Security Books

In terrorizing America, Osama Bin Laden only got the ball rolling. Contrary to FDR's famous statement that the only thing we have to fear is fear itself, George W. Bush seems to believe that fear should be the prime motivator in engaging Islamic radicals and of them we should be truly terrified. With much of America and Congress cowed, Bush was given carte blanche to push his right wing agenda including massive tax cuts on the wealthy, an erosion of civil rights and a stunning reelection win using a campaign of fear. It was Bush who was instrumental in bringing Bin Laden's dream to fruition by galvanizing the Islamic world against America and driving a wedge between the U.S. and its allies. The author writes, `The strength of the U.S. government, including its ability to project force abroad, not only depends on its reputation for invincibility abroad, it also relies on its domestic legitimacy.' What Bush has managed to do is completely tie down the military, demonstrate to the world its limitations and tar the image of the United States as a beacon for freedom and law.

The author devotes an entire chapter to Dept. of Justice lawyer John Yoo and with good reason. Yoo's views on presidential power can best be summed up by a quote from his book `The Powers of War and Peace' saying, "the President's authority under the Constitution did not differ in important measure from that of a king" In other words everything Americans know about checks and balances and the founding fathers desire to rid themselves of a king is wrong. To support his assertion Yoo cherry picks through historical documents, omits contrary facts and distorts reality. Yoo is to political discourse what creationism is to science. What sets Yoo apart, besides the fact that he is the reductio ad absurdum of Conservative thinking on the concept of the Unitarian Executive, is that he actually went to the effort of putting his extremist ideas into a book. Yoo is unashamed in his belief that Nixon was right when he said, `When the president does it that means that it is not illegal' The views Yoo expresses are a mirror held up to the policies practiced by the Bush Administration, that the president in time of war becomes a supreme branch of the government answerable to none.

Yoo's most infamous statement, that a president could order the brutal torture of a child in order to extract information from a parent, leads into the author's next point. Why does the Bush Administration seem so adamant about having the ability to torture detainees? Besides ignoring Global Warming, engaging in torture may be the most shameful act the Bush Administration has involved itself in. John Dean speculated that torture is encouraged by the Bush Administration in order to satisfy the leadership's authoritarian egos. Mr. Holmes takes a different approach suggesting that the Bush Administration tortures as a demonstration to our enemies and allies that the gloves are off. The U.S. intends to match ferociousness with ferociousness. Similar to Bush's belief when governor that executions are good crime deterrents even if a few innocents die, the Administration seems to believe that torture should be done for tortures sake as a symbol. Torturing innocents and breaking international law is a means to an end because the U.S. looks that much more ruthless. The author writes, "The ticking time-bomb fable also suggests the quiet heroism of those who, defying moral norms and legal conventions, choose torture"

These are just a couple of examples from a book that is jam packed with thought provoking discussions about government and the use of power. I have read more than a few books on the Bush Administration's response to 9/11 but this may be the most intellectually profound, lucid and sober account yet. Stephen Holmes doesn't just recite the Bush Administration endless buffooneries he steps beyond partisan politics and establishes solid reasons for supporting alternative solutions. The Matadors Cape is a five star book that gets my highest endorsement.

Stephen Holmes, Professor at the New York University School of Law, has produced an exceptionally good book exploring the tangled arguments for the US and British governments' `war on terror'. He sums up that this war has been a disaster.

He describes the US state's "excessively violent, too broadly targeted, and patently counter-productive response to 9/11." He notes the odd assumption that "American immoderation will produce Muslim moderation." As he writes, "America's bellicose response to the 9/11 provocation was not only dishonourable and unethical, given the cruel suffering it has inflicted on thousands of innocents, but also imprudent in the extreme because it was bound to produce as much hatred as fear, as much burning desire for reprisal as quaking paralysis and docility."

Holmes demolishes the arguments used to try to justify the shift from getting Al Qa'ida to `America's gratuitous invasion and horrifyingly bloody occupation of Iraq'. He criticises idealist warmongering about the clash of civilisations, humanitarian intervention and democratisation. He notes, "Senators and Representatives who originally voted to approve a war on false pretenses have subsequently hesitated to criticize it, no matter how calamitous the outcome, because after-the-fact dissent embarrassingly reveals their own prior gullibility and lack of foresight."

He points out, "In Administration rhetoric, terrorism (a method for waging asymmetric war) is routinely opposed to liberty (a principle for organizing a modern society). The antithesis of liberty, however, is not terrorism but tyranny. So, when the Administration tries to place jihadism in the space vacated by Communism, turning it into the new global enemy of liberty, it confuses both itself and others." Gordon Brown uses the same bad comparison to continue Blair's war policies.

Holmes writes, "On the one hand, neoconservatives assert that Islamic radicals despise American values (such as religious toleration), not American policies (such as support for Israel), and deny that America's past behaviour has in any way provoked anti-American violence. On the other hand, they imply that the 9/11 plot was inspired and implemented by terrorists radicalized by Arab autocracies allied with or sponsored by the United States. This suggest precisely that 9/11-style terrorists hate American policies (backing the oppressors of Muslim peoples), not American values. They hate not the principles of American liberty but, rather, America's unprincipled support for tyranny. ... That is to say, jihadism, however repugnant, is not simply `evil' but has a perfectly comprehensible rationale. If we do not honestly grapple with this rationale, we will not be able to reduce the jihadist appeal."

He concludes, "the war on terror is bound to fail when conducted, as it has been so far, against the rule of law and outside the constitutional system of checks and balances." "To `go around the law' when combating terrorism is to regress into collective punishment. ... Waiving the rules will do the work of terrorists in this sense: it will recreate a world where violence breeds violence - where terrorism breeds torture and torture breeds terrorism. This will not be a safer world."

This book is mostly a collection of book reviews strung together with the goal of making sense of the US' foreign policy lurches after 9-11. Even that description makes it sound a little more coherent than it actually is, since there is also an interesting chapter that tries to explicate the mindset of the 9-11 terrorists. Furthermore the books reviewed uneasily fall into two different categories--there are those that are symptomatic of current American mindsets (books by Robert Kagan, Samantha Powers, and Samuel Huntington, for example), and there are books that Holmes considers somewhat useful for illuminating the world (books by Geoffrey Stone or Michael Mann among others). Nevertheless, Holmes is an able, lucid guide through this highly uneven pile of books and ideas. Furthermore, an overarching theme does crystalize. Holmes is insistent on the value of laws, international and domestic, which is not some sort of trick played on the powerful, but instead both creates an enabling context for the exercise of power and a check on the errors rulers are likely to commit. Those who underestimated the virtues of a lawful international (and domestic) order include not only the neocons in the Bush administration but also humanitarian liberals like Samantha Power. Holmes is also potent in describing the way the Bush administration could not let go of cold war binary frameworks to interpret the post-9-11 world, although these were woefully inadequate to the task. My main reservation about the book is that it tends to see the failures of the US/Bush administration entirely as a failure of understanding. There is little political economic texture that might help illuminate why these ideas thrived with so little effective opposition. Rather than requiring a new coalition guided by different principles, Holmes seems to hope that somehow the flawed thinking he documents can be corrected away.

New York University School of Law research director Stephen Holmes presents The Matador's Cape: America's Reckless Response to Terror, a scholarly examination of the failures, mismanagement, and worse rampant in the Bush-Cheney administration's response to the September 11th attacks, especially the deleterious ramifications of the war in Iraq. The Matador's Cape strongly condemns acts of terror and genocide, yet examines with equal suspicion the Bush-Cheney's administration's insistence in sequestering its intelligence and decision-making process from the public - and therefore from any solid opportunity to vette or cross-check its ideologically driven conclusions, with disastrous results. Also discussed is the significant yet by no means unilateral role of religious fundamentalism in propagating terrorism, the impact of rising birthrates in the Islamic world contrasted with falling birthrates in the Western world, the harmful and psychologically twisted effects of the Bush-Cheney administrations embrace of torture, and much more. A measured, well-reasoned and deftly persuasive treatise about the need for an immediate reexamination of America's current administration and foreign policy. Highly recommended.

After reading million books on derivative pricing, this one is the only one which defenitely combines a practical approach to it. You'll start learning about all the maths you need and all the building blocks, all by examples. And suddenly on Chapter 11, it puts it all together and effortless you can price any option with any payoff you can imagine, I got impress withmyself. I work at Credit Suisse First Boston and we have it in all the Quant's desks.

This is a great little book. I would put it in my category of 'original' books on quant finance, which includes books written by Paul Wilmott, Mark Joshi, Rick Osband and Neftci.

The reason being that the author uses a more informal style than most quant books and is very hands-on. If you're interested in understanding quant models and eventually applying them in the real world, then this is the kind of book you want. If you're looking for mathematical beauty and formalism, then look elsewhere.

The editors could have done a better job with some of the flow and formatting - maybe next edition (it is sometimes hard to link the text to the figures and tables).

Great book.

Consider first, this book's subtitle, "Tools for Incomplete Markets." A "complete market" (the kind assumed by the Black-Scholes-Merton model) is one in which any derivative product can be dynamically replicated by means of cash and the underlying asset. An incomplete market, then, is one is which the world of derivatives and their underlyings do not match each other in the point-by-point replicable manner implied by that definition of completeness. This failure to match makes for a necessary imperfection in hedging. That, of course, is the real world, where traders practice, as Scholes and Merton famously discovered in Greenwich, CT not long ago!

A variety of illustrations of this practical emphasis might be adduced. In the preface, for example, Dr. Cerný tells us frankly that in his experience "is it hard to understand the Itô calculus, but it is possible to get used to it and to apply it quickly and consistently...." [italics in original.]

I had the great pleasure of attending Dr. Cerny's lectures in mathematical techniques in finance. The lectures were structured around this book and were accordingly brilliant. The book starts off gently, to great relief for those who need to cover more basic mathematics in discrete time, before moving on to continous time and later introducing concepts such as Matingales and Browninan Motion. The book shows you how to derive such as the Black Scholes Formula, and introduces the Ito formula which is extensively used in pricing options.

Importantly, the book is clearly written and 'recycles' the exercises as it progresses from simple to more complex topics. I found this to be of great use since you already have an understanding of what the exercise is all about, intuitively and 'mechanically', and you can compare the methods and more readily understand what is going on in the more complex examples.

This book does not require a heave maths background. As always, the more the better, however, you can easily make great use of this book only with an understanding of simple calculus like derivatives and integrals. A basic understanding of linear algebra will also prove beneficial.

If you are looking for a book that will explain important concepts in finance, then this book is exactly what you are looking for.

Have not read the book totally but I have obtained very useful information from what I read.

Valuable background information for any network admin working with Windows XP or Windows 2003 networks. You can find all information on the Internet but this brings the most usefull information together to quickly get up to speed on how to configure a secure environment

Ben and Brian, (my ex-Microsoft colleagues) have done a great job at providing well-rounded, valuable and actionable coverage of almost all aspects of Windows Security. Good job guys!

Thanks,
Sanjay
Formerly, AD Securty PM
www.sanjaytandon.com

I have previously done a review of the First Edition of the Microsoft Windows Security Resource Kit which I was very impressed with. All what I said for that book still applies. The first book applied to Windows 2000 and XP Pro. Since then there has been a major upgrade for XP in SP2 and the introduction of Windows 2003 which the Second Edition covers. As with the first book this edition is great for anyone that wants to learn how to secure their Windows 2000/2003/XP Pro operating systems/networks and is geared mostly to administrator types though anyone with such interest including power users will find it extremely helpful.

In just under 700 pages no book can be all inclusive about Windows security. The Windows Security Resource Kit goes into detail on many commonly implemented topics like password/account policy and on others it shows you the basics of what is possible and then refers you to online documantation/white papers if you are interested in a full implementaion which keeps the book affordable, readable, and under 10,000 pages. For example there is a full chapter 25 with detailed instruction on how to implement 802.1X security for wired and wireless networks. For Software Restriction Policies there are three pages but that is enough to make a user aware of what SRP is, how it can help you prevent users from installing and running unathorized applications, and the basics of how to implement it. As a MCSE in Windows 2003:Security and a common newsgroup participant I am often amazed at the number of admnistrators that are not aware of many the security features of Windows 2000/2003/XP Pro such as SRP or in particular ipsec. They would benefit tremendously from this book.

The two chapters on privacy were dropped and more room is devoted to W2003/XP Pro. Though a lot of the content is the same as the previous version much as been revised or added. Below are some that I considered of note though my list is not all inclusive of changes.

CH3. A much better table with descriptions of well known sids.
CH8. Using EFS with Webdav to keep files encrypted on the network and sharing of EFS files.
CH9. Full list AND description of all services for Windows 2000/2003/XP Pro.
CH10. Windows firewall including how to configure for scope and exceptions, using Group Policy or scripted intstallations using netfw.inf. Improvements for ipsec in Windows 2003 including default exemption handling.
CH.11 Group Policy for wireless networks and Software Restriction Policies.
CH.12 Interet Explore securtiy and pop up blocker.
CH.15 One of my favorite chapters on auditing. Includes tables with listing of more Event ID's for object access and policy change.
CH.17 Listed specific service recommendations for domain controllers for both Windows 2000/2003 and also listed a recommended ipsec filter for securing a domain controller.
CH.19 Much is changed in 2003 Terminal Servies. - Use of Software Restriction Policies, smart card logon, and SSL for TS with SP1.
CH.22 For RRAS a big change is the cability of remote access quarantine control. A step by step is given with a link to sample scripts to use or modify.
CH.23 Implementation of role separation for certificate authorities.
CH.24 IIS 6.0 is disussed with it's security capabilities such as default install state, Automatic Health Monitoring, and the all important Application Isolation.
Ch.25 A whole step by step chapter on 802.1X for wired and wireless networks including Remote Access Policies, IAS, and deploying user and computer certificates. 802.1X can greatly increase security of WEP by using dynamic wep and forcing key renewal if you still have to use WEP.
CH.27 Briefy discusses Windows Update Services and its advantages.
CH.29 How to install and use the Windows 2003 SP1 Security Configuration Wizard to help select a computer profile for "hardening" to disable uneeded servces, configure audit policy, and use ipsec filters to block uneeded ports! In my opinion this is a tremendous tool that also has a rollback capability. New features of netstat are shown [note that netstat -b can be used to show executeable to port use though not covered in the book]. Two extremely helpful new tools - portquery and port reporter.
CH.31 Great table on using built in and third party tools to capture state of the computer for incident response investigation. I am surprised however that msinfo32 was not mentioned as you can use it to generate a very useful report to a .nfo file.

There is much discussion throughout the book on use of ipsec to protect your network with either ESP/AH encryption/integrity or the use of an ipsec "filter" policy to manage access to computer ports. Included are examples of ipsec filters for domain controller, wins, and DHCP. As much as I like the book I disagree with the recommendation on pages 375-376 on implementing ipsec for the domain by implementing a client/respond policy for the domain and then a server require ipsec policy for the domain controller container. Refer to KB254949 for more details and be sure to throughly test and ipsec policies on a test domain before implementing. Poorly planned ipsec implementation can cause havoc on a domain. I highly recommend that you read the white paper on Improving Security with Domain Isolation to see ipsec can do to protect your domain with the proper ipsec policies.

All in all I still believe that the Microsoft Windows Security Resource Book is a top notch book for anyone to own who wants to learn how to maximize security on their computer or network within their risk manangement paramaters. The changes in Windows XP Pro SP2 and more so Windows 2003 are very significant. If you already own the First Edtition but have upgraded to Windows 2003 or want to learn more about how Windows 2003 can improve your security then this book is for you.

This is by far the best ISA Server book on the market.
Worth every penny I paid for it.

This is THE book if you are looking to learn ISA 2004. It is structured in an easy-to-understand manner for windows admins who are familiar with Windows but may not have been exposed to ISA Server or are upgrading from ISA 2000. All in all this is the only book on the subject you'll need.

I found this book to be extremely helpful in understanding ISA architecture and how it might fit into our organization.

The book is well laid out, concise and readable. The first section lays out a high level view of ISA functions and provides a clear overview of how to assess which components are appropriate for solving specific network security issues. The section on deployment goes into more detail, explaining how to install and configure the various components of an ISA deployment. Part III on securing servers and services goes into the specific details of configuring ISA to protect messaging, web and RPC traffic.

Microsoft networking products continue to improve both in functionality and ease of use. Having guides like this make understanding and implementing new technology viable even for small organizations with limited budgets.

The book is poorly named. "Unleashed" suggests to me wild and wonderful things to do with complex features or even tricks and undocumented things. This is definitely a black Labrador on-the-leash kind of book, and it will get an administrator safely across the broad avenue that is an ISA installation. It's a great book in spite of the name.

I used "Unleashed" as a guide for installation of ISA Server 2004 (replacing ISA Server 2000) on the perimeter of a small office network that has ten servers on three different domains (including a web server and a mail server) and twenty workstations. I studied this book and Shinder's "Configuring ISA Server 2004" extensively before beginning the installation, and I had previous experience doing the installation and maintenance of the ISA 2000 installation that ISA 2004 replaced.

I preferred this book ("Unleashed") to the Shinder book as an installation guide, but I like Shinder as a reference because of its greater depth (twice as many pages). Both books promote ISA, but the Shinder books examines (in a defensive but very useful way) competing options to ISA more thoroughly. Shinder's book then would be more useful for those evaluating ISA versus competing products.

I also have the Microsoft MCSA/MCSE Training Kit. This book is the only ISA 2004 book that includes a 120-day trial version of ISA Server 2004. I have spent only two hours with this book but found the questions and answers at the end of each lesson helpful reflecting on key points. I did find a glaring error early on. It is not true that "the IP address assigned to the external interface [of the ISA server] must be routable ON [emphasis added] the Internet." The truth is that this IP address must be routable TO the Internet; and a private address (10.1.1.1 for example) will do just fine if there is (as in my case) a router with a public address between ISA and the Internet. Microsoft books are of coure authoratative and prep well for the exams in spite of an occasional error.

Our ISA server is connected on the Internet side with a private (nonroutable) IP address to an $89 Linksys router, which is configured with simple firewall filters. The Linksys router has a public IP address and connects to a Verizon DSL modem. A laptop in the DMZ between ISA and the router is used for testing ISA protection. The ISA server of course could be connected directly to the DSL modem; but we like the presence of the additional appliance (the Linksys router) as an additional level of defense. We run GFI (number one Exchange spam filter) on our Exchange server since ISA and most other firewall products only do token spam filtering.

"Unleashed" provided sufficiently detailed and accurate guidance for each step that I took: hardening the OS, installing ISA, configuring the networks attached to the ISA NICs, setting up firewall rules, publishing an IIS web server, publishing an Exchange mail server, and setting up Outlook web access. The total time required was only two hours even with a couple of errors.

ISA is a complex product with routing, caching proxy and reverse proxy servers, firewall (including stateful and advance application level inspection), VPN server, and simple spam filter. Michael Noel in "Unleashed" clearly shows how to use the greatly improved ISA administrative interface with its templates and wizards to configure my simple architecture and also more complex architectures that place servers in the DMZ as well as the limited single-homed topology with the ISA server in the DMZ. My company is not using VPN, but the book provides thorough coverage of VPN, which many be mission-critical to those with branch offices and road warriors.

Lastly, if you are new to ISA, be aware that ISA 2006 was released as a beta earlier this year. Many reviews suggest that ISA 2006 is not a major change. Microsoft says that upgrading from 2004 to 2006 will be supported. Amazon shows no titles as yet for ISA 2006. My guess is that the final release of 2006 will not come before the end of the year.

This is a great book for those who would like to understand how the Middle East really works and thinks. It contains information not readily published about America's challenges in the region. It looks forward to what we can expect from this area and gives an understanding of why and what we are doing there now. Mr. Robison's experience there, working with military, intelligence, and business sources along with his love and knowledge of the cultures of the area, give this book depth and breath not found in other publications. A great read for anyone who really wants to understand our involvement in the area. I gained a completely new understanding of our challenges, opportunities and risks as he explained them from the perspective of the power, governments, culture, and history of the people there.

The MIDDLE EAST WAR PROCESS is easily understood by the lay reader, yet interesting and informative to anyone working in or studying the Middle East. The book provides new, unusual and little-known facts explaining America's challenges and long-term problems in the region. The United States has shouldered a long-term commitment in the region that will last for generations. The MIDDLE EAST WAR PROCESS offers insights into ways to make this transition less painful, if we will learn from the past.

With American interest in the Middle East at an all time high, The MIDDLE EAST WAR PROCESS is an insightful and interesting book.

I found this book easy to read and very informative. The writer explains in lay man terms why the Middle East is so relevant to America's interests. In addition, he explains that there is a "war process" in the Middle East as oppossed to a "peace process" (a quote from Shimon Peres if I recall correctly).

I highly recommend this book to anyone who wants a fresh, interesting, and personal analysis of the situation in the Middle East.

I had the opportunity to interview Richard Robison for a two-part article in Utah Spirit Magazine (March & April 2004), and in the process I read "War Process." I found a thoughtfulness that only nearly a quarter century in the Middle East could deliver, an insight that only a CIA case officer could gain, and the kind of read that only a master storyteller could create.

The message of the book is tactful, but very forward. Robison loves the Middle East, its culture and people, but he doesn't let that stop him when it comes to calling a spade a spade. The pages of "War Process" contain many elements of U.S.-Mideast foreign policy that readers won't currently find in mainstream media. For instance, Robison examines the Islamic "taqiya," where "a lie is not a lie," and also how terrorists often exploit the idea that "Americans don't bleed well" to create incredibly damaging attacks on American forces and civilians.

"Fear the man who has little to loose," Robison warns.

Robison also spends a great deal of time examining the gap and overlap between Islamic and American cultures. He uses many personal experiences to show how little known parts of Islamic culture, when overlooked, can create a great embarrassment and, in some instances, a great divide. He also explains how popular American culture with all of its tantalizing skin and revealing clothing has become the perfect recruitment tool for terrorists.

He offers an interesting insight into why the US went into Iraq, even toying with the idea that America might have had some part encouraging the first Iraq war. And however incredible such a claim might seem, Robison was there as part of the Gulf War Task Force, something that few others can claim. He was there.

Robison says that America is in the Middle East to stay. It has little to do with the price of oil, and yet it has everything to do with the security of oil. For the answers, Robison says, look to China, its increasing dependence on oil, and a future conflict that many intelligence experts (both American and Chinese) say is inevitable. America is in the Middle East to place a firm hand on the spigot---a tactic similar to one that America employed against Japan in WWII.

The book is beefy with ideas, but it can be read fast. Robison keeps the info simple and critical, never wasting his readers' time.

I absolutely recommend "War Process." Readers will find that many of the more cryptic reports in the world press more revealing. There's a lot to miss out there when, as Robison said during the interview, "you don't know what questions to ask."

The book is in excellent condition, but try to find out the reason for the delay by the post office, and try to avoid it. It does not make sense to receive the book a month after I make the order, especially I have upgraded the posting service.

I teach undergrad business and economics, and have found this text to be very effective with my students, particularly as a follow-up to macro 101. One of the best things about the text is that it is well integrated; other texts seem somewhat choppy or fragmented.

This is an excellent undergraduate text on financial institutions and monetary economics. The exposition is rigorous yet avoids abstruse math. The best part is the section on monetary economics, where the author dispenses with IS/LM analysis and instead directly analyzes aggregate supply and demand. He writes from the perspective of a central banker (which he was), showing how central banks use interest rates to influence inflation and output. The writing is quite clear, and the numerous sidebars on historical and contemporary issues are excellent. Although some subjects (such as exchange rates) could have been developed in greater depth, this is a great textbook overall.

Ideological footnote: Many undergraduate econ books assume (more or less explicitly) that disturbances in the macroeconomy are eventually self-correcting. This book has a somewhat different starting place: it takes it for granted that regulators will oversee the banking system and that central bankers will act to close output gaps and keep inflation under control (in fact, the latter assumption is built into the author's construction of the aggregate demand curve). According to the author, modern central banks have developed a fairly good understanding of business cycles and know how to moderate them through the use of monetary instruments. Let's hope he's right.

I've read the books of Mishkin and Hubbard, also well written pieces.

However, Cecchetti seems to be able to explain concepts with more clarity and in a way that makes one remember the various theories long after reading the book.

He should try to develop further the chapter on futures and give more emphasis on hedging, since this is the trend financial markets are moving towards these days, without having to impinge on books devoted solely to the topic.

He may also want to expound more on the chapter covering foreign exchange and international markets, to make the book more relevant to international readers.

on the chapter on monetary policy, since he touched on foreign central banks he may also wish to write about how other countries implement monetary policy, esp how the Bank of England uses the repo market to conduct money easing/contraction.

Am looking forward to a much-improved version in the future.

I have been buying Morningstar books for mutual funds since 2006. There are a lot of books about how/what mutual funds are, but this is the only kind available for evaluating PAST mutual funds performance. (The other one is from Lipper, which is only available from the web).

Morningstar has a long history to keep track of mutual funds and ETFs data. This gives them an advantage to publish their views on various mutual funds. However, readers must be aware that the ratings are based on historical performance. Nobody can predict the market, but if a fund manager performs well over a long time, it is very likely he/she will perform well in the future.

This book also provide some insight info such as the manager has his/her own money in, and risk data. A plus of the book is that it provides 50 free mutual fund reports downloadable from Moringstar website.

A must have for mutual fund selectors.

I really enjoyed the analysis provided, it seemed to cover most of the bases I wanted to learn about, expenses, tax efficiency, volatility, returns.
Obviously it gets dated. It appears to be published early in the year. Be sure to get the latest.

While many people buy mutual funds because they find them easier than building their own portfolio of individual stocks, in fact buying into these funds is in some ways more complex than buying individual company stocks. How do you know what the fund in invested in (companies and sectors), fees, turnover, who the manager is, what their performance has been, how the fund has performed relative to its peers, and much more? It is not an easy task. This handy book provides you with loads of great information for 500 funds picked by Morningstar.

This isn't to say that you should necessarily buy the funds listed here. Morningstar also includes funds you should probably avoid (you have to make your own choices as to what is right for you). One of the interesting things I notices is that simply because something has a four or five star rating doesn't mean that you should buy the fund. This is due to the past performance versus future return probability. It might well be that a well performing fund is now trading at a high price and that the likely future return cannot justify the price. So, the analyst rating also has to be balanced.

The editors have packed a huge amount of information onto each of these pages. You get a snapshot of governance and management (with a stewardship score), a chart of performance, a graph with an historical profile, a star rating including risk for several periods, a portfolio analysis, and a few paragraphs providing Morningstar's take on the fund, and contact information. In the back of the book are several lists that slice and dice the various funds different ways according to specific criteria.

Since funds do not remain static for the entire year, another nice feature of the book is that you can download up to 50 fresh charts during the calendar year. One word of caution that I learned by hard experience is that if you block pop-ups, you need to make an exception for Morningstar. You will try to download the new chart, your count will decrement, but you won't get the chart because you browser will have blocked the pop-up containing the new chart! That was a tad frustrating.

Terrific and interesting information.

Reviewed by Craig Matteson, Ann Arbor, MI

Great book very informative,a must have if looking to invest in mutual funds

Best book I ever red about mortgage-backed securities. I recomend this book for everyone who work with mort.back securities.

While you can use this workbook with the text, it is also very useful by itself. In fact, I didn't know it was a companion to a book until after I bought it.

The topics are covered in enough detail to answer all those small questions I have. In addition, it's the only book I've found that leads the reader through the details of building a simple prepayment model. There are some advanced questions in the book for more mathematically inclined readers.

This workbook was written as a companion to "Mortgage-Backed Securities" by Davidson and Herskovitz. Frankly, I think this book works much better on its own and I would recommend Fabozzi's "Handbook of Mortgage-Backed Securities" instead as a general guide to the subject. The workbook confines itself to a limited number of topics but it covers these very well. Beginning with simple cash flow and yield calculations, the authors move on to provide guidance on (simple!) prepayment modelling, basic structuring, the yield curve and regulatory tests. The approach is attractively practical, and I think of this text as a useful secret weapon to have up one's sleeve.

Best book I ever red about mortgage-backed securities. I recomend this book for everyone who work with mort.back securities.

That's just yet another great title from Cisco Press! There are just too many books available on MPLS both as a technology and service enabler, but it's hard to see a book that focuses on only one aspect of MPLS applications, i.e., MPLS VPN Security. I just love the fact as to how the book is structured to serve both novice and the advanced user to MPLS VPNs and its Security aspects. I like the idea that authors keep both enterprise and SP implementation aspects of MPLS VPN. Information throughout the book is precise, up to date and easy to follow. Book is structured into four Parts;

Part I focuses on MPLS VPNs and network security fundamentals, upon completion of this part you are not only up to speed with the key security concepts for analyzing MPLS network scenarios and where security needs to be implemented (i.e., zones of trust) but also the complete threat model for it which even discusses on securing NOC.

Part II introduces you to advanced concepts of MPLS VPN security, i.e., Inter-AS, Carrier's Carrier (CsC) architectural security. Authors do a good job of keeping in check the security issues which are independent of MPLS and need to be solved separately. They also make it very clear that security is an important network design aspect and how some design decisions can make an entire network insecure. Chapter 5 is mostly a re-hash of basic network security fundamentals in Cisco IOS feature set.

Part III walks you through the practical guidelines of how IPSec complements MPLS and security of Layer 2 VPNs and concludes with how you can effectively operate a secure MPLS VPN core. Authors make it clear that both technologies work together very well, but before considering IPSec into MPLS, one should clearly outline what are the goals (basically when to use PE-to-PE versus CE-to-CE encryption etc.).

In Part IV, the chapter I like most is the "case studies" - it provides use cases, application examples, and best practices guidelines for the key concepts discussed in the whole book.

This book discusses security in the context of MPLS VPNs Security and other related aspects (like Internet access within a VRF, Extranet or common services etc.). Both authors are very well known at IETF and Distinguished engineers at Cisco Systems. Their experience in the areas of network security and attack mitigation shines throughout the book.

Overall, I strongly recommend this book to all network security engineers as MPLS (due to its inherent advantages and applications) is gaining momentum not only in the service provider space but also in the enterprise market segment.

This is one of the few books I've seen that starts off with a discussion of just what is secure. Secure from the casual hacker that might try to get into your network is one thing. If the resources of the NSA are applied to getting by your security it's an entirely different matter.

The second chapter continues this analysis through the design of a threat model. Just what is it that you want protection against?

The chapters that follow go into the design of a secure system, followed by some case studies that are used to illustrate the theoretical discussion points from the previous chapters.

It would be nice if the world out there were a friendlier place, but it isn't. If it's your job to set up a secure system using MPLS, this book will provide the basic background information you need before you start entering parameters into the various security devices.

A very good examination of MPLS security that goes way beyond "its just like Frame Relay". The authors do an extremely deep dive on those aspects of MPLS technology that may effect the security of carriers who run MPLS or enterprises who utilize MPLS services. This is a rare book of interest to both carrier and enterprise network engineers. There is also some excellent coverage of link layer MPLS technologies and their security issues. It should be noted that this is not a primer on MPLS nor is it an MPLS book for security engineers. Instead it is (so far) the best available work on MPLS Security for network engineers who are already familiar with MPLS and WAN technology. Strongly Recommended.

MPLS VPN Security (Paperback)
by Michael H. Behringer, Monique J. Morrow ISBN 1587051834
As Multiprocotol Label Switching (MPLS) is becoming widely deployed for providing virtual private network (VPN) services. Security becomes a major concern for companies planning to migrate from the legacy VPN's to MPLS VPN's. This book provides an indepth look at what are the real security issues that both service providers providing MPLS VPN's and companies utlizing such services face. The authors provide a clear understanding of how the MPLS VPN's work differently from other VPN technologies.
The book is divided into four parts MPLS VPN and Security Fundamentals form Part One. The first part of the book provides an excellent overview on the three basic components of security: the architecture, design and operations and defines the "zones of trust" for an MPLS VPN environment. It provides an excellent Security Reference Model for MPLS VPNs. The various threats to a VPN are broken down into parts for better understanding, like threat, intrusion, Denial of Service against a VPN. Threat against an Extranet site. Threats against the core, and from within a Zone of trust.
Part Two of the book provides an analysis of Advanced MPLS VPN Security Issues like VPN Seperation (Address Space and traffic), Robustness against attacks (where and how), protection against spoofing, Specific Inter-AS considerations and comparisons. And other issues not addressed by the MPLS Architecture. It examines in detail Secure MPLS VPN designs and shows how to design a DOS resistant network and the tradeoffs between DOS resistance and network cost. The security recommendations provide tips on general router security, basic templates and ACL Examples. CE-Specific router security and topology design considerations. LAN Security Issues. CE-PE routing Security Best Practices. IPSec both CE to CE and PE to PE. And a comprehensive checklist for securing Core and Routing.
Part Three provides practical guidelines to MPLS VNP Security and shows how IPSec complements MPLS. It explains the deployment of IPSec on MPLS and use of other encryption techniques. It underlines the importance of security of MPLS Layer 2 VPNs and the various generic Layer 2 security considerations. The section ends with providing a plan for the operation management and maintenance of a MPLS core. It deals with the secure management of CE devices, management of VRF and VRF details.
Part Four provides deployment examples and lessons learned, highlighting theoretical discussion points from the previous chapters. It also provides various scenarios for internet access and points out security considerations for each example.
The coauthor Michael H. Behringer is an active member of the IETF and has published work on MPLS VPN security since 2001.
The coauthor Monique J. Morrow (CCIE # 1711) is active in both IETF and ITU-T SG 13 with a focus on OAM. She is currently engaged in MPLS OAM standards development.
I feel this book would be extremely useful for security and operations staff of enterprises that deploy MPLS or subscribe to a service based on MPLS.
I give this book 5 stars on a scale of 5, 5 being the highest. I strongly recommend this book.
Niloufer Tamboly, CISSP

This book is fabulous! Clear and precise, it answered all my questions. Since I am just getting in the investment game, I was pleasantly surprised to find a book so easy to follow for the novice. Kudos to the author! I am really looking forward to Dr. Jones's next book!

I really don't know much about investing. I even avoided those type of courses in college (majored in the life sciences). But I realize that now that I'm a home-owner and making money I need to do something about my future. I'm not a big fan (at all) of the "For Dummies" series of books, so I wanted something a little more informative but personal. While browsing the books I came across this book and found the layout appealing. With chapter names like "Understanding Mutual Funds: The Nitty-Gritty Details" and "Seduced by the Dark Side" I thought this would hold my attention. Upon browsing the first few pages of some of the chapters I also realized that the author took care to write for a varied audience, which I appreciate since this subject somewhat scares me. All in all: job well done! I have read the book from cover to cover and I even made notes in the margins and bookmarked some of the pages. I'm ready to start investing, and I'm much more confident now! Thanks!!

I was asked to review an early draft of this book. I'm really glad I did! Like many other people, I'm recently retired, need to stay tuned to the stcok market so that I can keep my "nest egg" wisely invested, but would much rather be outside playing golf, tennis, etc. I want to enjoy every minute of of each day, and the last thing I want to do is study and play the stock market! So, I don't, or at least not nearly as much as I should.

This book was exactly what I needed. I learned a lot more about mutual funds than I had expected to learn and it was written so that I could easily understand it. Subsequently, I'm making changes that will simplify and improve my investment strategies and will allow me to play golf without that little voice in the back of my head telling me that instead, I should be sitting at my desk studying the "market"!

If this all sounds familiar and you can relate to what I'm saying, then read it! You'll be glad you did!

This book is great and I felt that Dr. Jones had written it just for me. He is right, it is my money and my choice to make good investment decisions. After reading the book, I feel like I am ready to avoid the pitfalls and invest in mutual funds. Thank you Dr. Jones for writing a book that even I can understand.