Lehtinen, Rick, Russell, Deborah and Gangemi, G.T. Computer security basics. 2nd. ed. Sebastopol, CA: O'Reilly, 2006. xii, 296,  pp. ISBN 0-596-00669-1 $39.99 £28.50.
We are all familiar with some problems of computer security: we have suffered from 'trojans' and from 'viruses', some of us may have suffered identity theft, and our personal details may have been used to take money from our bank accounts, or our credit card details used to purchase expensive goods. The only 'safe' computer is one that is not connected to any network of any kind and is still password protected; and even then it will not be 100% secure, since it could be hacked into by a proficient hacker.
So what can we do with our computers that are connected to the Internet and, consequently, vulnerable? The answer to that question is the purpose of this book, and, given that it is now in its second edition, we can probably assume that readers have already found it useful and that the authors wish to incorporate current problems and current solutions. The authors note that there are three key words in relation to threats to security: vulnerabilities (physical, natural (fire and flood, etc.), hardware and software, media vulnerabilities, emanation of radiation (which announce one's presence), communication and human. Many things to worry about, in other words. The second key word is threats—natural and physical, unintentional (caused by ignorance), intentional (hackers, etc.) and 'insiders and outsiders'. More things to worry about. And, finally, counter-measures: how the vulnerabilities and threats can be opposed, which involve computer security, communications security and physical security. The rest of the book expounds these countermeasures.
The book is written for both the individual computer user and the corporate computer centre: although it may be of most use to small organizations and the individual user will probably find the advice on such matters as password protection and protecting against viruses, worms and trojans the most relevant part of the book. The advice is straightforward and sensible and readily implementable. The advice on establishing a security policy as a central requirement could be followed usefully by any organization: the authors note that, Security grows down into an organization once a written policy dictates it is required. and we can be sure that without a written and disseminated policy, nothing will happen.
However, the book is not simply a 'how-to-do-it' text: for example, the chapter on encryption includes a short history of the subject as well as information on the Data Encryption Standard and its implementation, and on the various encryption algorithms that are used. Similarly, the chapter on wireless security sets to topic in the context of how wireless antennae work as well as providing guidance on how to defend a wireless network against various kinds of attack.
This is a rather more interesting book than I had expected and anyone who is professionally concerned with computer security and any lay person who wonders about the security of his or her home network will be able to profit from it.