Book Review: Build Your Own Security Lab
The Good
I have had this book on my bookshelf for a few months and recently, due to some textbook changes in my Windows Security class, I decided to read it. The book covers the usual ground you would expect, network hardware, virtual machines and various OS and network software.
The first chapter talks about getting used Cisco gear, to get IOS experience. Some information was mentioned about VMware, for installing operating systems to use and virtual networking.
After the first two chapters the author jumps into the various activities you can perform in the security lab. Each chapter included notes with a little additional information about the topics discussed in each chapter. At the end of each chapter is a list of “Exercises.”
The Bad
I could tell in the first chapter that this book has been sitting on the shelf of the publisher for a while. I could also tell that the author had a hard time filling the 400+ pages in the book. When I got to chapter 2 “Building a Software Test Platform” and it mentioned ReactOS, Knoppix-STD, and Virtual PC, I knew things were going to get bad. The author goes into detail about installing and running ReactOS.First ReactOS is an OS that has been in alpha forever and is useless. I know, I recently pulled down a current copy for a project I’m working on and tested it. Knoppix-STD has been in version 1.0 for the last 5 years if not longer. I can see why the author picked it. He referenced the FrozenTech LiveCD website, which also hasn’t been updated in 5 years. It still has WHAX as #1… The mention of VMware removed all doubt that this book has been canned for sometime. It mentions VMware Server as not being free. VMware server has been free since Feburary 6, 2006. I think it was fair to include Virtual PC but no mention of VirtualBox was wrong. You would think that if you had a book canned for a few years, that before you publish it, you would update the key content.
The Ugly
I know I am the last person in the world to judge editing, but the number of errors I noticed in this book was insane. It easily has the most errors of any book I have ever read, including the text books I review. I’m not talking about spelling or grammar errors, which I admit I make errors with all the time. I quote, “Wardialing is the act of driving around looking for open wireless access points.“ It goes on for the rest of the paragraph using the wrong word War Dialing when it meant War Driving. The book it full of errors like this in every chapter. I found two or three major errors on almost every page.
I would not recommend this book to anyone and here is why. If your new to security, and building your own lab, this book wouldn’t lead you down the right path. If anything it might discourage you. If you do know something about security, and want to learn more about updating your lab, this book is about 3 or more years behind in best practices. I’m going to guess that since the author has more certifications then letters in the alphabet, he knows the difference between War Dialing and War Driving. So I am going to blame the team of editors listed in the book for this cluster. I think that both the Technical Editor and Executive Editor really hurt Wiley’s reputation with this release.
