[ISN] REVIEW: "Defend I.T.", Ajay Gupta/Scott Laliberte

From: InfoSec News (isn@private)
Date: Fri Jul 23 2004 - 07:34:07 PDT

Forwarded rom: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@private>

BKDFNDIT.RVW   20040623

"Defend I.T.", Ajay Gupta/Scott Laliberte, 2004, 0-321-19767-4,
%A   Ajay Gupta
%A   Scott Laliberte
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2004
%G   0-321-19767-4
%I   Addison-Wesley Publishing Co.
%O   U$34.99/C$49.99 800-822-6339 Fax: 617-944-7273 bkexpress@private
%O  http://www.amazon.com/exec/obidos/ASIN/0321197674/robsladesinterne
%O   http://www.amazon.ca/exec/obidos/ASIN/0321197674/robsladesin03-20
%P   349 p.
%T   "Defend I.T.: Security by Example"

The preface states that this collection of (sixteen) "case studies" is
intended to explain the security profession.  This seems to be a bit
of a challenge since not all security work involves "cases."

Part one is entitled "Basic Hacking."  Chapter one describes the
process of enumerating a network with nmap and other tools.  There is
lots of information about blackhat activity in this regard, but
nothing on defending IT and nothing on what security professionals do. 
Chapter two, however, actually does deal with security work in
describing forensics and the importance of logs and auditing when
dealing with intrusions and attacks over trusted links.  Unlike the
conceptual discussion in chapter two, chapter three's packet dump
listings are not explained in terms of the evidence that would
indicate a DDoS (Distributed Denial of Service) attack.

Part two's emphasis seems to be on how "current methods" of security
are insufficient for most companies.  Chapter four follows the
security assessment of a new wireless network, although not quite the
system design process promised at the beginning.  A virus infection
(except that Sadmind is a worm) is used to demonstrate the need for
patching and scanning, in chapter five.  A worm infection is used, in
chapter six, to prove the need for incident response.  (There is
significant misleading information: the user actions described would
not start a worm, and virus scanning of email would not prevent it.) 
Chapter seven looks at a web defacement indicating the need for clear
contracts and understandings in penetration tests.

Part three reviews additional items.  Chapter eight deals with the
selection of an IDS (Intrusion Detection System), but could be a
general model for any security acquisition.  While a company's ad hoc
recovery from disaster is exciting, chapter nine does not clearly make
the case for business continuity planning.  Policy is vital to
security, but chapter ten does not effectively demonstrate either the
centrality or the process.  Chapter eleven could have had the
requirements of HIPAA (Health Insurance Portability and Accountability
Act) point out the need for re-assessment under changing legislation,
but didn't.

Part four nominally reviews old stuff.  Unfortunately, it returns to
the pattern of chapter one, concentrating on the attack aspects and
limiting the discussion of defence.  Chapter twelve looks at war
dialling and says very little about the countermeasures: thirteen is
even worse in dealing with social engineering.

Part four covers aspects of computer forensics.  Supposedly about
industrial espionage, fraud, and a really clumsy attempt at extortion,
chapters fourteen to sixteen actually just recycle the usual material
on data recovery and chain of custody.

A "conclusion" attempts to fill in the holes that this book leaves in
dealing with other areas of security.

The division of the book into parts seems quite arbitrary and
artificial.  The groups of chapters do seem to have vague themes, but
they are tenuous at best.

Overall, the book must be said to have gone some ways towards
fulfilling its goal of explaining what the security profession is
about.  Not the whole way: there are serious gaps in the coverage, and
someone getting a picture of a security career from this book alone
would receive a fairly skewed image.  But the book does present some
interesting aspects of the field in a (mostly) readable form.  There
are any number of books that present a more misleading image.

copyright Robert M. Slade, 2004   BKDFNDIT.RVW   20040623

======================  (quote inserted randomly by Pegasus Mailer)
rslade@private      slade@private      rslade@private
There is something wrong with a profession in which the only way
to get anything done is to find a bearded wonder, lock him in a
closet, and slip him crackers under the door.      - Robert W. Bemer
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Fri Jul 23 2004 - 09:44:32 PDT