BKDFNDIT.RVW 20040623 "Defend I.T.", Ajay Gupta/Scott Laliberte, 2004, 0-321-19767-4, U$34.99/C$49.99 %A Ajay Gupta %A Scott Laliberte %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2004 %G 0-321-19767-4 %I Addison-Wesley Publishing Co. %O U$34.99/C$49.99 800-822-6339 Fax: 617-944-7273 bkexpress@aw.com %O http://www.amazon.com/exec/obidos/ASIN/0321197674/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0321197674/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0321197674/robsladesin03-20 %P 349 p. %T "Defend I.T.: Security by Example" The preface states that this collection of (sixteen) "case studies" is intended to explain the security profession. This seems to be a bit of a challenge since not all security work involves "cases." Part one is entitled "Basic Hacking." Chapter one describes the process of enumerating a network with nmap and other tools. There is lots of information about blackhat activity in this regard, but nothing on defending IT and nothing on what security professionals do. Chapter two, however, actually does deal with security work in describing forensics and the importance of logs and auditing when dealing with intrusions and attacks over trusted links. Unlike the conceptual discussion in chapter two, chapter three's packet dump listings are not explained in terms of the evidence that would indicate a DDoS (Distributed Denial of Service) attack. Part two's emphasis seems to be on how "current methods" of security are insufficient for most companies. Chapter four follows the security assessment of a new wireless network, although not quite the system design process promised at the beginning. A virus infection (except that Sadmind is a worm) is used to demonstrate the need for patching and scanning, in chapter five. A worm infection is used, in chapter six, to prove the need for incident response. (There is significant misleading information: the user actions described would not start a worm, and virus scanning of email would not prevent it.) Chapter seven looks at a web defacement indicating the need for clear contracts and understandings in penetration tests. Part three reviews additional items. Chapter eight deals with the selection of an IDS (Intrusion Detection System), but could be a general model for any security acquisition. While a company's ad hoc recovery from disaster is exciting, chapter nine does not clearly make the case for business continuity planning. Policy is vital to security, but chapter ten does not effectively demonstrate either the centrality or the process. Chapter eleven could have had the requirements of HIPAA (Health Insurance Portability and Accountability Act) point out the need for re-assessment under changing legislation, but didn't. Part four nominally reviews old stuff. Unfortunately, it returns to the pattern of chapter one, concentrating on the attack aspects and limiting the discussion of defence. Chapter twelve looks at war dialling and says very little about the countermeasures: thirteen is even worse in dealing with social engineering. Part four covers aspects of computer forensics. Supposedly about industrial espionage, fraud, and a really clumsy attempt at extortion, chapters fourteen to sixteen actually just recycle the usual material on data recovery and chain of custody. A "conclusion" attempts to fill in the holes that this book leaves in dealing with other areas of security. The division of the book into parts seems quite arbitrary and artificial. The groups of chapters do seem to have vague themes, but they are tenuous at best. Overall, the book must be said to have gone some ways towards fulfilling its goal of explaining what the security profession is about. Not the whole way: there are serious gaps in the coverage, and someone getting a picture of a security career from this book alone would receive a fairly skewed image. But the book does present some interesting aspects of the field in a (mostly) readable form. There are any number of books that present a more misleading image. copyright Robert M. Slade, 2004 BKDFNDIT.RVW 20040623