What do you think?
Rate this book
Computer Security
This is a brand new edition of the best-selling computer security book. Written for self-study and course use, this book will suit a variety of introductory and more advanced security programmes for students of computer science, engineering and related disciplines. Technical and project managers will also find that the broad coverage offers a great starting point for discovering underlying issues and provides a means of orientation in a world populated by a bewildering array of competing security systems.
386 pages, Paperback
First published February 16, 1999
24 people are currently reading
259 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 7 of 7 reviews
June 21, 2021
1.0 out of 5 stars
Worst Textbook I've Ever Read
February 24, 2005
Without doubt, this is the worst textbook I've ever had the misfortune to encounter. Even before the actual text starts, there's a discrepancy which bodes ill. Specifically, the back cover says:
"Written for SELF-STUDY and course use, this book will suit a variety of INTRODUCTORY and more advanced security programs for students of computer science, engineering and related disciplines."
However, the Preface states:
"This book grew out of my lecture notes for courses taught on a one-year POSTGRADUATE programme on information security."
The back cover is false and the Preface is much closer to what you can expect in the book: no person at a Computer Science/Computer Security introductory level will be able to get anything out of this book. The reader MUST already be fully knowledgeable about Unix, NT, Multics, and various computer security models and jargon. There's no way around that. If you don't meet those requirements, don't even think about picking up this book.
The biggest problem with the book is that it's written from the viewpoint of someone talking to a group of people who are already familiar with the subject: the author is merely pointing out things that those already-knowledgeable people should know. Instead of writing to teach people the topic, the author just synthesizes his own knowledge to focus on the subject. Also, he uses words not to explain and enlighten, but to confuse and obfuscate. For instance, his standard writing behavior is to use obscure technical terms well before he defines them. Plus, in general, as the book progresses, the exercises at the end of each chapter have less and less to do with anything discussed in the book and require such a level of expertise in huge swaths of areas that no one could possibly do them. Some specifics:
- The first five chapters are devoted to some of the theoretical underpinnings of the theory of computer security. Unfortunately, the author doesn't really explain these models. Instead, he assumes intimate knowledge of the models and talks about certain aspects of them. What's really jarring is that after solely talking about motherhood and apple pie (security wise) in nice, warm, fuzzy terms, he suddenly drops in "equations" from these models without explaining any of the terms or nomenclature (he follows this procedure throughout the book). Usually, after several pages you can find the definitions for what he's just said. But, unless you're familiar with what he's doing, none of this will make sense.
- For icing, in these first five chapters, the author uses virtually NO examples (which, for the most part, continues throughout the book). He'll mention Multics and some consultant data base as sources, but he never gives concrete examples of what he's "explaining." Even worse, with no examples in the text, the author asks the reader to provide examples of what he's talking about in the exercises. In general, the exercises assume far more knowledge than the author has provided in the text.
- In chapter 6, "Unix Security," he moves into "examples" of where these models are used. Similarly to earlier chapters, he writes as though his readers are intimately familiar with the subject (Unix, in this case) and that he's merely pointing out some interesting things. The chapter is filled with Unix commands with no structure to his delivery or explanation of where those commands come from. Plus, when you get to the exercises at the end of the chapter, they're mostly of the type that require you to SIGN ON TO YOUR UNIX SYSTEM AND DO THINGS! There's nothing in the preface of this book stating the requirement for being on (and intimately familiar with) a Unix system. Yet, there you are, unable to understand the chapter, and unable to do the exercises.
- Chapter 7, "Windows NT Security," is almost as bad. For someone with no familiarity with the inner workings of NT, most of the chapter will be meaningless. It's not quite as bad as Chapter 6 since NT uses a GUI for what he discusses and Unix uses the command line, but it's still frustrating. Unlike Chapter 6 and Unix, the exercises don't assume access to an NT machine, although most of them can't be done with only the information presented in the chapter.
- Chapter 8, "How Things Go Wrong," is actually somewhat interesting. It suffers from the same assumption that the reader is intimately familiar with the technical jargon of various systems and protocols. But, it actually involves examples. Of course, the exercises at the end of the chapter are undoable since they don't relate to anything taught in the chapter and are at a highly technically adept level.
I'm running out of space, so I won't write about the remaining seven chapters except to say that they suffer from the same things related above. I'd also like to include some advice to Florida State University (FSU): this book is the text for an elective (CIS 4360: "Introduction to Computer Security") in their Computer Science degree. According to the course write-up, its sole prerequisite is CGS 3408, which is a C programming course. FSU seriously needs to re-examine their use of this book. There's no chance that undergraduate students with only a C programming course under their belts (and C is used nowhere in the book) will get anything out of this book other than hemorrhoids. Find another book.
I rate this book 1 star out of 5. Avoid.
Worst Textbook I've Ever Read
February 24, 2005
Without doubt, this is the worst textbook I've ever had the misfortune to encounter. Even before the actual text starts, there's a discrepancy which bodes ill. Specifically, the back cover says:
"Written for SELF-STUDY and course use, this book will suit a variety of INTRODUCTORY and more advanced security programs for students of computer science, engineering and related disciplines."
However, the Preface states:
"This book grew out of my lecture notes for courses taught on a one-year POSTGRADUATE programme on information security."
The back cover is false and the Preface is much closer to what you can expect in the book: no person at a Computer Science/Computer Security introductory level will be able to get anything out of this book. The reader MUST already be fully knowledgeable about Unix, NT, Multics, and various computer security models and jargon. There's no way around that. If you don't meet those requirements, don't even think about picking up this book.
The biggest problem with the book is that it's written from the viewpoint of someone talking to a group of people who are already familiar with the subject: the author is merely pointing out things that those already-knowledgeable people should know. Instead of writing to teach people the topic, the author just synthesizes his own knowledge to focus on the subject. Also, he uses words not to explain and enlighten, but to confuse and obfuscate. For instance, his standard writing behavior is to use obscure technical terms well before he defines them. Plus, in general, as the book progresses, the exercises at the end of each chapter have less and less to do with anything discussed in the book and require such a level of expertise in huge swaths of areas that no one could possibly do them. Some specifics:
- The first five chapters are devoted to some of the theoretical underpinnings of the theory of computer security. Unfortunately, the author doesn't really explain these models. Instead, he assumes intimate knowledge of the models and talks about certain aspects of them. What's really jarring is that after solely talking about motherhood and apple pie (security wise) in nice, warm, fuzzy terms, he suddenly drops in "equations" from these models without explaining any of the terms or nomenclature (he follows this procedure throughout the book). Usually, after several pages you can find the definitions for what he's just said. But, unless you're familiar with what he's doing, none of this will make sense.
- For icing, in these first five chapters, the author uses virtually NO examples (which, for the most part, continues throughout the book). He'll mention Multics and some consultant data base as sources, but he never gives concrete examples of what he's "explaining." Even worse, with no examples in the text, the author asks the reader to provide examples of what he's talking about in the exercises. In general, the exercises assume far more knowledge than the author has provided in the text.
- In chapter 6, "Unix Security," he moves into "examples" of where these models are used. Similarly to earlier chapters, he writes as though his readers are intimately familiar with the subject (Unix, in this case) and that he's merely pointing out some interesting things. The chapter is filled with Unix commands with no structure to his delivery or explanation of where those commands come from. Plus, when you get to the exercises at the end of the chapter, they're mostly of the type that require you to SIGN ON TO YOUR UNIX SYSTEM AND DO THINGS! There's nothing in the preface of this book stating the requirement for being on (and intimately familiar with) a Unix system. Yet, there you are, unable to understand the chapter, and unable to do the exercises.
- Chapter 7, "Windows NT Security," is almost as bad. For someone with no familiarity with the inner workings of NT, most of the chapter will be meaningless. It's not quite as bad as Chapter 6 since NT uses a GUI for what he discusses and Unix uses the command line, but it's still frustrating. Unlike Chapter 6 and Unix, the exercises don't assume access to an NT machine, although most of them can't be done with only the information presented in the chapter.
- Chapter 8, "How Things Go Wrong," is actually somewhat interesting. It suffers from the same assumption that the reader is intimately familiar with the technical jargon of various systems and protocols. But, it actually involves examples. Of course, the exercises at the end of the chapter are undoable since they don't relate to anything taught in the chapter and are at a highly technically adept level.
I'm running out of space, so I won't write about the remaining seven chapters except to say that they suffer from the same things related above. I'd also like to include some advice to Florida State University (FSU): this book is the text for an elective (CIS 4360: "Introduction to Computer Security") in their Computer Science degree. According to the course write-up, its sole prerequisite is CGS 3408, which is a C programming course. FSU seriously needs to re-examine their use of this book. There's no chance that undergraduate students with only a C programming course under their belts (and C is used nowhere in the book) will get anything out of this book other than hemorrhoids. Find another book.
I rate this book 1 star out of 5. Avoid.
February 17, 2017
great book
This entire review has been hidden because of spoilers.
November 3, 2014
I had read 1st edition back in the late 1990s-early 2000s when I was obtaining my BS in a computer technology degree field. Now, I am getting my MS in a computer technology degree field and the 3rd edition was assigned for one of my classes. Honestly, I don't remember 1st edition except that I liked it well enough that I kept it for a reference book and only just let it go around 2011. 3rd edition likes to give you reference material in very much the text book format explaining everything and then using math and other techniques when necessary to get the point of the information to the user in the simplest format. The end of chapter questions I think were about the only thing that really changed between editions as those were more on point for discussion of how to take what you just read and put it in a context of the here and now for every day usage.
August 13, 2014
Excellent book, teaches both basics and advanced knowledge about multiple types of computers and their security. A release of a 2nd edition would be much more helpful about security systems today. More Social Engineering should be part of this book(though I did see it being mentioned multiple times).
Read
February 20, 2013good
Want to read
December 10, 2014ok
December 22, 2015
no thing
This entire review has been hidden because of spoilers.
Displaying 1 - 7 of 7 reviews