[ISN] REVIEW: "Introduction to Security Technologies"

From: mea culpa (jerichot_private)
Date: Fri Oct 16 1998 - 03:17:49 PDT

  • Next message: mea culpa: "[ISN] Security Dynamics adds NT help"

    Computer underground Digest    Wed  Oct 14, 1998   Volume 10 : Issue 51
    File 7--REVIEW: "Introduction to Security Technologies", Michael P. Ress
    VDINSCTC.RVW   980808
    "Introduction to Security Technologies", Michael P. Ressler/Charles
    Blauner, 1995, 1-57305-067-9, U$1295.00
    %A   Michael P. Ressler
    %A   Charles Blauner
    %C   Room 3A184, 8 Corporate Place, Piscataway, NJ   08854
    %D   1995
    %G   1-57305-067-9
    %I   Bellcore
    %O   U$1295.00 800-521-CORE fax: 908-336-2559
    %P   224 min., 5 tapes, 260 p.
    %T   "Introduction to Security Technologies"
    This five tape series is saved from being the proverbial "talking head"
    only because the video feed of the "head" in question is frequently
    interrupted by shots of lecture foils.  The presentation uses text slides
    in almost every case.  As the presenter states, at the end of pretty much
    every tape, the material is very brief and conceptual, giving very few
    details.  In fact, the contents of each tape would be most suitable as the
    introductory chapter to a book on the relevant topic, since little more is
    done than to give a definition of the subject and some related issues. 
    The use of video seems to be completely unnecessary, since the material
    could be presented just as well with an audio tape and copies of the foils
    (which are, in fact, provided). 
    The first tape, only twenty minutes long, talks about issues in
    distributed systems security.  The fundamentals are not well addressed,
    and the presentation is somewhat confused.  In fact, the totality of
    distributed systems security is not addressed, and the main concerns are
    on single sign-on, encrypted or tunneling channels, and ticket access
    management for authentication. 
    The UNIX security basics tape is very basic, including some history, file
    naming, and operations of some of the elementary security utilities such
    as chmod (used for changing file permissions).  There is discussion of
    some slightly higher level concepts, such as the fact that the password
    file is world readable by default.  There is also some mention of the fact
    that "trusted" hosts can be a vulnerability.  However, about half of this
    tape is given over to a promotional demonstration of an AT&T UNIX security
    analysis tool. 
    The third tape seems slightly out of place, since its discussion of
    Internet firewalls comes prior to the material to be later provided
    introducing the Internet.  Oddly, the presentation of packet filtering is
    poorly explained and quite limited, whereas the explanation of the proxy
    server is pretty clear.  This is the reverse of the usual case.  As with
    tape two, some of the space is given over to a demonstration of the AT&T
    PINGWARE product. 
    Tape four introduces TCP/IP and Internet security.  Most of the material
    actually concentrates on a description of the Internet, packet
    encapsulation of Internet data, and a brief overview of basic Internet
    applications.  In terms of security, Sun Microsystems gets hit on for its
    invention of remote procedure calls and the Portmapper program.  The
    remaining material seems to boil down to "it's scary out there: you'd
    better learn something." 
    The final item looks at DCE (Distributed Computing Environment)  security. 
    This is a slightly more detailed, and specific, version of tape one. 
    (With the change of presenter we see a subtle change in "presentation"
    values.  For whatever reason, the video taping was allowed to include a
    good deal of Blauner facing away from the audience.  The impression left
    is that he is much more comfortable with his presentation software than he
    is with the audience.) 
    It is difficult to think of anyone to recommend this product to.  On the
    one hand, it could be calculated that for the price of one registration to
    a three or four day security course, you could give your whole department
    (and all future incoming staff) a morning of training.  On the other hand,
    this is not the first morning of such a course, but rather the first half
    hour of each morning of a five day course.  The actual content has been
    written in a number of places well enough to be read and understood in ten
    to fifteen minutes per topic.  The presentation is not thrilling enough to
    catch the attention of those who could not be bothered to read it. 
    Not even if you served popcorn.
    copyright Robert M. Slade, 1998   VDINSCTC.RVW   980808
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:07:48 PDT