"White Hat Security Arsenal", Aviel D. Rubin, 2001, 0-201-71114-1,
%A Aviel D. Rubin rubin@...
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%I Addison-Wesley Publishing Co.
%O U$44.99/C$67.50 416-447-5101 fax: 416-443-0948 bkexpress@...
%P 330 p.
%T "White Hat Security Arsenal: Tackling the Threats"
The distinctive of this book is that it approaches security as a
series of specific problems or concerns. The non-distinctive, if you
will, is that it attempts to address all audience levels; users, IT
professionals, academics, and administrators. A series of icons
identifies, at the beginning of each chapter and at particular
sections of the text, who should read the various segments of the
Part one examines the size and scope of the security issue. Chapter
one starts out with perhaps our biggest problem, as security people:
the insistence on secrecy by companies who get hit, and the fact that
this obstinate refusal to discuss the facts makes our job, in
protecting institutions, that much harder. A brief look at what may
be at risk from security problems is given in chapter two. Recent
email viruses are reviewed in chapter three, but they get an
interesting treatment. The material, while technically sound,
concentrates on the general security attitudes and lessons to be
learned, as they apply to computer use in general.
Part two looks at information storage. Chapter four's problem is to
ensure that information is kept private if an attacker gets hold of
your machine, and Rubin gives a good introduction to symmetric
encryption and provides tips on passwords. If you are concerned about
storage at remote sites over an insecure network, chapter five touches
on passwords again, and asymmetric encryption. Chapter six is
supposed to deal with securing backups, but seems to get a bit
confused, although it does provide some good tips, as well as an
overview of some online backup services.
Part three considers the problems of data transfers over an insecure
net. Chapter seven introduces authentication and some of the problems
of public key management. Session keys and key exchange are examined
in chapter eight: it has an academic icon at the top of the chapter,
and non-specialist users might get a bit confused here. The aspects
of virtual private networks are reviewed in chapter nine, and the book
begins moving towards the usual technology oriented model.
Part four looks at network threats. Chapter ten explains firewalls
while eleven discusses a variety of network based attacks.
Part five doesn't really have a central theme. The title of chapter
twelve is "Protecting E-Commerce Transactions," but most of the text
deals with the Secure Sockets Layer for Web browsers. Privacy, in
email and Web browsing, is discussed in chapter thirteen, but many
areas are left unexplored.
For managers and users who are not specialists in computer and
communications security, this book provides a readable and accurate
introduction to a number of important topics. There are,
unfortunately, a number of gaps in terms of the total security
picture, but that is probably to be expected when taking the problem
oriented approach. Rubin does not talk down to the audience and does
not oversimplify, and this work therefore is superior to a number of
the introductory books on the market.
copyright Robert M. Slade, 2001 BKWHTHSA.RVW 20010814
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
I'm out of my mind just now, but if you'd care to leave a message...