|
List Info Thread: REVIEW: "Information Security: Principles and Practice", Mark Stamp
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
REVIEW: "Information Security: Principles and Practice", Mark Stamp |
|
List Info Thread: REVIEW: "Information Security: Principles and Practice", Mark Stamp
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
cs.sjsu.edu
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B
6H8
%D 2006
%G 0-471-73848-4
%I John Wiley & Sons, Inc.
%O U$74.95/C$96.99 416-236-4433 fax: 416-236-4448
%O 
There are
some fascinating additions to the usual material for this
topic.
Asymmetric algorithms and concepts, again with some
interesting notes,
are given in chapter four. Chapter five deals with hash
functions and
related topics (and also has a brief mention of
steganography).
Advanced cryptanalytic attacks are outlined in chapter six.
(Those
wanting to pursue this topic *will* have to brush up on
their math.)
Part two looks at access control. Chapter seven provides a
reasonably
complete look at direct authentication issues and
technologies. The
material on authorization, in chapter eight, extends the
normal view
of that topic by pointing out the advantages of capability
lists and
the fact that our basic security models are actually those
of
authorization. However, Stamp also includes some
technologies, such
as firewalls and intrusion detection systems, that have only
a tenuous
connection to authorization.
Part three examines protocols. Chapter nine discusses
simple
authentication schemes, most relying on some kind of
challenge-
response system and encryption of some type. Although the
writing is
clear (and even amusing), Stamp dives into mathematics,
sometimes at
crucial moments and without fully explaining the base
concepts. For
real world security protocols, chapter ten looks at SSL
(Secure
Sockets Layer) and Kerberos, and also examines IPSec and GSM
in some
depth, pointing out the weaknesses in design.
Part four deals with software. Chapter eleven explains
buffer
overflows and other attacks, and also discusses malware.
(Stamp makes
a rather odd mistake in calling the third type of malware
detection
"anomaly detection" rather than the more usual
activity monitoring.
However, the definition of the term fits activity monitoring
properly.) Tamper resistance and software testing are
legitimately
part of software security, but chapter twelve also deals
extensively
with digital rights management (DRM) which seems to apply
more to data
protection. The DRM theme is extended in chapter thirteen
which
addresses operating system security functions, but also
discusses
Microsoft's upcoming Next Generation Secure Computing Base,
which many
feel is more applicable to DRM than any real security needs.
An appendix provides an overview of networking, particularly
TCP/IP,
and network security issues.
While not a complete coverage of security, this book has
some
excellent material on the subjects it covers. With limited
exceptions, Stamp's writing is clear, and frequently
amusing. (Unlike
all too many works that try to inject humour into the
security topic,
Stamp's quips are not irrelevant or distracting, but often
help to
address or solidify concepts.) The cryptography section is
particularly good, providing items of fairly contemporary
cryptological history. The references are well chosen, and
a great
many are available on the Web, furnishing a rich source of
items for
further study, or general resources. I can easily recommend
this text
for those interested in cryptography, and it makes some good
points
with regard to software security, as well.
But you can't have my copy. This one I'm keeping.
copyright Robert M. Slade, 2005 BKINSCPP.RVW 20051112
====================== (quote inserted randomly by Pegasus
Mailer)
rslade