Alexander Clouter <alex@digriz.org.uk> wrote:
The content is generally rather good, and aside from a few typos, the book is let only on some relatively *minor* points:
[snipped]
* unfortunately short EAP section, ignoring session resumption and why particular EAP methods meet particular needs * EAP tests done with JRadius and not eapol_test
Okay, I only had gotten to page 200 of 300, a smidgin before the EAP section. The details regarding the particulars of the EAP methods are covered (although session resumption unfortunately is not) and a footnote exists for eapol_test...but I do think a configuration example for eapol_test is far better (especially as it is just wpasupplicant along with all it's documentation; trivial to then use the same config in wpasupplicant). One thing that is a shame is the EAP/(T)TLS/PEAP bits make no mention of certificate *subject* validation...only CA pinning which is a shame. One without the other is generally pointless, you might as well not bother at all :(
The price is reasonable, and if you are a complete newbie, it will get you on your feet. The book definitely does what it says on the tin and I would give it a 7 out of 10...
I'll bump it up to an 8, as the proxying section is rather nice and clear... :) Cheers -- Alexander Clouter .sigmonster says: buzzword, n: The fly in the ointment of computer literacy.