This article can also be found in the Premium Editorial Download "Information Security magazine: 12 security lessons for CISOs they don't teach you in security school."
Download it now to read this article plus other related content.
By Eric Cole, Ronald Krutz and James W. Conley
696 pages, $39.99
Even the most experienced security professionals occasionally need to turn to their personal libraries for guidance, and everyone needs at least one book that covers a little of everything. We recommend Network Security Bible.
Network Security Bible is more of a reference than a tutorial. Rather than assume the reader's depth of knowledge, it provides just enough relevant background information to lay a foundation of understanding. The title suggests that the book concentrates on the network, but it covers a wide range of subjects, including security management, OS security, cryptography and incident response.
The authors do a fine job of identifying the important points and explaining the key issues. The chapter on Web server security, for example, includes background information on HTTP and how it operates. A good working knowledge of HTTP is important because HTTP influences the treatment of cookies, form fields and other security-related matters.
Despite the book's strong points, Network Security Bible has some notable flaws that prevent it from achieving greatness. There are instances in which an important concept is mentioned but not defined or discussed. This is especially obvious in the Windows security chapter, in which the authors present a list of sometimes-cryptic host-hardening measures without explaining what they
Most noticeably missing is a bibliography. This is a serious omission, given that Network Security Bible is intended to be a foundational security book. The authors give readers no references for learning more about the topics for which they provide limited information.
Network Security Bible is intended to be a "wide angle lens," and makes up in breadth what it lacks in depth. The book covers a variety of topics, and, despite its flaws, the discussions are generally substantive and informative. No matter the question, Network Security Bible will almost certainly have something interesting to say.
Reviewed by David Bianco
This was first published in February 2005