Computer Security Basics
Debby Russell, Sr. G.T. Gangemi
This book does exactly what it says on the tin - or at least, the front cover! It's an excellent, clear introduction to the basics of computer security - the fundamental ideas without which there's no point having the latest and greatest. No system is highly secure if anyone can wander in and out of wherever it's kept, and workstations are left logged in, unlocked & unattended.
Unfortunately, it's also almost fifteen years old, and it shows. The description of an internet worm in 1988 as being the most severe such incident in recent years is only the first instance of out of date anecdotes that date this book badly. Most of Part I can be safely skipped - it covers an Introduction, and Some Security History. At this point, unfortunately, the History has become Prehistory, and interesting more recent developments (even those of the last ten years) are omitted. Wake up O'Reilly - computer security isn't going away; this was a great book when it was current, now it's time for an update!
Part II picks up a little, getting into security fundamentals that have held for decades, even centuries, and which really don't get old. Physical security, separation of duties and so on. Even chapter 4, "Viruses and Other Wildlife" provides useful information on the differences between the various fauna of computer systems; viruses, worms, Trojan horses, so often misidentified today.
Part III covers Communications Security - again, it's a mixture of the quaint and the rock-solid traditional principles that have been with us since Caesar. It does include excellent, clear descriptions of various methods of encryption, focusing sufficiently on the theory (rather than specific implementations) that it is useful.
Part IV covers Other Types of Security, and seems less dated than the rest of the book - evidently, physical security is already a well-developed concept, not evolving at quite the same pace as data security has in recent years. The ideas of two- and three-factor authentication are well explained, and their importance stressed.
Overall, an excellent introduction to the basics, as long as you don't mind wading through passages that read like, well, they were written ten years ago. Definitely needs an update, but there's plenty of good, solid content in there to work from.
Implementations of Cryptography with Linux in the Enterprise
Linux Email for the part-time sys-admin
About the author, Noirin Plunkett.