The current book market is rich in volumes that provide either comprehensive or specialized views of computer security. Any new publication faces strong competition at the outset. Based on the preface written by the author, this book has the broad objective of informing the public on the expansive computer security domain and its technical, ethical, and legal implications.
A quick view of the topics covered in its 19 main chapters confirms that the text is broad in nature and tries to be as comprehensive as possible. The chapters dealing with “Security Evaluation of Computer Networks,” “Wireless Security,” “Legal and Educational Efforts,” and the “Future of Security” are strong parts of the work, and distinguish it from other volumes. In between, the author has organized over ten chapters systematically discussing main network and computer security topics, such as threats, vulnerability, scripts, access control, authentication, cryptography, firewalls, intrusion detection systems, viruses, and content filtering.
The book is written in a language that is easy to understand and follow, though I noticed several typographical errors both in the main text and in the figure captions. While the literature associated with the topics covered is quite extensive, the author has chosen to identify only a few references for each chapter. This can be both a positive factor, allowing readers to focus on the most important aspects, and a negative one, by not facilitating access to in-depth information for those readers who use the text as a starting point in their learning. Also detrimental to the overall reading experience is the choice of styles for section and subsection titles. In many instances, different fonts and sizes were present, even for the same type of heading. In addition, the use of graphics, often a feature that enhances a reader’s experience, is limited. When they are present, they are of low quality.
Given the author’s academic background, it is expected that significant parts of the book were designed based on course materials. Indeed, each chapter includes exercises; however, these are limited both in number and in applicability, many of them being thought of as general review material. Of interest for educators is also the list of laboratory exercises and class projects included as a twentieth chapter. While some of the topics chosen (such as network and operating system vulnerability for labs, or products for security testing and automated vulnerability reporting for projects) integrate well with a comprehensive computer security course, most of the ideas are described in one or two paragraphs and are not supported by any outside references.
Overall, the book provides an up-to-date review of computer network security issues. Given the breath of the topics and the many technical details needed to cover them, it is difficult to classify the volume as appropriate for a general audience. The limited educational components may also discourage its use as a textbook. Nevertheless, the overall content is of good quality, and it is easy to envision a subsequent edition where most of the deficiencies mentioned above are corrected.
