Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "White Hat Security Arsenal", Aviel D. Rubin

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKWHTHSA.RVW 20010814 White Hat Security Arsenal , Aviel D. Rubin, 2001, 0-201-71114-1, U$44.99/C$67.50 %A Aviel D. Rubin rubin@research.att.com %C P.O.
    Message 1 of 1 , Nov 19, 2001
      BKWHTHSA.RVW 20010814

      "White Hat Security Arsenal", Aviel D. Rubin, 2001, 0-201-71114-1,
      %A Aviel D. Rubin rubin@...
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 2001
      %G 0-201-71114-1
      %I Addison-Wesley Publishing Co.
      %O U$44.99/C$67.50 416-447-5101 fax: 416-443-0948 bkexpress@...
      %P 330 p.
      %T "White Hat Security Arsenal: Tackling the Threats"

      The distinctive of this book is that it approaches security as a
      series of specific problems or concerns. The non-distinctive, if you
      will, is that it attempts to address all audience levels; users, IT
      professionals, academics, and administrators. A series of icons
      identifies, at the beginning of each chapter and at particular
      sections of the text, who should read the various segments of the

      Part one examines the size and scope of the security issue. Chapter
      one starts out with perhaps our biggest problem, as security people:
      the insistence on secrecy by companies who get hit, and the fact that
      this obstinate refusal to discuss the facts makes our job, in
      protecting institutions, that much harder. A brief look at what may
      be at risk from security problems is given in chapter two. Recent
      email viruses are reviewed in chapter three, but they get an
      interesting treatment. The material, while technically sound,
      concentrates on the general security attitudes and lessons to be
      learned, as they apply to computer use in general.

      Part two looks at information storage. Chapter four's problem is to
      ensure that information is kept private if an attacker gets hold of
      your machine, and Rubin gives a good introduction to symmetric
      encryption and provides tips on passwords. If you are concerned about
      storage at remote sites over an insecure network, chapter five touches
      on passwords again, and asymmetric encryption. Chapter six is
      supposed to deal with securing backups, but seems to get a bit
      confused, although it does provide some good tips, as well as an
      overview of some online backup services.

      Part three considers the problems of data transfers over an insecure
      net. Chapter seven introduces authentication and some of the problems
      of public key management. Session keys and key exchange are examined
      in chapter eight: it has an academic icon at the top of the chapter,
      and non-specialist users might get a bit confused here. The aspects
      of virtual private networks are reviewed in chapter nine, and the book
      begins moving towards the usual technology oriented model.

      Part four looks at network threats. Chapter ten explains firewalls
      while eleven discusses a variety of network based attacks.

      Part five doesn't really have a central theme. The title of chapter
      twelve is "Protecting E-Commerce Transactions," but most of the text
      deals with the Secure Sockets Layer for Web browsers. Privacy, in
      email and Web browsing, is discussed in chapter thirteen, but many
      areas are left unexplored.

      For managers and users who are not specialists in computer and
      communications security, this book provides a readable and accurate
      introduction to a number of important topics. There are,
      unfortunately, a number of gaps in terms of the total security
      picture, but that is probably to be expected when taking the problem
      oriented approach. Rubin does not talk down to the audience and does
      not oversimplify, and this work therefore is superior to a number of
      the introductory books on the market.

      copyright Robert M. Slade, 2001 BKWHTHSA.RVW 20010814

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      I'm out of my mind just now, but if you'd care to leave a message...
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.