REVIEW: "Enterprise Security", David Leon Clark

[InfoSec News <isn () c4i org>]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKESTMDG.RVW   20020916

"Enterprise Security", David Leon Clark, 2003, 0-201-71972-X,
U$39.99/C$62.99
%A   David Leon Clark
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2003
%G   0-201-71972-X
%I   Addison-Wesley Publishing Co.
%O   U$39.99/C$62.99 416-447-5101 fax: 416-443-0948
%O  http://www.amazon.com/exec/obidos/ASIN/020171972X/robsladesinterne
%P   264 p.
%T   "Enterprise Security: The Manager's Defense Guide"

The preface is heavy on buzzwords (and a few spelling errors) with
little attention paid to concepts and structure.  Part one would like
us to think of the forging of a new economy.  Chapter one asks "what
is e-business," and, with a little re-interpretation of history (the
Internet had been in existence for twenty two years and had five
million users, a significant number private and commercial, before it
"became available to the public" according to this book) and ignoring
of inconvenient facts (the hyperinflation of dot com IPO stocks is
stated to prove the success of e-business just before we are told that
the dot com failure was inevitable because of stock hyperinflation)
tells us that e-business uses the net and makes money.  Some security
jargon is introduced in chapter two.  A confused recycling of trade
press myths about blackhats, in chapter three, seems to state that
these are the only malicious opponents of e-business: there is no
mention of insider attacks.

Part two looks at protecting information assets in an open society. 
Chapter four demonstrates an amazingly consistent failure to
understand the technologies supposedly being explained: a
De-Militarized Zone (DMZ) is, by definition, not abandoned outside the
firewall, and Simple Key Management for IP (SKIP) is not a virtual
private network (VPN) product.  There are more buzzwords,
miscellaneous security concerns, and more mistakes (ActiveX is *not*
multi-environment) in chapter five.

Part three talks about waging war for control of cyberspace.  Chapter
six looks at attacks by syntax, and demonstrates more TCP/IP errors. 
(Packet filtering is not exactly built into IP: the ability to handle
a packet based on destination is central to the idea of networking. 
The ping-of-death has nothing to do with fragmentation offsets since
it is a single packet, and it is not too small, but too large.)  There
is a confusion of attack scripts and script viruses (and cookies, too,
for good measure) in chapter seven.  Countermeasures and attack
prevention, in chapter eight, actually looks (tersely) at incident
response.  The material isn't too bad, but has very little detail. 
Having talked about DDoS (Distributed Denial of Service) in chapter
six, the attack now gets more pages, but little more detail.  Chapter
ten is a grab bag of random safeguards and countermeasures, as is
eleven.

Part four deals with active defense mechanisms and risk management. 
Chapter twelve, entitled vulnerability management, suggests collecting
alerts.  Given what we've seen so far, it is strange that chapter
thirteen *does* address the nominal subject of risk management, albeit
not very well.

This confused collection of random concepts adds nothing of value to
the security literature.

copyright Robert M. Slade, 2002   BKESTMDG.RVW   20020916

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    February 10, 2003   February 14, 2003   St. Louis, MO
    March 31, 2003      April 4, 2003       Indianapolis, IN



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.