Have You Locked the Castle Gate? Home and Small Business Security
by Brian Shea
Addison-Wesley 2002
193 pages. Index, bibliography, 2 appendices (resources, glossary). ISBN 0-201-71955-X $19.99

Reviewed by  Robert Bruen   July 15, 2002 

It is easy to forget about newcomers to security when one spends so much time involved in the heavy issues. The "newbies" can be a bit annoying because they need to have the most basic details explained to them. Who wants to take the time to explain definitions and concepts that just seem obvious after years of working around security professionals? Most security books do not focus on the newcomers, since there are too many important issues and difficult concepts to work on. Now there is a book that you can give the newbie who wants to know the secrets of security. It is not about hacking 101, rather it it is about security ideas such as planning, assessing risk and valuing assets.

The book is short, therefore does not go into the gory details of each concepts, but that does not mean that important ideas are treated lightly. I feel that they are treated appropriately for the first timers. The main focus is Microsoft security, which for some of us is an oxymoron, but since there are so many desktops with MS sitting on them, it makes for a reasonable place to start. The author has an unusual, although not unheard of, approach to explaining security. He has created a homestead with a family and a village to illustrate the general concepts, such as fences and locks on the door. The home itself is the starting point in the first chapter, but the it expands over the course of the book to a village. The home needs a little fence to keep the foxes out if the chicken coop, but later the village needs to worry about attacking armies. Fortunately, the homestead story is kept to the right size throughout the book, making sure that story does not take over and push security into the background.

Checklists are scattered throughout the book, along with tables to make life easier for first timers. Each is proceeded by a readable explanation of the topic. Since Shea has aimed the book at Microsoft users, he includes general Windows security tips, but he also covers Windows NT, 2000 and 2000 Server. His explanation of the Registry, while limited, is a good starting place. The hives are illustrated with just a few important keys giving some insight without being overwhelming. There are some helpful that anyone can use for securing a machine using the registry. As we all know, the Registry is the heart of any Microsoft system. Without knowledge of it, security cannot be done properly, no matter that policies are implemented or active scripting is shut off.

A discussion of Web security is as important as a discussion of email security, now that the Web is totally integrated into the lives of most of us. There is a good table for Internet Explorer which shows what happens when the various security levels are selected. It was never a good idea to offer users levels of security, such as high medium and low, with providing clear details of what each level meant. This table shows the reader that MS IE High Security, for example, disables file and font downloads. Microsoft has not made it as clear what the consequence are when each level is selected. It is quite frustrating to select a level, only to discover that some feature you need has been disabled. It is even more frustrating when you do not agree with a particular setting disables a feature that you thought should still be disabled.

Mr. Shea's book, coupled with something like the Happy Hacker by Carol Meinel, might be a good starter set for some interested in Microsoft security. They are fun and inexpensive.