Loading ...
Sorry, an error occurred while loading the content.
 

[techbooks] REVIEW: "Internet Security", Tim Meyers/Tom Sheldon/Joel Snyder

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKINSECR.RVW 981115 Internet Security , Tim Meyers/Tom Sheldon/Joel Snyder, 1997, 1-56205-760-X, U$65.00/C$91.95/UK#61.49 %A Tim Meyers %A Tom Sheldon
    Message 1 of 1 , Jan 21, 1999
      BKINSECR.RVW 981115

      "Internet Security", Tim Meyers/Tom Sheldon/Joel Snyder, 1997,
      1-56205-760-X, U$65.00/C$91.95/UK#61.49
      %A Tim Meyers
      %A Tom Sheldon
      %A Joel Snyder
      %C 201 W. 103rd Street, Indianapolis, IN 46290
      %D 1997
      %G 1-56205-760-X
      %I Macmillan Computer Publishing (MCP)
      %O U$65.00/C$91.95/UK#61.49 800-858-7674 317-581-3743 info@...
      %P 916 p. + CD-ROM
      %T "Internet Security: Professional Reference", 2nd ed.

      "Internet" and "security" are two items of great interest, so I guess
      someone had to write this book. However, I wish it had been someone
      willing to put some thought into it. Internet security is a complex
      and many-facetted field, and the narrow views presented here don't
      come close to doing it justice.

      Part one is supposed to be about managing Internet security, but it
      mostly contains a grab bag of background information on the net, with
      fairly large gaps in the coverage. Chapter one looks at IP addressing
      and domains, with a mixed lot of UNIX commands related to the net.
      Some daemon processes are listed in chapter two, along with some
      discussion of writing your own with shell scripts or Perl, and twenty
      pages of program listings. A number of UUCP programs are overviewed
      in chapter three. Some UNIX, NT, and DOS auditing programs and
      utilities are listed in chapter four.

      Part two looks at access security. Sniffing and spoofing are reviewed
      in chapter five, but the sections on protection may be less than
      helpful. Chapter six is supposed to tell you how to build a firewall.
      It does list a large number of UNIX utilities related to the function,
      but this might have been more useful if there had first been even the
      most token attempt to explain what a firewall was, and the different
      types and functions. There is a basic explanation in chapter seven,
      but aimed primarily at evaluation of commercial firewall products.
      Chapter eight is a very detailed exploration of SATAN (Security
      Administrator Tool for Analyzing Networks), covering the basic concept
      of looking for your own holes, a number of tools that look for
      specific holes, detection tools to note probing attempts, and the
      operation of SATAN itself. There is a detailed description of
      Kerberos exchange messages in chapter nine.

      Part three purports to be about the security of messaging, but seems
      to be limited to encryption of content. Chapter ten gives the usual,
      banal introduction to encryption, using examples of old, outmoded
      substitution ciphers, and never realistically discussing algorithm or
      key strength, nor key management. Chapter eleven is a rewrite of the
      documentation for PGP (Pretty Good Privacy) 2.6.2.

      Part four lumps together four topics under the heading of "modern
      concerns." Some Windows NT security features are discussed in chapter
      twelve, but not in much detail. (In fact, the chapter is entitled
      "Windows NT Internet Security" but doesn't have much to say about the
      Internet at all.) Chapter thirteen looks at Java, but the security
      content seems to relate strictly to the bytecode verifier and the
      applet "sandbox," and doesn't have much detail on those topics. CGI
      (Common Gateway Interface) security for Web forms gets a very terse
      review in chapter fourteen. After all of the foregoing, I was
      pleasantly astounded to find that the virus information, in chapter
      fifteen, is quite good. The explanation of how viruses work is
      extremely thorough, and the description of the different types of
      antiviral software is solid. The recommendations for recovery are not
      quite as good (FDISK can create more trouble than the virus you are
      trying to get rid of) and the review of Windows NT is rather
      optimistic.

      There are rather massive holes in the coverage presented in this book.
      The heavy UNIX concentration is only one example, but there are whole
      subjects not even mentioned. On the other hand, great chunks of the
      material contained in these pages have only the most tenuous
      connection to either the Internet or security. While there are some
      good bits that might justify the purchase of this book for experts, by
      no means can it be recommended as a sole source, or even an
      introduction.

      copyright Robert M. Slade, 1998 BKINSECR.RVW 981115

      ======================
      rslade@... rslade@... robertslade@... p1@...
      Find virus, book info http://victoria.tc.ca/int-grps/techrev/rms.htm
      Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm
      Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)

      ------------------------------------------------------------------------
      eGroup home: http://www.eGroups.com/list/techbooks
      Free Web-based e-mail groups by eGroups.com
    Your message has been successfully submitted and would be delivered to recipients shortly.