[ISN] REVIEW: "Information Warfare and Security", Dorothy Denning

From: mea culpa (jerichoat_private)
Date: Tue Mar 23 1999 - 14:52:54 PST

  • Next message: mea culpa: "[ISN] 'Trojan horse' program steals passwords"

    From: "Rob Slade" <rsladeat_private>
    
    BKINWRSC.RVW   990212
    
    "Information Warfare and Security", Dorothy Denning, 1999,
    0-201-43303-6, U$34.95/C$52.50
    %A   Dorothy Denning denningat_private
    %C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
    %D   1999
    %G   0-201-43303-6
    %I   Addison-Wesley Publishing Co.
    %O   U$34.95/C$52.50 800-822-6339 Fax 617-944-7273 bkexpressat_private
    %P   522 p.
    %T   "Information Warfare and Security"
    
    Denning has chosen to take an inclusive approach to the topic of
    information warfare, not limiting the material to attacks on "military"
    targets.  Given the state of physical warfare, this seems to be quite
    realistic.  It does mean that the book tends to read like a high level
    computer security text (small wonder) with an emphasis on intrusions and
    the more overt aspects of computer crime. 
    
    Part one is a foundation and background for the material to come.  Chapter
    one looks at the great many information aspects to the Gulf War and
    Operation Desert Storm.  One of the unusual factors reviewed is that of
    propaganda, or "perception management."  A theory of infowar is the intent
    of chapter two, which outlines players and positions in a variety of ways. 
    The theory is somewhat weakened for being strongly dependent upon the idea
    of the value of the information being attacked or defended, and this is an
    area that still requires work.  Another possibly problematic area is the
    reliance on a "win- lose" model for data warfare, when there have been
    numerous instances of intruders, upon sufficient provocation, being
    willing to deny themselves a resource by damaging it, on the basis that
    the defenders stand to lose far more.  (On the other hand, "bragging
    rights" seem to have a lot of value in the computer underground.)  More
    detail on the players involved, and the possible types of attacks that
    have occurred, and might occur, are presented in chapter three. 
    
    Part two looks at the specifics of offensive information warfare.  Chapter
    four is extremely interesting, showing that "open source," or publicly
    available information, can and has been used for offensive and criminal
    undertakings in a variety of ways.  Disinformation is reviewed in chapter
    five, including the odd phenomenon of urban legends and Internet hoaxes. 
    The problem of damage from insiders, including, finally, a documented case
    of a salami attack (albeit a rather clumsy one), is covered in chapter
    six.  Chapter seven discusses the interception of information and
    communications in a variety of ways, and, as a sideline, jamming and
    alteration.  A variety of methods of computer intrusion are presented in
    chapter eight.  False identity, both identity theft and outright false,
    are examined in chapter nine.  The material on viruses and worms, in
    chapter ten, is solid, although I was sorry to see that a great many
    possibilities for reproductive mayhem that have been discussed over the
    years went unmentioned.  ("Harlie," Dr. Denning.  "When *HARLIE* Was
    One.")  (Of course, when I sent the first draft, I had, myself, spelled
    "Harlie" incorrectly.) 
    
    Part three looks at the opposite side, that of defence.  Chapter eleven
    gives a good background to encryption, but, seemingly, primarily as a
    general concept, rather than going into detail on specific uses for
    protection.  Authentication is dealt with in chapter twelve, and uses some
    of the cryptologic background.  With monitoring and detection bracketing
    chapter thirteen, the section on firewalls seems just slightly misplaced. 
    Chapter fourteen looks at risk analysis, planning, and some resources. 
    The final chapter discusses defence of the nation, and national policy in
    this regard, with particular emphasis on the current situation in the US. 
    
    The content of this book not only presents a clear picture of a number of
    aspects of information warfare, but does so in a very practical manner,
    informed by the need to use "real world" examples.  In addition, the
    anecdotal evidence backing the material makes the book quite readable and
    interesting.  As a text for a course in information warfare, it is
    complete and solidly based.  As a reference for security analysts and
    practitioners, it is clear and thought- provoking.  For those who may
    merely have some interest in the topic, it is engaging and informative. 
    
    copyright Robert M. Slade, 1999 BKINWRSC.RVW 990212
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:21:26 PDT