Available for download is chapter 9 entitled "Viruses, Trojan Horses, Hoaxes".
Ah, computer related security. Some decade ago, prior to the Internet coming out of the closet, computers were like small islands, each standing on it's own, only companies had large systems and needs for networking. Home users? Not likely, perhaps a mere BBS software, a phone number to dial and that's it. Not much could and had to be done there. Nowadays, the story is completely different. With the advent of the internet in the early 90's, things started to change drastically. People gained access to various information, various systems. Along with all the benefits, came the downfalls. Your personal files became accessible, your e-mail became infested with spam, viruses spreaded like a malevolent plaque. The need for security has grown, and the software products followed, more or less. Now, to cut this theatrical drama. Today, computer security is one of the branches in IT business that cannot be bypassed, regardless of the size of your system. Home user, large company, it doesn't matter. The only difference is in assessing what to protect and from whom. Large companies have security personnel in charge, but what about the home user? Usually, he or she are left to themselves. And, most of the times, this solution is more then inappropriate, as the level of knowledge needed is far inadequate. Of course, the internet is here, anybody can self educate themselves through it. But, what if you don't know what to look for and where? A copy of a security handbook would come in handy, wouldn't it? This is why this mile long introduction is for, for a book exists that might help you a lot there...
About the author and the book
Have You Locked The Castle Gate? is written, and let's say performed, by Brian Shea. As the notes on the cover say it, leading member of a Windows security team in an unspecified financial institution, with some ten years of experience and expertise in the computer security field. Good enough for me, and reassuring for the inexpert reader, interested in this book. Why did I wrote 'performed' on top of this paragraph you'll find out later in the text.
The book itself spreads on some 190+ pages of mostly light reading material, neatly organized into nine chapters and two appendixes. As you can already assume, from both the title and the length of the book, it is intended as a start up guide for the unexperienced users of Windows OS. So, if you're looking for some more advanced or intermediate material, you needn't read further. This is not it. Then again, if you need a good place to point various friends, relatives, co-workers into the world of Windows security, read on.
What you'll find in this book
Ok, let's run through the book's chapters to brief you in on the subject. As I've already stated, it spreads on some 9 chapters, which cover various subjects a home user may be interested into, when it comes to security. Plain facts tell us that security is a neccessity these days, so all users, thus including plain home users, need to address this issue.
So, the book starts lightly with a small introduction that explains some things about the book, and how to follow it easy. Chapter 1 deals with simple questions that arise when assesing risk, such as data classification, what and from who it is being protected and such. Then, in chapter 2, general network security is discussed, issues such as layered security, encryption, users, access, privileges, sharing, et al. These things sound new? Then this book is a must read for you. Now, chapter 3 starts to be more Windows specific, as it deals with securing your computer, applying hotfixes and patches, dealing with the registry, briefly followed by chapter 4 that deals with securing your server. A lot of things come to mind when discussing server security, and all are covered in brief here, OSI model, NT servers, w2k servers and such.
Chapters 6 and 7 also cover related topics of e-mail security and web security. Of course, as a book intended for relatively novice users, it first discusses how e-mail works in order for you to understand how to protect mail from unwanted access, junk and other mischievous activites. Then again, a brief run through of WWW is also there, and why web security has effect on you, as the end user.
Last two chapters, but not least important, deal with defensive actions against possible hackers and protecting yourself against various forms of viruses, trojans and such. Social engineering is discussed, hoaxes, a small discussion on Nimda, Code Red viruses, the lot.
The two appendixes on the end of the book have the sole purpose of pointing you, the reader, to other valuable information and resources. The latter of them two is a small glossary of commonly used acronyms and security terms you probably already heard of, but were unsure of their meaning. IMAP, FUD, DDE, WSH, it's all there. Nice touch.
Personally, I found the book to be very lightweight reading material, and as such anybody should be able to clearly understand it, without any problems. All topics covered are presented with a theoretical problem of a nineteen-century frontier family, thus came the 'performed by' part at the beginning. All chapters are neatly completed with a small checklist that should help you a lot at the beginning and later, just to be sure you covered all issues.
Well, the rest is pretty obvious. It is focused on Windows security, for home and small business users, especially those completely unfamiliar with the subject. If you have any personal data you don't want anybody to tamper with, and have insufficient knowledge on how to protect it, this book is for you. If spam is annoying you every day, and you're clueless how to prevent it, this book is for you. Are you feeling a bit paranoid, scared by the media coverage on all these viruses and evil h4><0r's spreading like the plaque these days (don't you just love how these people exaggerate), and you'd like to do something about it, look here. Just plain curious? Will do also. Hm, am I repeating myself here? Probably so...
On the other hand, if you have a MCSE certificate or any higher level of knowledge on security, you will certainly not find this book useful, unless you completely forgot your basics. Not much needs to be said here.
The author did a good work with this book, and it will serve it's purpose. Only thing there is for you to do, is to go and get it, get acquainted with basic security concepts and go broaden your newly found knowledge further.
I could go on and discuss what I'd like to see in it, but with intended audience on mind, and it's concept, the book passes with flying colours.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.