Rubin has written a superb book on the topic of security, as the book delineates it. To a well-chosen and very useful level of detail, he tells system administrators, IT professionals, and end users all they need to know about attacks on their systems and data, and about defenses against those attacks. Academics and those needing more detail will easily find the information they need in the sources keyed to each segment of the text.

The book’s principal sections deal with worms and viruses, data storage, telecommunications, protection of networks, and commerce and privacy. Each section contains well-written and appropriately comprehensive overviews and descriptions of attacks and defenses, as well as one or more case studies.

Although a Computer Security Institute survey described on page five attributes over 20 percent of all computer-related loss to financial fraud, the book deals only with protection against unauthorized individuals. There is no mention of defenses that address the risks posed by authorized users of systems: auditing controls and principles such as least privilege and separation of duties, for example.

The book’s organization, accuracy, typography, illustrations, editing, bibliography, and index serve as a model of how to make a book easy to read and of maximum usefulness. It will be of value to anyone concerned about the protection of computers from attack by outsiders.