Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Minoli-Cordovana's Authoritative Computer and Network Security Dictionary", Daniel Minoli/James Cordovana

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKMCACNS.RVW 20070102 Minoli-Cordovana s Authoritative Computer and Network Security Dictionary , Daniel Minoli/James Cordovana, 2006, 0-471-78263-7 %A
    Message 1 of 1 , Feb 12, 2007
    • 0 Attachment
      BKMCACNS.RVW 20070102

      "Minoli-Cordovana's Authoritative Computer and Network Security
      Dictionary", Daniel Minoli/James Cordovana, 2006, 0-471-78263-7
      %A Daniel Minoli
      %A James Cordovana
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2006
      %G 0-471-78263-7
      %I John Wiley & Sons, Inc.
      %O 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/0471782637/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0471782637/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0471782637/robsladesin03-20
      %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
      %P 443 p.
      %T "Minoli-Cordovana's Authoritative Computer and Network Security
      Dictionary"

      I find that, again, I need to declare the possibility of bias or
      conflict in this review. Not only have I published a security
      dictionary of my own, but my work was also intended, as the authors
      announce in their preface, to be not simply a list of terms, but a set
      of practical definitions, and even a commentary on the security field.

      While my dictionary addresses only security, Minoli and Cordovana have
      included computer and network in the title (and later mention that
      they are including financial terms). However, the preface also makes
      clear that security is the major thrust of the glossary: the first
      two-thirds of the introduction basically preaches security, and the
      remaining material even mentions a superior telecommunications
      dictionary.

      Therefore, it comes as a bit of a surprise that the first term that
      has any direct connection to security comes on page four, and even
      then is only the expansion of an acronym. We are on page eight before
      we find the first actual definition that has even a nominal connection
      to security. A random sampling of terms seems to indicate that less
      than 20% of the entries in the work relate to security. (That
      relation holds in terms of number of entries. The actual material
      appertaining to security is proportionately less, since non-security
      entries tend to be longer than those defining security phrases.) A
      surprising number of terms deal with cellular telephone technologies
      and standards, and the promised financial jargon is there in
      abundance. It is, in fact, not always clear (even from the
      definition) from which field a particular term comes. (Generally the
      financial jargon is so identified, but I chased down a particular
      thread through a number of entries, which task was not aided by the
      lack of cross-references between terms, before I finally realized that
      it was not an unusual security phrase, but a minor part of a specific
      cellular telephone service.)

      In regard to the security terms themselves, the value is questionable.
      Like Phoha's "Internet Security Dictionary" (cf. BKINSCDC.RVW) the
      authors have included twelve variations on the access theme, and
      "access control" is only defined in terms of the old confidentiality
      model. There are 28 variants on authentication, 13 on
      vulnerabilities, and 20 on business with only three related to
      security. Five "attacks" are listed, none major. There are seven
      entries starting with "trojan": one is a definition, five are possible
      types of trojans, and the last entry lists the previously defined
      types. Eight phrases start with "Computing:" and include items such
      as "Computing: Molecular Computers." Ten entries are components of
      the United States' Communications Assistance for Law Enforcement Act
      [CALEA], which proliferation of American legal entries also points out
      the US-centric nature of the work. There are entries for both "Domain
      Name System" and "Domain Names System." (There is, so help me, a
      definition for "one-time password" and another for "One-Time
      Password.") There are two entries for grid computing, and they
      contradict each other.

      The "authoritative" part of the title seems to be based on the fact
      that the references section lists over 500 articles, Web pages, and
      books. (It's hard to judge what they are, since the list is not in
      author, title, publisher, or even date order.) However, the entries
      sometimes merely conflate material that seems to come from diverse
      sources, without any attempt at analysis or explanation. (The
      definition of "stateful inspection," for example, in one phrase is
      talking about session state, and before the sentence is over has
      switched to content examination.)

      Some of the terms are idiosyncratic or seldom used, and there are
      frequently multiple terms for the same concept. Again, it is not easy
      to assess the amount of duplication that goes on, since there are
      almost no cross-references between terms (and in those few instances
      some of the alternate terms suggested don't actually exist in the
      book). Even where a specfic technology may have major divisions
      related terms aren't noted. (The "firewall" entry, for example,
      doesn't even inventory the four major catgories, and "intrusion
      detection system" lists neither the engine types nor the sensor
      placement architectures.) However, by looking up terms known to be
      related the reader can readily find not only multiple terms for
      similar concepts, but frequently duplicated wording as well (see
      "ankle-biter" and "script-kiddie").

      One of the attacks catalogued, "attack on hash-and-sign signature
      schemes" is much more widely known as the birthday attack, but there
      is no corresponding entry under that term. (There is a definition for
      birthday paradox.) There is an entry for CUT (Coordinated Universal
      Time) but not the more widely used UCT. Some of the phrases used for
      entries mean that people may not find what they are looking for: there
      is "computer bug" but not "bug" (and no mention of implementation
      versus design) as well as "computer evidence" and "computer forensics"
      but not "evidence" or "forensics" (or "digital forensics").
      Cryptanalytic attacks are defined under their own entries, but most
      are also listed (and with more detail) under "Cryptanalysis, " [sic]
      entries (and, again, there are no cross-references between them).

      There is also an entry for "fork bomb" which is said to be equivalent
      to "logic bomb" but is defined more as a processor exhaustion virus or
      worm. "Kleptography" makes reference to "subliminal" and the
      definition of "subliminal channel" gives an example of a covert timing
      channel and then states that this is *not* what a subliminal channel
      is. (Subliminal never is defined except to state that it is an
      undetectable covert channel.)

      Canonicalization defines only one of the many meanings (and that
      possibly the least significant). Only one aspect of "race condition"
      is given. "Digital money" (rather than the more commonly used digital
      cash) has no mention of the requirements or technical challenges.
      Feistel cipher never states the requirement for multiple rounds of
      simple functions or the iterated subdivision of blocks. The
      definition of low-level format does not mention that it operates at
      the physical, rather than logical, stratum (and it states,
      incorrectly, that a low-level format destroys all data on the disk).

      A number of entries are for specific (and often obscure) products and
      little used processes. There are five entries related to
      cryptoviruses, occupying three pages, whereas the definitions for worm
      and virus combined don't exceed three column inches. (Within that
      brief space are at least three factual errors, and there are many
      important factors that are missing. "Vaccine," which term has not
      been seriously used in years and then only for a specific type of
      change detection, is said only to be a program to detect and disable
      viruses.)

      There are a great number of extremely silly typographical errors, such
      as rile instead of role, pc rather than PC, ant-keylogger versus anti-
      keylogger, and competing for computing.

      There are other, and better, communications dictionaries. There are
      other, though older, computer dictionaries. There are other security
      dictionaries, and, even excluding my own, I could not say that this
      glossary has any advantage over them.

      copyright Robert M. Slade, 2006 BKMCACNS.RVW 20070102


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Politicians are the same all over the world, we build bridges
      where there are no rivers. - Nikita Khrushchev
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
      http://victoria.tc.ca/techrev/rms.htm
    Your message has been successfully submitted and would be delivered to recipients shortly.