Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Fundamentals of Network Security", John E. Canavan

Expand Messages
  • Rob Slade grandpa of Ryan Trevor Pride &
    BKFNNTSC.RVW 20010512 Fundamentals of Network Security , John E. Canavan, 2001, 1-58053-176-8, U$69.00 %A John E. Canavan canavan@well.com
    Message 1 of 1 , Jun 25, 2001
      BKFNNTSC.RVW 20010512

      "Fundamentals of Network Security", John E. Canavan, 2001,
      1-58053-176-8, U$69.00
      %A John E. Canavan canavan@... jcnv@...
      %C 685 Canton St., Norwood, MA 02062
      %D 2001
      %G 1-58053-176-8
      %I Artech House/Horizon
      %O U$69.00 617-769-9750 fax: 617-769-6334 artech@...
      %P 319 p.
      %T "Fundamentals of Network Security"

      This commonplace guide to security can provide the newcomer with some
      basic information. However, it also contains some rather large gaps,
      and not a little misinformation.

      Chapter one outlines the usual reasons why we need security, and it
      also provides some basic security terms and concepts. Most of the
      material is reasonable, but some is not quite standard. A number of
      different threats are outlined in chapter two. However, errors are
      rife in this material, although most are fairly minor. Of the
      fourteen mailing lists it is suggested readers might find useful, at
      least three have been dead for over a year; at least two of those for
      more than three. The overview of cryptology, in chapter three, is at
      a very high level, with limited discussion of key management, and
      almost none dealing with strength and key length. Chapter four starts
      out very badly, by stating that Kerberos uses both symmetric and
      asymmetric cryptography. (It doesn't: despite proposals for public
      key extensions, Kerberos itself uses a very elegant system of purely
      private key encryption to avoid sending passwords and keys in clear
      text at any time. Such a basic misunderstanding taints everything
      else in the chapter.) World Wide Web encryption is supposed to be the
      topic of chapter five. However, after a very terse outline of SSL
      (Secure Sockets Layer) and SHTTP (Secure HyperText Transfer Protocol),
      and a tiny bit of the missing discussion of key length, we get pages
      of screen shots of browser certificates, which are almost meaningless
      without the background review. There is also a tiny overview of
      Authenticode, with no mention of its flaws. Chapter six presents
      something of a grab bag of email related topics, mentioning encryption
      systems, spam, identity problems, privacy of employee email, and even
      auto-responders. With the addition of more screen shots a number of
      pages are taken up with little information imparted.

      Most of chapter seven concentrates on access control and passwords.
      The material is reasonable, if not deep, but could be better
      organized. So too with the suggested policies for network management
      in chapter eight, although the author does seem to think that one set
      of recommendations can fit all LANs. Chapter nine's look at network
      media does not really deal with security at all, unless you count the
      somewhat problematic opinions regarding the relative difficulty of
      tapping. There really isn't much discussion of routers and SNMP
      (Simple Network Management Protocol) in chapter ten: it concentrates
      on a few proprietary products.

      Chapter eleven mentions a number of VPN (Virtual Private Network)
      related protocols, but gives neither details for assessment nor
      conceptual discussions for determining relative usage. There is a
      decent overview of basic firewall terms, with some areas of confusion,
      in chapter twelve. Chapter thirteen has a basic outline of biometric
      concerns, but no details of the technologies. The review of security
      policy development in chapter fourteen is pedestrian. Chapter
      fifteen, entitled "Auditing, Monitoring, and Intrusion Detection," is
      oddly confused since the author makes no distinction between outside
      audits, and the ongoing auditing of materials that result from regular
      monitoring. There is unimaginative advice on disaster recovery in
      chapter sixteen. "Cookies, Cache, and AutoComplete" is a strange add-
      on: yes, there are security risks associated with these functions, but
      they are hardly fundamental to network security.

      In the introduction, while stating that this book is intended for
      beginners to computer security, the author disclaims the title of
      computer security expert, and, in fact, asserts that many who do
      profess ace status may not have as much right as they maintain. I can
      greatly sympathize with this sentiment. However, simply by writing a
      book, Canavan implicitly professes some mastery of the subject, and
      the mere abdication of the rank does not relieve him of the
      responsibility for his mistakes. There are a number of other texts
      with better coverage, greater readability, superior accuracy, and less
      wasted space.

      copyright Robert M. Slade, 2001 BKFNNTSC.RVW 20010512

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Freebie Mags: http://sun.soci.niu.edu/~rslade/magazine.htm
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.