Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "The dotCrime Manifesto", Phillip Hallam-Baker

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKDCRMNF.RVW 20080317 The dotCrime Manifesto , Phillip Hallam-Baker, 2008, 0-321-50358-9, U$29.99/C$32.99 %A Phillip Hallam-Baker dotcrimemanifesto.com
    Message 1 of 1 , Jul 3 12:06 PM
    • 0 Attachment
      BKDCRMNF.RVW 20080317

      "The dotCrime Manifesto", Phillip Hallam-Baker, 2008, 0-321-50358-9,
      U$29.99/C$32.99
      %A Phillip Hallam-Baker dotcrimemanifesto.com hallam@...
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 2008
      %G 978-0-321-50358-9 0-321-50358-9
      %I Addison-Wesley Publishing Co.
      %O U$29.99/C$32.99 416-447-5101 fax: 416-443-0948 800-822-6339
      %O http://www.amazon.com/exec/obidos/ASIN/0321503589/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0321503589/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0321503589/robsladesin03-20
      %O Audience n+ Tech 2 Writing 2 (see revfaq.htm for explanation)
      %P 415 p.
      %T "The dotCrime Manifesto: How to Stop Internet Crime"

      In the preface, the author notes that network and computer crime is a
      matter of people, not of technology. However, he also notes that
      changes to the network infrastructure, as well as improvements in
      accountability, would assist in reducing user risk on the net.

      Section one enlarges on the theme that people are more important than
      machines or protocols. Chapter one looks at the motive for Internet
      crime (money, just like non-computer crime), and repeats the motifs of
      the preface. The text goes on to list various categories and examples
      of network fraud. The content of chapter two is very interesting, but
      it is hard to find a central thread. Overall it appears to be saying
      that computer criminals are not the masterminds implied by media
      portrayals, but that the problem of malfeasance is growing and needs
      to be seriously addressed. What Hallam-Baker seems to mean by
      "Learning from Mistakes," in chapter three, is that security
      professionals often rely too much on general principles, rather than
      accepting a functional, if imperfect, solution that reduces the
      severity of the problem. Chapter four presents the standard (if
      you'll pardon the expression) discussion of change and the acceptance
      of new technologies. A process for driving change designed to improve
      the Internet infrastructure is proposed in chapter five.

      Section two examines ways to address some of the major network crime
      risks. Chapter six notes the problems with many common means of
      handling spam. SenderID and SPF is promoted in chapter seven (without
      expanding the acronym to Sender Policy Framework anywhere in the book
      that I could find). Phishing, and protection against it, is discussed
      in chapter eight. Chapter nine is supposed to deal with botnets, but
      concentrates on trojans and firewalls (although I was glad to see a
      mention of "reverse firewalls," or egress scanning, which is too often
      neglected).

      Section three details the security tools of cryptography and trust.
      Chapter ten outlines some history and concepts of cryptography.
      Trust, in chapter eleven, is confined to the need for aspects of
      public key infrastructure (PKI).

      Section four presents thoughts on accountability. Secure transport,
      in chapter twelve, starts with thoughts on SSL (Secure Sockets Layer),
      and then moves to more characteristics of certificates and the
      Extended Verification certificates. (The promotion of Verisign,
      infrequent and somewhat amusing in the earlier chapters is, by this
      point in the book, becoming increasingly annoying. The author is also
      starting to make more subjective assertions, such as boosting the
      trusted computing platform initiative.) Domain Keys Identified Mail
      (DKIM) is the major technology promoted in support of secure
      messaging, in chapter thirteen. Chapter fourteen, about secure
      identity, has an analysis of a variety of technologies. (The
      recommendations about technologies are supported even less than
      before, and the work now starts to sound rather doctrinaire.) It may
      seem rather odd to talk about secure names as opposed to identities,
      but Hallam-Baker is dealing with identifiers such as email addresses
      and domain names in chapter fifteen. Chapter sixteen looks at various
      considerations in regard to securing networks, mostly in terms of
      authentication. Random thoughts on operating system, hardware, or
      application security make up chapter seventeen. The author stresses,
      in chapter eighteen, that the law, used in conjunction with security
      technologies, can help in reducing overall threat levels. Chapter
      nineteen finishes off the text with a proposed outline of action that
      recaps the major points.

      Hallam-Baker uses a dry wit well, and to good effect in the book. The
      humour supports and reinforces the points being made. So does his
      extensive and generally reliable knowledge of computer technology and
      history. In certain areas the author is either less knowledgeable or
      careless in his wording, and, unfortunately, the effect is to lessen
      the reader's confidence in his conclusions. This is a pity, since
      Hallam-Baker is championing a number of positions that would promote
      much greater safety and security on the Internet. Overall this work
      is, for the non-specialist, a much-better-than-average introduction to
      the issue of Internet crime and protection, and is also worth serious
      consideration by security professionals for the thought-provoking
      challenges to standard approaches to the problems examined.

      copyright Robert M. Slade, 2008 BKDCRMNF.RVW 2008031


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Do not go where the path may lead, go instead where there is no
      path and leave a trail. - Ralph Waldo Emerson
      http://victoria.tc.ca/techrev/rms.htm
    Your message has been successfully submitted and would be delivered to recipients shortly.