[techbooks] REVIEW: "Internet Security", Tim Meyers/Tom Sheldon/Joel Snyder
- BKINSECR.RVW 981115
"Internet Security", Tim Meyers/Tom Sheldon/Joel Snyder, 1997,
%A Tim Meyers
%A Tom Sheldon
%A Joel Snyder
%C 201 W. 103rd Street, Indianapolis, IN 46290
%I Macmillan Computer Publishing (MCP)
%O U$65.00/C$91.95/UK#61.49 800-858-7674 317-581-3743 info@...
%P 916 p. + CD-ROM
%T "Internet Security: Professional Reference", 2nd ed.
"Internet" and "security" are two items of great interest, so I guess
someone had to write this book. However, I wish it had been someone
willing to put some thought into it. Internet security is a complex
and many-facetted field, and the narrow views presented here don't
come close to doing it justice.
Part one is supposed to be about managing Internet security, but it
mostly contains a grab bag of background information on the net, with
fairly large gaps in the coverage. Chapter one looks at IP addressing
and domains, with a mixed lot of UNIX commands related to the net.
Some daemon processes are listed in chapter two, along with some
discussion of writing your own with shell scripts or Perl, and twenty
pages of program listings. A number of UUCP programs are overviewed
in chapter three. Some UNIX, NT, and DOS auditing programs and
utilities are listed in chapter four.
Part two looks at access security. Sniffing and spoofing are reviewed
in chapter five, but the sections on protection may be less than
helpful. Chapter six is supposed to tell you how to build a firewall.
It does list a large number of UNIX utilities related to the function,
but this might have been more useful if there had first been even the
most token attempt to explain what a firewall was, and the different
types and functions. There is a basic explanation in chapter seven,
but aimed primarily at evaluation of commercial firewall products.
Chapter eight is a very detailed exploration of SATAN (Security
Administrator Tool for Analyzing Networks), covering the basic concept
of looking for your own holes, a number of tools that look for
specific holes, detection tools to note probing attempts, and the
operation of SATAN itself. There is a detailed description of
Kerberos exchange messages in chapter nine.
Part three purports to be about the security of messaging, but seems
to be limited to encryption of content. Chapter ten gives the usual,
banal introduction to encryption, using examples of old, outmoded
substitution ciphers, and never realistically discussing algorithm or
key strength, nor key management. Chapter eleven is a rewrite of the
documentation for PGP (Pretty Good Privacy) 2.6.2.
Part four lumps together four topics under the heading of "modern
concerns." Some Windows NT security features are discussed in chapter
twelve, but not in much detail. (In fact, the chapter is entitled
"Windows NT Internet Security" but doesn't have much to say about the
Internet at all.) Chapter thirteen looks at Java, but the security
content seems to relate strictly to the bytecode verifier and the
applet "sandbox," and doesn't have much detail on those topics. CGI
(Common Gateway Interface) security for Web forms gets a very terse
review in chapter fourteen. After all of the foregoing, I was
pleasantly astounded to find that the virus information, in chapter
fifteen, is quite good. The explanation of how viruses work is
extremely thorough, and the description of the different types of
antiviral software is solid. The recommendations for recovery are not
quite as good (FDISK can create more trouble than the virus you are
trying to get rid of) and the review of Windows NT is rather
There are rather massive holes in the coverage presented in this book.
The heavy UNIX concentration is only one example, but there are whole
subjects not even mentioned. On the other hand, great chunks of the
material contained in these pages have only the most tenuous
connection to either the Internet or security. While there are some
good bits that might justify the purchase of this book for experts, by
no means can it be recommended as a sole source, or even an
copyright Robert M. Slade, 1998 BKINSECR.RVW 981115
rslade@... rslade@... robertslade@... p1@...
Find virus, book info http://victoria.tc.ca/int-grps/techrev/rms.htm
Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm
Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)
eGroup home: http://www.eGroups.com/list/techbooks
Free Web-based e-mail groups by eGroups.com