Security Books

In this book the author blames the initial assault on David Koresh's Mount Cramel property on the ATF. He neglects to mention that David Koresh had enough guns, hand grenades and illegal automatic weapons to outfit the Kosovo Army for it's next Revolution.The BLAME lies with David Koresh and his followers. When you amass such as stockpile of ILLEGAL weaapons then you should expect a visit from the authorities which is exactly what happend . And due to Koresh's arsenal he managed to "outgun" the ATF and four good Peace Officers were murdered. All of this occurred because that madman and psychopath Koresh thought he had a "Direct Hotline" to God. Those 86 people chose not to surrender. Perhaps they thought the seige would end with flowers and free bottles of French Champagne? It seems like nearly everybody wants to blame somebody else for the Waco Incident instead of laying the blame at Koresh and his followers.I give this book 5 stars because no doubt it will apeal to the Paranoid Conspiracy Theorists out there and the Survivalist who now think their Government is "The Enemy "ever since Russians turned out to be nice people after all.

Kopel and Blackman did more than just their homework on this book. It is perhaps the most factual yet interesting critique on the way in which federal law enforcement operates today. The attack on Mt. Carmel is a very important even in the history of this nation and only from our mistakes can we change the future. This review I believe is especially credible since I read but certainly don't always like David Kopel's writings. Highest recommendation and a great source for research papers.

A very impressive accomplishment. There is a tremendous amount of detail here -- right down to how the ATF's name evolved from BATF -- but presented in a compelling and readable way.

This book is unusual in that it does not slant everything in one direction; it refuses to classify those involved as unambiguous good guys or bad guys.

The scope of the book goes beyond what's implied by the title. There is plenty of fascinating history here, many references to other law enforcement debacles. A compelling case is made that law enforcement has become too militarized and too federalized. The discussion of how "groupthink" on both sides (the government and the Davidians) leads to this kind of tragedy is especially excellent.

I've long wondered why liberals and conservatives seem inverted on Waco. Liberals are thought to be strong on civil rights, including religious freedom, and anti-military. Conservatives are thought to favor strong law-and-order. The authors explain this puzzle: the Congressional hearings quickly degenerated into an attempt to embarrass political opponents rather than a dispassionate search for the truth. The American public and the media took their orientation from Congress to a large extent. If a Republican had been president at the time of Waco, it's very possible the sides would have been reversed.

The authors show very clearly that the real problems with law enforcement have been building regardless of which party controls the White House or the Congress. I hope some legislators read this book and take the excellent reform suggestions to heart.

Once again David Kopel (and Paul Blackman) gets to the bottom of things and shows what the Waco disaster was all about. If you only read one section of this book, read the part detailing the search warrant. It appears that all the death and destruction (on the part of both the Branch Davidians and the BATF agents who were killed) was brought on because of a failure to pay a several hundred dollar tax on a firearm.

This book focuses on Waco but also delves into the expansion of federal law enforcement and the effect it has on civil liberties in this country.

As per the United States Constitution, the federal government should have law enforcement jurisdiction over the following acts: piracies and felonies committed on the high seas, offences against the law of nations, and counterfeiting the securities and current coin of the United States.

Something has gone terribly wrong.

Read this book. Then read anything else that David Kopel has written. It will be well worth your time, and you will be well educated about the erosion of our rights as citizens.

This work is not only an outstanding explanation of the Waco and Ruby Ridge incidents, but a critical review of modern federal law enforcement. The book goes beyond sorting out -- in meticulous detail -- what really happened in these debacles. Even more valuable is the objective analysis of the abuses and excesses of federal law enforcement, along with suggested remedies.

This book is a "must read" for anyone concerned with civil liberties or law enforcement.

"Trust used to be all about a handshake - and nothing has changed..."

So begins Appendix F in Vacca's book. The entirety of the book defines that critical handshake, which has been made so much more complex by Internet
freedom and opportunities. Layers of certification and handshaking, both online and offline, hashing, third parties, CA's.

Vacca includes costings, comparatives, definitions, implementation instructions, and white papers written by others with expertise in the area.

This book is a 'must read' for those of us working in IT security.

As usual, John writes a very timely book on contemporary IT issues. Most people are still afraid to use their credit cards on the net and businesses have huge constraints in terms of what can and can't be done through the web. As the rules of the game toughen for the every-ready hacking minds, government are also cracking down on such culprits, however, for the average user of electronic commercial transactions, there needs to be a stronger feeling that their money is safe. John's PKI book helps to educate those with this understandable concern, that it may now be getting safer to do business on the net.

This book covers the entire spectrum of PKI technology with an emphasis on the pratical aspects of design,implementation and use. As an IT security professional, I have found this book to be extremely useful in my job as we must constantly be on guard and make use of the latest technology to stay one step ahead of the multitude of security threats we face on a day-to-day basis.

To successfully transact business on the worldwide web, a secure network is essential. John Vacca's book explores public key infrastructures (PKIs)as a technology to provide that security. This book would be a good resource for anyone responsible for maintaining network security in big business or small.

"Trust used to be all about a handshake - and nothing has changed..."

So begins Appendix F in Vacca's book. The entirety of the book defines that critical handshake, which has been made so much more complex by Internet freedom and opportunities. Layers of certification and handshaking, both online and offline, hashing, third parties, CA's.

Vacca includes costings, comparatives, definitions, implementation instructions, and white papers written by others with expertise in the area.

Previously a developer and implementor, and now a user, I wish that we had had this information then when we were implementing PGP, and I can only hope that my host sites now are compliant.

Ron "Ragen" Ross is THE MAN!
This book is packed full of useful and easy to understand information for absolutely EVERYONE! I have read many similar books by other authors and they fail in comparison. If you use MONEY, and we all do, you would be doing yourself a huge disservice by not buying this book ASAP!
Go Ron and Reno! You did it again!

This is the most eloquent, most entertaining, and most convincing attack on "beating the market" that I have ever read. The author has a PhD in economics but writes with a journalist's skill. His prose is fluent, readable. I thought the most interesting part of the book was the chart comparing the performance records of golf pros to the performance records of mutual funds -- an extremely effective presentation. Do I think any of his arguments can be refuted? Yes...a few. But on the whole this book is a balloon-bursting attack on active investing.

Very solid book, a great beginner to intermediate education on the market. Not for the novice, but for the fairly familiar person who knows how to do there own investing you would very much enjoy this. If you are a complete novice this would not be the place to start. Check out Suze Ormans book "The road to wealth" and learn the basics on stocks, mutual funds and bonds. Then read this...

This is the best book I have seen regarding investing for retirement. Don't waste your time or money trying to beat the market, just understand Dr. Ross' basic principles for dealing with a volatile market. Forget the "get rich quick" models and come down to earth and use common sense and indexing. The first 2 chapters alone are worth the price of the book.

My career as a retail stockbroker for six years, then for twenty-seven years as an institutional stockbroker selling portfolio analytics and investment research to professional asset managers (pension plan managers, mutual fund managers, and hedge fund managers) has provided me with the opportunity to explore modern portfolio theory, market efficiency, and the investment returns of active managers. I have read many of the books and academic papers Professor Ross uses as resources in this very coherent and thorough explanation of why the attempt to "beat the market" is futile, and fraught with risk.

Professor Ross uses his deep understanding of statistics, economics, and behavioral finance to explain market efficiency. He weaves a tight, coherent, and entertaining explanation of why the statistical evidence (manager performance databases) demonstrate most active managers cannot sustain above market performance for any significant time period. And he explains the risks of believing that the few active managers who have "outperformed" will continue to do so.

Professor Ross' book is the drawstring that pulls the elements of the Efficient Market Theory into a focused, concise, entertaining, and very readable format. I give Professor Ross' book my highest recommendation.

I use this book and also the author's AD cookbook daily to help with supporting our global Active Directory server infrastructure. This is an absolutely indispensable reference.

This book is a great resource covering a wide variety of interactions with Windows Servers. Whether you are new or experienced, this book is an invaluable tool.

We're a software engineering company, and I maintain our internal servers (6-7 servers) as well as provide customer support on our products. A lot of that involves asking for information from the customer - and this book helps in putting together scripts that I can send out that will send back information to us that avoids us asking to exchange 5 emails to get the same result. Anything that saves my time - and our customers time - is worthy of purchasing. Well done, well organised book - and the author returns emails!

This book is not one for beginners who don't know what they are doing and are looking for detailed explanations of topics. This is made purely for the admin who needs to get a job done, and quickly, and knows already what they are trying to accomplish. I really appreacieate all the scripting examples and also how Rob puts in some great building blocks for scripting (like how to redirect your output to an excel file rather than just the usual Wscript.Echo output that you can redirect to a text file or to stdout). Great Job Robbie!!

This book has a sound foundation for managing a windows 2003 server. The chapters are logically organized. I used some of the examples in the book to migrate some file shares in my network from unix to windows, the book was there for the rescue (the fact that the author has a solid windows/unix experience makes this book even more attractive). The solutions in this book include windows scripting, an area that is seldom talked about in windows literature. If you are serious about managing a windows 2003 server competently then you want to have this book in your arsenal.

This book was a revelation, I see too much of myself and mistakes I made. A must read for any investor!

It is a must read for anyone who is serious about investing. Great investment details with personal stories, and it can be beneficial to both experts and beginners.

Making money in the stock market would be a lot easier if we did not succumb to the whim of our emotions. In order to beat the stock market, you must assess your weaknesses and overcome these emotional traps: envy, pride, lust, avarice, anger, gluttony, and laziness. The author explains how all of us are sinners, but some of us can be saved.

Simply saying that you will avoid making these mistakes is easy but doing so when under the pressure that the market inflicts is much more difficult. Every trader needs to go through the list of emotional breakdowns above and think about how they react to these emotions. Write down the mistakes you make because of fear or greed. Think about times when you have been reckless in your trading and write down a plan to overcome them.

Before you make another trade, create a plan to overcome the seven deadly sins of trading. Doing so will do more to your profit than anything else you can do.

SEVEN DEADLY SINS OF INVESTING: HOW TO CONQUER YOUR WORST IMPULSES AND SAVE YOUR FINANCIAL FUTURE probes the psychology of investors and investments, sharing the knowledge Maury Fertig has gained from a long career at Salomon Brothers to help save investors from their self-defeating impulses. Each investment decision holds possible dangers: the author analyzes common problems and paths and offers up solutions based on psychological insights.

Diane C. Donovan
California Bookwatch

This is an unusual book on investing, as it provides neither advice on investing nor investment strategies. Instead it focuses solely on explaining the negative impact of specific investor emotional traits on investment performance. It is written in an easy-to-understand, friendly, conversational style.

Specifically, Fertig covers seven psychological factors that result in causing investors to perform poorly. These factors include: envy, pride, lust, greed, anger, gluttony and sloth. He covers these topics one at a time, and includes interesting personal stories and examples that clearly illustrate his key points.

From my own investment experience spanning 49 years, I can attest to the critical importance of keeping your emotional behavior and psychological weaknesses in check, otherwise investment results suffer. Too many investors buy at the top and sell at the bottom, because they were never strong enough to overcome their weaknesses. Hopefully, by reading this enjoyable book and thinking about their own situations and need for discipline, and taking corrective ACTION, the reader will improve his/her investment performance.

We live in an age of instant gratification, instant messaging, and an overabundance of stock market commentary from the TV talking heads and media outlets. All this extraneous information (not knowledge) negatively impacts investors thought processes. Investing is not a game and should be considered a place to have fun. Investors need to get control of their internal weaknesses and realize what factors need to be overcome to be successful. This book fills that need very well. Along with books on charting and stock market strategies, this book is part of the trilogy of books that potential investors need to read to become successful.

Practical and effective. A balanced book with an understandable writing and depth of analysis.

At the peak of the dot-com bubble, buying Internet stocks was momentum investing at its most pure - get in when a new stock or sector is on its upswing, and get out while the gettin's good. But Peter S. Cohan has created new criteria for Internet investors to apply in the traditional method of fundamental analysis. Instead of looking to old-line gurus like Graham or Buffet for advice, Cohan draws on the business strategies of John D. Rockefeller to come up with fresh e-commerce attributes like economic leverage, closed-loop solutions and adaptive management for investors to measure. We [...] recommend this book to executives, employees and students with equal vigor, although consider yourself forewarned that Cohan's extended barking-dog analogy will grate on your nerves. Nevertheless, anyone who invests in Internet companies or even traffics in Internet commerce for business or pleasure will gain insights from this book, regardless of whether Cohan's investment criteria prove to have staying power.

This is the most lucid, sensible analysis I've read thus far of the likely implications of engaging in e-commerce from different strategic perspectives and business models. Cohan provides a valuable framework and applies it to scores of real cases. I find myself returning to his book time and again to apply his methodology. His only off-base advice: don't invest in companies led by folks over 35. I'll forgive him that one. The rest of the book is a real gem. It should age well.

I enjoyed the book tremendously, and think Peter's done a fabulous job dissecting the Internet investment frenzy, providing the logic to the momentum everyone else seems to have missed.

This book is good for Newbie to the internet but certainly don't worth a look for someone looking for insight.

The framework is nothing new but more or less a simplified business plan.

In Chapter 13, Advice for Internet Management and Investors sounds like a common sense and existing strategy using by most of the dotcom. Common Sense: Strategy 1 of those advices is moving the company into a more profitability region in short. (It dividies the market into 3 levels of profitability. so called Lossware, Brandware and Powerware. Well, no matter if it is New or Old economy, there is always different degrees of profitability.)

Existing strategies: Selling out of a porfolio builder, deep pockets and restructuring. We are seeing consolidation in the market a long long time ago and a lot of big or small players already know it is the way.

This book is more like a news reporting and a lot of newly invented words cannot make this book a standard of new economy rules but disappoint me only.

Very clear explanations of the core security technologies. The author doesn't shy away from the hard subjects, and makes them quite accessible. The IPSec chapter is the best explanation of the subject I have seen anywhere.

I used this book to pass the CCIE security written exam, and highly recommend it. It is also a very good reference for practicing consultants and network security architects.

Not only for exam preparation, this book is for every Cisco lover. Covers a lot of stuff, took me over 2 months to finish but I feel way more knowledgeable now.

CiscoPress's "Network Security Principles and Practices" by Malik is truly an awesome work. The book weighs in at over 750 pages, and not a page is wasted. The book is split up over multiple sections (Intro to Network Security, Building Security into the Network, Firewalls, VPNs, IDS, AAA and ISP Security). I have found this book of value as I pursue my CCIE Routing & Switchng lab and to better enhance my basic understanding of Cisco's vision towards network security. I also used this book to prepare for my CCSP and CISSP studies.

Practically on every page is either a diagram or detailed configuration explaining the subject at hand. In particular, the configuration examples are extremely helpful as the configs, themselves, are appended with detailed notes of their syntax. Chapter 13, IPSec, is probably the best one-chapter discussion on Cisco's implementation of IPSec and VPN I have found anywhere (and I have over 50 CiscoPress books). Another testament to it's superb level of expertise is the few and far between typos or errors that I have found.

One item to note - you will need to block off a few weeks (or months) to fully understand and appreciate the value of this book. I reference this book often, as I find information in this book I cannot find documented or presented the same way in other books.

I give this book 5 pings out of 5:
!!!!!

Very, VERY good. The IPSec chapter alone is worth the book, and the AAA chapters are _great_. Saadat has been able to explain in a great technical level and very clearly subjects which you're going to find in your day to day work - if working with Cisco and security. But not only that: chapters about IPSec, RADIUS, TACACS, are of value even if you do not use Cisco gear.

Missing from the book: a better chapter on NAT, PPTP. Saadat should write the 2nd edition adding those two topics, updating the IDS section, IPSec (including NAT-T), maybe add a little something about SSL VPNs, PIX 7.0 ? The section on ISP security could also benefit from a refresher (CoPP, uRPF?)

4.5 starts because it shows it age - otherwise, 5 stars for sure.

This is one of the first books I read for anyone preparing for CCIE Security. I found this book to be very comprehensive in its approach. The author has combined all the network security technologies in one book and now this is tough. It starts with an Introduction and then builds on that. It covers the whole nine yards VPN's Firewalls, IDS, Access Control. The Troubleshooting part of the book is very helpul to working professionals as it starts with troubleshooting NAT and then covers everything from Firewalls (PIX and IOS), VPN's, IDS and AAA. A lot of issues can be resolved just using this part of the book. I recommend this book as it will surely help everyone looking for everthing about security. This book is a must read for professionals pursuing the CCSP and CCIE Security Certifications.
Niloufer Tamboly, CISSP

During the mid-1990s NYC experienced a dramatic drop in crimes. "NYPD Battles Crime" begins by examining several alternative (non-police) explanations for this improvement. One alleged that the number of youths 14-17 had declined - actually it increased slightly. Simultaneously, the prison population did increase at an annual rate of 7.8%, and the unemployment rate rose. Another "explanation" is that crime was declining across the U.S. - however, the author shows that NYC represented about 80% of that national decline. Thus, Silverman is convinced that improved management is the key factor in NYC's improvement - the essential ingredient being that management no longer tacitly accepted an ever-growing crime rate, and now believes crime can be fought and beaten back.

Chief Bratton, the individual most credited with the improvements, began office benefiting from 3,500 (of an eventual 6,000) new cops already on the street courtesy of his predecessor's efforts. His first month brought the replacement of 7 top-ranking officers, and the first year led to replacing over two-thirds of 76 precinct commanders. Everyone at the top now bought into the possibility of double-digit crime reduction.

Follow-up on gun seizures became an early priority. Those arrested with weapons were aggressively questioned regarding the source of the weapons, and the sources (and their sources) also pursued. A second priority was locating and returning truants to school - reducing their contribution to crime. A third was reporting major crimes on a weekly basis (had taken 3-6 months), using mapping and showing trends, and identifying areas with greatest and least improvement. Day of the week, time of day, and arrests/individual (named) officers) were also reported.

Probably the biggest contributor, however, was Comstat - weekly meetings between precinct commanders and top brass where detailed and challenging questions were posed regarding the latest results; minutes were also taken, and followed up.

Compstat also facilitated gathering criminal activity data for nuisance complaints - allowing closing down eg. drug and prostitution locations, instead of just periodic sweeps and arrests. "Johns" began having their cars seized, reducing the demand for prostitution as well. Bar owners were "persuaded" to stop underage drinking (police showed them how to detect fake IDs), reducing loud outside crowds and neighborhood drag-racing. Cars playing loud music were confiscated, aided by the Dept. of Environment Protection's measuring sound levels.

Nuisance Abatement Laws were a particularly effective deterrent because advance notice was not required for temporary (up to one year) closing orders and $1,000/day public nuisance fines. Fire, health, and occupancy codes were also used as crime-reduction tools. (Store and apartment closings served to also reduce any perception that the NYPD was "on the take.")

Eventually Compstat was also used to focus on reducing drug dealing - the origin of numerous habit-supporting crimes. Cooperation and delegation among police and between other agencies also improved via Compstat.

Bottom Line: Silverman presents a solid case that replacing old thinking (eg. fast police response, and "time-in-grade" were key to crime control and promotion) with the new action-based approach brought about NYC's 50+% crime reduction.

NYPD Battles Crime recognizes that by admitting things are not "all right", that there are problems waiting for solution, we can move onto what may be reasonable and realistic remedies to the crisis at hand. "It was hard to argue that averting crime, even nuisance crime or incivility, before it erupts is better than reacting to ongoing, more violent criminal activity." Pp 79-80.

The three main objectives for an Intelligence Led campaign in law enforcement where a serious or increasing degree of criminal threat is perceived, which is what Compstat is really all about are as follows.

Government officials must begin by eliminating perceived injustices. Previously, and even more so today, the inequalities of cultures must be studied, and understood within the context of the indigenous perspective i.e., avoid mirror imaging. It is vital that western democratic policymakers have adequate intelligence so as not to underestimate security challenges. The disparity between Western material and technological advantages with those of opposing cultures defines the crises.

"The NYPD and organizations emulating its successes are undergoing a revolutionary change - a new way of relating to their environment." P 186.

Law Enforcement Intelligence must also focus on the emerging domestic threat generated, and propelled by the multicultural mentality that renders logical decisions impossible. This particular `group-think' mentality espouses inexplicable virtue on non-Western societies whom proudly profess a real threat. It is the essence for fostering unconventional warfare, terrorism, and globally organized crime.

Prior to Compstat ..."An assemblage of field soldiers and officers, as in the first act of Aida, would deliver on the top command's promise to dramatically reduce crime. But the stumbling of previous reform administrations on a stage replete with bureaucratic land mines and social `snafus' had shown the need for more deftness and sophistication in reconfiguring the NYPD bureaucracy." P 82.

Almost simultaneously, the government must obtain support of the local citizenry, separating the criminal threat from the general population, as much as possible, both physically and psychologically.

Strategic policy should consider when implementing a counterinsurgency campaign against criminality and incivility that personnel develop a sincere empathy for the public they serve. When forces are scattered among, and living with, the population, they need not be told any longer that they have to win their support. Being more vulnerable, they realize instinctively that their own safety depends on good relations with the local people. Civil, respectful behavior will come about naturally on their part.

Finally, law enforcement must develop the necessary intelligence to establish a policy whereby future criminality will not threaten the newly established civility. There are plausible reasons to believe that the majority of citizens support or are at least sympathetic to the counterinsurgent forces. However, the residents in a high crime/combat area usually avoid contact with them. The barrier between the lawful citizen and the counterinsurgent must be broken. Fostering a sense of self-preservation should dissolve the separation between the counterinsurgent and law abiding citizen. Too often residents fear reprisals from the criminal element and with good reason doubt there is adequate defense from counterinsurgent forces. Only when the tables are turned; when the counterinsurgents hold the upper hand on controlling violence, and only after the local resident has been adequately enabled to control his own safety will there be open communication between the counterinsurgents and citizens.

This work with its historical depiction of how Compstat was developed is very helpful in studying and understanding Intelligence Led Policing.

Dr. Silverman's book is an excellent description of the organizational change process orchestrated by the NYPD. Unfortunately, he failed to grasp the old saying that if something is too good to be true, it probably isn't true. The amount of crime and number of murders did drop substantially in New York as Silverman attests. What he fails to mention is that crime in Los Angeles, Boston, and San Francisco (to name a few cities) experienced nearly identical drops in crime during the same time frame and they did not implement NYPD's innovations. The NYPD was merely the beneficiaries of a trend (which actually started in 1991--before the innovations were implemented), rather than the trend's architect. Sometimes it is better to be lucky than to be good.

Mr. Silverman does a wonderful job here. The author makes a very complicated subject easy to understand and read. Silverman brings you right into the workings of the NYPD. The breakdown of the strategies that the NYPD implemented to combat crime was remarkable. Silverman explains Compstat so that the reader can fully understand its meaning and usefulness. This book was not written just for the police world but, for the communities that they serve. If you want to see how the real boys in blue catch the bad guys this book is a must.

I envy the students of Law, Criminal Justice etc. who will be using Dr. Silverman's book as a text book. It is a very well written, exciting account of how the largest police departement in the world used enlightened management techiques and a sophisticated computer system to drastically reduce crime in New York City. Business students and corporate managers can benefit from reading the book as well.The Deming-like management techniques used by the NYPD would benefit any organization.This book is for anyone who wants to be well informed.

I love books like this, which take a different approach to teaching. They begin not by going through, chapter-by-chapter, each individual building block of a network, but by showing you just how horribly wrong you may have been in your thinking all along. Then, they basically say, "Do we have your attention now? Good. Now we'll show you how to mitigate these risks." In my opinion, that's the ONLY way to teach a computer geek, since many are quite set in their ways.

In my opinion, this is THE best book I have ever read (and I have read a few) on security in a Windows network. It is very well written; unlike a standard security book that simply has configuration guides and checklists. These guys are not only security gurus, they are very good authors who know how to write. They not only offer explanations on various security best practices, but they also dispel many myths about Windows security "recommendations" by so-called experts. The book has a definite Microsoft bias (as it's title would suggest), but I found very little that I would disagree with. As a long time Windows Administrator (MCP NT4, MCSA 2000/2003 and CompTIA Security+ certified) and also being a security minded individual (though not a security specialist)I highly recommend this book.

Great people these two authors and very charismatic. If you happened to visit one of the IT forums or speeches you'll know what I mean.

Really a great book with a logical processing of different topics. One of the great things is that they create awareness by giving everyday examples of hacking attempts and how to take the right precautions. Things you'll recognize in your daily work. It's easy to read and while the book is a couple of years old, the practical site of it hasn't changed a lot. I hope they update this with Vista and Server 2008 in mind. So certainly worth buying!

Rob Faber [CISSP, CEH, MCSE]
The Netherlands

The simple truth is that if you're directly responsible for the health of a Windows network, you need to read this book. It contains a wide enough breadth to be applicable to all Windows administrators running a variety OS and application levels, while still managing the depth required to be truly informative and serve as a good everyday reference. It provides an incredible amount of detailed theory and hands-on practical advice that will give you the background information, tools and motivation to improve your defenses and keep hackers away from your data.

Those directly responsible for securing the network should read this book through and then read it again, perhaps discussing it with a peer. There's a lot of information to unpack, so a critical study of how to contextualize the recommendations to your environment would benefit from a team of individuals dedicated to understanding and carrying-out the guidelines that are given. In contrast, high-level managers and decision makers who have a more hands-off role would be well served by taking a half an hour to read the first two chapters, giving them a sobering first-hand account of the ease with which a knowledgeable attacker can subvert an entire domain. It will be 30 minutes well spent! A final group, the technically-savvy supervisors who don't actually implement (but monitor those who do), should quickly read the entire volume and hold their employees accountable for upholding at least the principles, if not the specific practices, mentioned throughout. All three groups should read it with the goal of acquiring a security mindset, filtering all their projects and goals through the "lens" created as a result of the truths learned from this pair of gurus. It is the unique combination of sufficient depth with comprehensive breadth that gives this book the edge over most recent Windows security titles from other authors. If you have to pick just one printed manual to take with you into battle, this should be your weapon of choice. I heartily recommend it as a great read for now, and as an investment for your go-to shelf later on.

Jesper and Steve begin the journey with the same eye-opening SQL injection attack you may have seen in one of the talks they present around the globe in their roles as security experts for Microsoft (Jesper has since changed employers). They exploit a poorly-written web application by feeding SQL code directly through the web form, eventually compromising the entire network, even though it's fully-patched and even somewhat hardened. They describe the intricacies of the attack from beginning to end, laying the groundwork for the defense techniques described in the remaining chapters. After taking over their victim network, they round out the section on fundamentals with a chapter on patch management. This was the low point of the book and, in my opinion, it glosses over the realities of just how time-consuming and complex change management and regression testing can be in a heterogeneous environment. Don't get discouraged by this chapter; slog through it and enjoy the informative--yet surprisingly fun--chapters that follow.

Having established the basics, more groundwork is laid with above average, but not spectacular, sections on administrative policies and physical security. These are the most "CISSP-ish" pages of the whole book and should look very familiar to members of the (ISC)^2. While the advice in these early chapters will stand the test of time, there's not much in here that won't already be a part of your daily arsenal. If you haven't figured out such basics as having a written security policy and that users will always choose convenience over security, then study this section hard. For the rest of us, you will find yourself saying "Amen" a lot as you review these four well-written and comprehensive middle chapters. The real epiphany comes at the end of Chapter 7 when they declare that the days of having a notion of a "perimeter" are over. If you haven't realized by now how incredibly porous your network is, this book should help bring you back to reality.

With the first half of the book used as an appetizer, the authors start serving the main course of practical, detailed advice about how to protect every aspect of your clients, servers and network infrastructure. Their incredible insight into password theory and how exactly a real password attack would work is so refreshing--these guys are experts, and it's demonstrated most profoundly in their chapter-long advice on the subject. Here and throughout the book they constantly bring you back to reality by refuting myths common in "security theater" and give you the best advice, with enough background to understand why it works. One particularly sobering moment was the sweeping dismissal of biometric authentication because of the myriad (often foolishly simple) flaws that can defeat even über-expensive fingerprint readers, retina scanners, etc. In the next two hundred or so pages the give you just enough instruction about IPSec, 802.1X, two-factor authentication and server/client hardening to help you understand the critical pieces of theory and find the detailed implementation instructions for yourself. You'll feel like you finally know the reasons to do all these things instead of just getting a litany of the individual steps to implement a particular setting or policy. Microsoft has published a lot of dry technical guides on every registry setting and tweak imaginable; these guys tell you the background information of why any of this stuff matters and they do it in a winsome, often satirical way that makes you want to keep reading.

The key concepts I took from reading this book were: a healthy skepticism about merely doing tweaks or checklists that have an air of sophistication but don't actually improve security; a sense of empowerment about how to untangle my network from a web of dependencies caused by shared service accounts (they even provide a handy utility to make their advice doable); and renewed sense of encouragement that least-privilege is actually obtainable. They end each chapter with an immediate call-to-action that addresses the most important steps you can take to do the most good quickly. If you can force yourself to do these challenging tasks for every area they address, you'll be well on the road to a more secure installation.

The problem with some computer security books is that they are nothing more than pages of checklists with myriad dos and don'ts. But after all the checklists have been dutifully completed, readers still don't understand the underlying concept of how to secure a computer. Within a short time, their computers and networks are insecure, and they are back where they began, as fodder for hackers.

The distinctive nature of Protect Your Windows Network : From Perimeter to Data is that it suggests ways to secure your Windows workstation and network, but it also takes a much broader approach to security and shows you how to address the issue of securing systems as a whole. This panoptic approach to securing systems is quite refreshing, and it makes the book a fascinating read.

The theme of the book is that there are three elements of a successful security program: people, processes, and technology. In 17 chapters covering the gamut of security from server hardening to password protection, the book details how to use these people, processes, and technology to ensure that Windows networks stay secure.

Early chapters deal with the basics of how attacks work and show the reader how they progress from low-level social engineering to the code manipulation that leads to the exploitation of software and vulnerabilities.

The book is filled with easy-to-understand practical and tactical solutions that can be implemented by everyone from nontechnical end users to system administrators, helping them to ensure that their Windows-based network is as secure as possible. Even at 550 densely packed pages, the book is quite readable.

First the good. The book's main point is that broad broad diversification is the best way to invest. Broad enough to include small cap foreign passive investments, along with a bunch of domestic passive equity investments.

The trouble is that one gets the sense that only Mr. Buffet has ever made money buying individual stocks. Apparently everyone else has failed. This book seems to cherry pick studies to make its point, but in the end it contradicts itself. One of the main reasons the author provides for the fact you will not make money buying individual stocks is the you are fighting an efficient stock market. Apparently if you believe you think a stock is priced too low, the efficient stock market proves you wrong. Everyone else has voted with their money as to the price of the stock...and therefore you will lose.

In making this point the author overlooks the points he makes in the latter part of the book that contradict his earlier "efficient market" theory. He talks about the herd mentality of the market, which makes the herd head in the wrong direction. Well, I guess the market is not so efficient after all. Everyday we see the market overreact to good news and bad news, causing wild swings in stock. If a stock is worth $48 one day, and $31 dollars the next day, then climbs back to $43 dollars...then the market is not so efficient.

Recently we've seen Apple fall from $190 to $120 and climb back to $150 in the span of 4 or 5 weeks. To me this means the market is not efficient. Yet that is one of the central contentions of the book.

I think you can ignore the gloom and doom about investing in individual stocks...as it is based on a mixture of good points intertwined with drivel. But the authors advice concerning the strength of index funds and diversification is very sound. So if you only get that point from the book, than the author has done well.

Larry's books are about "passive" investing, which if you are going to put your life savings to work is the ONLY way to do it. The biggest benefits of passive investing is the reduction of volatility and increased non-correlated diversification. It also removes the "noise" of the Wall Street hawkers.

Larry has strong feelings about his subject, so if you're not doing his way, he will tell you about the "loser's game" you're playing. Hopefully you'll get it.

More people should tune in passive investing.

Excellent book on the unpredictability of investments and investors.

It essentially says investing in individual stocks is speculating (gambling), not investing. Over the long haul, individual investors (event the top fund managers) don't beat the overall market.

Invest in the S&P 500 or other major index and you will build a fine nest egg for retirement, according to the book.

This is not a book for someone who wants to double their money in 2 years. It is for the person who wants to turn $100,000 into $800,000 in 21 years (assuming 7% returns that double your money every seven years). Not a bad end for an extremely diversified and responsible investment plan.

So if you are 44 years old, and you have $200,000 to invest, you could safely build it to $1.6 million when you turn 65, if this book is correct. I think it is.

I am a big fan of Larry Swedroe's writings - his books, his posts on the Vanguard Diehards Forum, his articles. I've read all of his books, and I have to rate this as his best book.

He distills and presents a lot of Finance research in this book in a very very readable form. The advice in this book is timeless. Among many other things, this book has the best discussion of the equity value premium.

For around 10 bucks, the price of 2 (maybe three lattes), the average (even advanced) investor can get an education that will serve him/her well for the rest of their investing lifetime.

Looking forward to Larry's next book.

I was very impressed with this book and give it an A. Swedroe's investment advice is excellent and the writing style is very easy and fun to read.

I read all 4 of Larry Swedroe's stock investing books in the last few weeks, and although they are excellent books and I agree with most of his recommendations, he tends to re-use the same information in each book. To keep this book straight in my mind, compared with the other 3 books, this review is structured along his Outline of the book.

Truth 1: Active Investing Is a Loser's Game: It Must Be So

Larry lays out the case why active investing always loses to passive investing.

Truth 2: The Past Performance of an Actively Managed Fund Is a Very Poor Predictor of Its Future Performance

He does a good job of citing many studies demonstrating that past performance is not a good predictor of future performance.

Truth 3: If Skilled Professionals Don't Succeed, It Is Unlikely That Individual Investors Will
Truth 4: The Interests of Wall Street and the Financial Media Are Not Aligned with Those of Investors

He points out why passive investing is not promoted by Wall Street and the financial media.

Truth 5: Risk and Reward Are Related: Great Companies Provide Low Expected Returns
Truth 6: The Price You Pay Matters
Truth 7: The Most Likely Way to Achieve Above Average Returns Is to Stop Trying to Beat the Market
Truth 8: Buying Individual Stocks and Sector Funds Is Speculating, Not Investing
Truth 9: Reversion to the Mean of Earnings Growth Rates Is One of the Most Powerful Forces in the Universe
Truth 10: The Forecasts of Market Strategists and Analysts Have No Value, Except as Entertainment
Truth 11: Taxes Are Often the Largest Expense Investors Incur
Truth 12: Knowledge of Financial History Is Critical to Successful Investing
Truth 13: Adding International Assets to a Portfolio Reduces Risk

Although I agree with the author's claim that foreign stocks help reduce portfolio risk, I do have trouble believing or following his recommendation of 20 to 40% asset allocation in foreign stocks. I feel more comfortable with a 10 to 20% allocation to foreign stocks.

Truth 14: There Is No One Right Portfolio, but There Is One That Is Right for You

He points out that investing is not an exact science, and the optimum portfolio is difficult to achieve. Each person must get comfortable with the risks and complexity of their allocations. He also gives a convincing argument for skipping mid-cap stocks in favor of only small and large cap stocks.


Conclusion
A: The Enron. Debacle: Lessons to Be Learned

It was interesting to see how some of the supposedly smartest brains in the investing world loaded up on Enron stock, including the Janus funds.

Appendix B: More Investment Truths You. Must Know to Be a Successful Investor
Appendix C: Investment Vehicle Recommendations

Great list of investment choices to implement you asset allocation plan.

D: The Home Financing Decision:To Borrow or Not


Nice analysis of an issue than many investors struggle with. He combines a nice financial analysis with the "able to sleep at night" test.



All-in-all, a great book for serious investors who manage their own portfolios. To me, his four books are very similar. If you choose one of the four books to read, I think you will get 90% of his message versus spending the time to read all 4 books.

I would suggest companion books to supplement this book including The Richest Man in Babylon, Bogle on Mutual Funds, The Millionaire Next Door, The 4 Pillars of Investing, A Random Walk Down Wall Street, Index Mutual Funds: How to Simplify Your Life and Beat the Pros, the Coffeehouse Investor, and the Bogleheads Guide to Investing.