CIW Security Professional Certification Bible

With damaging viruses and intrusions in the news almost weekly, an increasing number of organizations are choosing to hire full-time security specialists. They won't, however, hire self-proclaimed "experts" or even general-purpose consultants who reckon they can learn digital crime-fighting on the job. Organizations will hire people who can prove their competence with a certification like the Certified Internet Webmaster (CIW) Security Professional rating, which is what CIW Security Professional Certification Bible provides you with the background to earn. The book does a snappy job of conveying the tested facts and concepts, and though most readers will wish for coverage of security under Windows 2000 and Windows XP (there's none here), those operating systems aren't on the test yet and we can't fault the authors for that.

Some of the advice on how to defeat attackers is entertaining, like the authors' suggestion that you give your Windows NT administrator a user name other than "Administrator," then create another account--one with no access rights--with the "Administrator" user name as a sort of straw man to sap crackers' energy. Other advice makes up more of a litany of technical best practices and policy rules of thumb. Still other sections focus on tools, both offensive (like L0phtCrack and NetBus) and defensive (like Syslog and SuperScan). There are also multiple-choice assessment questions--with annotated answers--and lab exercises accompanying each chapter. --David Wall

Topics covered: The subjects you need to understand in order to pass the Certified Internet Webmaster (CIW) Security Professional Exam (1D0-470), which is accredited by the Association of Internet Professionals (AIP) and the International Webmasters Association (IWA). The authors cover general security principles (everything from user-rights management to physical safety of equipment), and the specifics of attacks and defenses on several popular operating systems.