Next message: mea culpa: "[ISN] Security Dynamics adds NT help"
Computer underground Digest Wed Oct 14, 1998 Volume 10 : Issue 51
File 7--REVIEW: "Introduction to Security Technologies", Michael P. Ress
VDINSCTC.RVW 980808
"Introduction to Security Technologies", Michael P. Ressler/Charles
Blauner, 1995, 1-57305-067-9, U$1295.00
%A Michael P. Ressler
%A Charles Blauner
%C Room 3A184, 8 Corporate Place, Piscataway, NJ 08854
%D 1995
%G 1-57305-067-9
%I Bellcore
%O U$1295.00 800-521-CORE fax: 908-336-2559
%P 224 min., 5 tapes, 260 p.
%T "Introduction to Security Technologies"
This five tape series is saved from being the proverbial "talking head"
only because the video feed of the "head" in question is frequently
interrupted by shots of lecture foils. The presentation uses text slides
in almost every case. As the presenter states, at the end of pretty much
every tape, the material is very brief and conceptual, giving very few
details. In fact, the contents of each tape would be most suitable as the
introductory chapter to a book on the relevant topic, since little more is
done than to give a definition of the subject and some related issues.
The use of video seems to be completely unnecessary, since the material
could be presented just as well with an audio tape and copies of the foils
(which are, in fact, provided).
The first tape, only twenty minutes long, talks about issues in
distributed systems security. The fundamentals are not well addressed,
and the presentation is somewhat confused. In fact, the totality of
distributed systems security is not addressed, and the main concerns are
on single sign-on, encrypted or tunneling channels, and ticket access
management for authentication.
The UNIX security basics tape is very basic, including some history, file
naming, and operations of some of the elementary security utilities such
as chmod (used for changing file permissions). There is discussion of
some slightly higher level concepts, such as the fact that the password
file is world readable by default. There is also some mention of the fact
that "trusted" hosts can be a vulnerability. However, about half of this
tape is given over to a promotional demonstration of an AT&T UNIX security
analysis tool.
The third tape seems slightly out of place, since its discussion of
Internet firewalls comes prior to the material to be later provided
introducing the Internet. Oddly, the presentation of packet filtering is
poorly explained and quite limited, whereas the explanation of the proxy
server is pretty clear. This is the reverse of the usual case. As with
tape two, some of the space is given over to a demonstration of the AT&T
PINGWARE product.
Tape four introduces TCP/IP and Internet security. Most of the material
actually concentrates on a description of the Internet, packet
encapsulation of Internet data, and a brief overview of basic Internet
applications. In terms of security, Sun Microsystems gets hit on for its
invention of remote procedure calls and the Portmapper program. The
remaining material seems to boil down to "it's scary out there: you'd
better learn something."
The final item looks at DCE (Distributed Computing Environment) security.
This is a slightly more detailed, and specific, version of tape one.
(With the change of presenter we see a subtle change in "presentation"
values. For whatever reason, the video taping was allowed to include a
good deal of Blauner facing away from the audience. The impression left
is that he is much more comfortable with his presentation software than he
is with the audience.)
It is difficult to think of anyone to recommend this product to. On the
one hand, it could be calculated that for the price of one registration to
a three or four day security course, you could give your whole department
(and all future incoming staff) a morning of training. On the other hand,
this is not the first morning of such a course, but rather the first half
hour of each morning of a five day course. The actual content has been
written in a number of places well enough to be read and understood in ten
to fifteen minutes per topic. The presentation is not thrilling enough to
catch the attention of those who could not be bothered to read it.
Not even if you served popcorn.
copyright Robert M. Slade, 1998 VDINSCTC.RVW 980808
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 13:07:48 PDT