By James Mohr
Overall, I found IT Auditing: Using Controls to Protect Information Assets to be fairly useful and easy to read. The book not only provides a nice introduction to the concepts of IT auditing but also provides a lot of how-to information.
The first section provides an introduction to what auditing is all about and some good information on the process of conducting audits. Each chapter in the following section begins with an introduction to the topic, like Auditing Techniques, followed by so-called "test steps" that show how to perform that particular step in an audit. Entire chapters specifically target Linux/Unix as well as Windows, and other chapters have specific information about other things like switches and routers. I found that even the Windows-specific material is useful to a Linux admin. The last section introduces various standards and regulations related to auditing.
Unfortunately, this book also deserves a few dings. The first issue is the erratic level of the information, and although parts of the book have a lot of detail, I would not call it "in-depth" as the cover says. It was obvious to me that there were three authors - terminology, organization, and level of detail varied greatly, and this variability was an annoyance. In some cases, you are given a command line with an explanation of what it does and details about how to evaluate the output, but in other cases, a sample command line is provided with no explanation or a command line is not even offered.
The inconsistency made it unclear who the intended audience is. I can accept an explanation of some of the command lines, but explaining how the cd command behaves, how Linux/Unix file permissions work, or what pwd is was simply out of place in a book of this kind. I would not trust the results of an audit performed by someone whose only knowledge of Linux file permissions is this book.
If you need a single-source introduction to IT auditing, this book is worth a look. However, if you need a lot of the technical details, you will probably find this title lacking in many areas.
Chris Davis, Mike Schiller, and Keven Wheeler
Paperback,
387 pages
McGraw-Hill, 2006
ISBN: 0-07-226343-1
£ 37.99, US$ 59.99, EUR 51.90
Perhaps it would have been better to have called this Compiling a Linux Kernel in a Nutshell because this book does not really tell you much about the Linux kernel. Instead, it gives you the basic information needed to modify, compile, and install a new kernel.
The author first covers the pieces necessary to perform a kernel rebuild, such as the software, obtaining a copy of the kernel source code, the steps of configuring and compiling the kernel, patching the kernel, and so forth. He covers aspects of installing the kernel as well.
The second part covers customizing your kernel and topics like removing drivers or compiling them directly into the kernel, as opposed to configuring them as kernel modules. Another chapter provides a number of "recipes" listing some of the common changes people make to their kernels.
The last part offers a reference that covers the rebuild process and configuration options, as well as the various boot options. I found a lot of places in this section in which I felt the author made incorrect assumptions about what the reader knows (or should know). Furthermore, by pure coincidence, I actually had to rebuild a new kernel for the first time in years while I was reviewing this book. Although the rebuilt kernel booted successfully, it did not do what I expected, and I looked to this book for guidance. This search demonstrated to me a lack of any real troubleshooting information. If you are fairly experienced with rebuilding kernels and need a quick reference, then this book is a good resource. However, if you have only a few rebuilds under your belt, you might be disappointed with it.
Greg Kroah-Hartman
Paperback,
182 pages
O'Reilly, 2006
ISBN: 0-596-10079-5
£ 24.99, US$ 34.99, EUR 29.95
Whether you are trying to sell goods for a living or simply provide information for free, this is a book you'll want to have on hand when designing your site.
The first part provides the background or "foundation" of good website design and covers what to do, what not to do, and why. The second part, representing the bulk of the book, looks at "patterns" appearing on websites. This could be something like the actual layout, but also patterns in functionality. These patterns, in turn, can be functionality that the user sees as well as what goes on behind the scenes.
Patterns are first grouped together into "pattern groups," which start with site genres and then move to navigation, content management, and other areas and are grouped under headings like "Building Trust and Credibility" and "Helping Customers Complete Tasks." These groups are then broken down further into individual patterns. For example, when talking about organization, hierarchical organization, task-based organization, chronological organization, and so forth are discussed. The groups and then the individual patterns are numbered and color coded so the authors can later refer back to that pattern name and its number (i.e., K5). The outside edges of the pages are also color coded so you can easily jump to the right section of the book. The pattern number appears at the top of each page, which makes finding the right pattern even easier.
The content of each pattern also has consistent organization and a consistent level of detail. First, you are presented with the topic and the "problem" that this issue represents. Then a discussion of what can influence this particular aspect (the forces) is followed by a solution. Because multiple solutions or specific interactions are often possible on your site, a block at the end points toward other, related patterns.
The book emphasizes a customer-oriented, not user-oriented, approach, even for sites that do not sell products. The authors also address topics missing from other books, like security (e.g., preventing phishing) and accessibility (e.g., choosing colors for people with perception problems). Finally, the book is full of examples and screenshots. The only bad thing I found is my lack of time to implement all of the changes I now want to make on my own site.
Douglas K. Van Duyne, James A. Landay, and Jason I. Hong
Paperback,
981 pages
Prentice Hall, 2006
ISBN: 0-13-134555-9
£ 42.52, US$ 59.99, EUR 56.95