[ISN] REVIEW: "Top Secret Intranet", Fredrick Thomas Martin

From: mea culpa (jerichoat_private)
Date: Fri Feb 19 1999 - 14:13:25 PST

  • Next message: mea culpa: "[ISN] SANS Web briefing: ``What the Hackers Know About Your Site, III''"

    Forwarded From: "Rob Slade" <rsladeat_private>
    
    BKTPSCIN.RVW   990117
    
    "Top Secret Intranet", Fredrick Thomas Martin, 1999, 0-13-080898-9,
    U$34.99/C$49.95
    %A   Fredrick Thomas Martin
    %C   One Lake St., Upper Saddle River, NJ   07458
    %D   1999
    %G   0-13-080898-9
    %I   Prentice Hall
    %O   U$34.99/C$49.95 800-576-3800, 416-293-3621
    %P   380 p.
    %S   Charles F. Goldfarb Series on Open Information Management
    %T   "Top Secret Intranet"
    
    Does anyone else think it is ironic that this book is part of a series on
    *open* information management?  No, I didn't think so. 
    
    Part one is an introduction to Intelink, the intranet connecting the
    thirteen various agencies involved in the US intelligence community.
    Chapter one is a very superficial overview of some basics: who are the
    departments, packet networks, layered protocols, and so forth.  The
    description of Intelink as a combination of groupware, data warehouse, and
    help desk, based on "commercial, off-the-shelf" (COTS) technology with
    Internet and Web protocols, in chapter two, should come as no big
    surprise. 
    
    Part two looks at the implementation (well, a rather high level design,
    anyway) of Intelink.  Chapter three reviews the various government
    standards used as reference materials for the system, which boil down to
    open (known) standards except for the secret stuff, for which we get
    acronyms.  There is a quick look at electronic intruders, encryption, and
    security policy in chapter four.  Various security practices used in the
    system are mentioned in chapter five, but even fairly innocuous details
    are lacking.  For example, "strong authentication" is discussed in terms
    of certificates and smartcards, but a challenge/response system that does
    not send passwords over the net, such as Kerberos, is not, except in the
    (coded?) word "token." Almost all of chapter six, describing tools and
    functions, will be immediately familiar to regular Internet users. 
    Chapter seven takes a return look at standards.  The case studies in
    chapter eight all seem to lean very heavily on SGML (Standard Generalized
    Markup Language)  for some reason. 
    
    Part three is editorial in nature.  Chapter nine stresses the importance
    of information.  (Its centerpiece, a look at statements from some of the
    Disney Fellows from the Imagineering division is somewhat paradoxically
    loose with the facts.)  The book closes with an analysis of intelligence
    service "agility," using technology as an answer to everything except
    interdepartmental rivalries. 
    
    Probably the most interesting aspect of the book is the existence of
    Intelink at all, and the fact that it uses COTS components and open
    standard protocols.  (Of course, since it was defence money that seeded
    the development of the Internet in the first place, one could see Intelink
    simply as a belated recognition of the usefulness of the product.)  For
    those into the details of the US government's more secretive services
    there is some mildly interesting information in the book.  For those
    charged with building secure intranets there is some good pep talk
    material, but little assistance. 
    
    copyright Robert M. Slade, 1999 BKTPSCIN.RVW 990117
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:19:25 PDT