    The ninth paragraph describes the seventh chapter.

    The tenth paragraph notes there are indexes.

    Overall this review is skeletal at best.

    I give it a 3 out of 10.

    Overall, this review is useful for nearly some people, not so useful for others. It's
    certainly written in English, so more than half of Slashdot's
    readership will feel a vague sense of familiarity.
  • ...if my friend told me his car's engine died because he wouldn't fix the clutch...

    Don't mean to sound like a troll, but how do stuffed clutches kill the engine? I can see how it's possible, but how common is it?

    Having said that, it's been a while since I had the chance to do so much as change oil. My work gives me a car (Good Thing) but it's automatic and I'm not allowed to do any more than refill the window washer reservoir. All that stuff I used to know...

    Actually, their computer use policy is much the same. Do MS license cars?

Slashdot Top Deals

Old programmers never die, they just hit account block limit.

Close