Computer Security for the Home
and Small Office Book Review
Computer Security for the Home
and Small Office
Book Review
 By
Dale Farris, Vice PresidentGolden Triangle PC Club May 2004 General Overview "Computer Security for the Home and Small Office" addresses the long-neglected security needs of everyday users in the home, company workstation, and SOHO (Small Office/Home Office) categories, with emphasis on system hardening, eliminating malware, user and Internet privacy, encryption, and data hygiene. The book offers comprehensive tutorials for protecting privacy, preventing system attacks and, most important, avoiding difficulties from buggy programs and software laced with hidden functions and networking capabilities. Furthermore, the book is packed with information about open-source products with related security strategies for Windows users. One recurrent strategy: replacing insecure closed-source applications and utilities with safer open-source alternatives, thereby eliminating numerous routes to system exploitation and privacy invasion. Also included is plenty of guidance for Linux users, and a full chapter weighing the advantages and disadvantages of migrating to Linux—a step that can greatly simplify computer security, even for the novice user. Because the book is written primarily for home and small business users, and desktop users in the corporate world, the author focuses on Windows XP for practical examples, though these should be easy for users of Windows NT and Windows 2000 to adapt to their systems. Similarly, UNIX-related tips will be based on GNU/Linux, which is popular in home and small business environments, though UNIX and BSD users should not have difficulty adapting them to their systems. By the time you have finished reading this book, the author claims you should be able to "hackproof" your computer, company workstation, home network, or small business network. By "hackproofing," he does not mean making your system an impenetrable bunker: nothing can do that. Instead, he means using common sense and layers of protection to make compromising your system more trouble that its worth. This involves 3 general principles he covers in detail. These include: Prevention - Reducing your target footprint through firewalling, keeping a low profile on the Internet, patching software and operating system vulnerabilities, and declining to open e-mail attachments and other risky files Resistance - Setting sensible file and user permissions, disabling unused services and daemons, and installing reliable software - in other words, hardening the system Tolerance - Securing the private data on your PC and your personal communications via e-mail and chat clients against interception on the Internet and against access by remote attackers and local snoops (e.g., nosy housemates), thereby limiting the damage that a system compromise or other security snafu can cause Table of Contents The seven (7) chapters and include the following: 1) Introducing the Dark Side 2) Vectors 3) Social Engineering 4) From Newbie to Power User 5) Treasure Hunt 6) The Open-Source Escape Hatch 7) Trust Nothing, Fear Nothing The three (3) appendixes include the following: Appendix A: Glossary Appendix B: Procedures, Processes, and Ports Appendix C: Online Resources Target Readers This is a handbook for ordinary people concerned about computer security and online privacy. Author Greene addresses everyday computer users and Netizens with little or no background in information technology, concerned parents, business users, and corporate telecommuters. The book speaks as well to corporate security managers struggling to articulate the necessary principles and procedures to nontechnical staff in understandable language, and it involves both theory and practice. Readers will learn the most common techniques used by malicious hackers, spammers, identify thieves, online marketers, and Internet fraudsters. You will receive detailed instruction how to defend systems against exploitation, protect privacy, and avoid identity theft. This is an extremely important new title on computer security that is strongly recommended for any computer user, and I urge computer network administrators to seriously consider investing in this valuable book. Book Contents 448 pages; about the author; preface; acknowledgments; introduction; tons of figures and screen shots; index Author Thomas C. Greene About the Author Thomas C. Greene is Associate Editor of the information technology journal "The Register" (www.theregister.co.uk), the leading independent tech news daily, where he has been a senior editor and columnist for five years. Tom covers cybercrime, computer and network security, and legislation related to information technology. "The Register" is much loved for its irreverent editorial style and its exasperating ability to break stories that greatly inconvenience industry heavyweights. Prior to his job at "The Register," Tom covered the pharmaceutical industry for FDC Reports, a division of Elsevier Science. Prior to that, he lived in Seoul, South Korea, studying Asian history and working in language education. he holds a bachelor's degree from Williams College, though he's not proud of it. ISBN March 2004 - First Edition 1-59059-316-2 List Price $39.99 About Apress Apress is a publishing company devoted to meeting the needs of programming professionals. Apress' unique approach to computer book publishing grew out of conversations between Dan Appleman and Gary Cornell, Apress' founders, who believe that too many programming books are of such low quality that they are a complete waste of time. Computer professionals need quality books that are not just rehashes of documentation. The "A" in Apress stands for The Author's Press, and their books have "The Expert's Voice." Apress acquires manuscripts of the highest quality by attracting the best authors and technical experts that the world has to offer. Apress makes authors partners in the publishing process, doesn't impose a "house style" on authors, and doesn't make them conform to a series that straightjacket's them. Apress also makes sure that authors are treated equitably. Another key feature of the Apress approach to publishing books is taken from the software industry. Apress treats the technical review process as seriously as the best software companies treat the quality assurance process. Apress is convinced that the innovations listed above make it possible for them to produce the highest quality books, recruit the highest quality authors, and publish titles that information technology professionals need and want. The Apress management team ensures that the distribution and fulfillment of Apress titles is second to none, and that the capital is available to move aggressively and take advantage of any publishing opportunities that arise. To accomplish this, Apress has entered into a partnership with Springer-Verlag, one of the world's most respected publishing houses. Springer-Verlag is convinced that Apress will be the publisher of quality trade computer paperbacks in the years to come. Apress will continue to publish titles of the highest quality, and has compiled a team of authors that reads like a veritable "Who's Who" list of the computing industry. The company founders have published over 200 software titles by leading software professionals, all of whom have "The Expert's Voice." Publisher Contact Chloe Benjamin Marketing Associate Apress 2560 Ninth Street, Suite 219 Berkeley, California 94710 510-549-5930 ext. 120 FAX 510-549-5939 chloe@apress.com www.apress.com |