BKEDASIG.RVW 20031018 "Enterprise Directory and Security Implementation Guide", Charles Carrington et al, 2002, 0-12-160452-7 %A Charles Carrington %A Timothy Speed %A Juanita Ellis %A Steffano Korper %C 525 B Street, Suite 1900, San Diego, CA 92101-4495 %D 2002 %G 0-12-160452-7 %I Academic Press %O 619-231-0926 800-321-5068 fax: 619-699-6380 %O http://www.amazon.com/exec/obidos/ASIN/0121604527/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0121604527/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0121604527/robsladesin03-20 %P 238 p. %T "Enterprise Directory and Security Implementation Guide" You've got to wonder about the quality of a book that starts out with an eight page section dedicated to copyright notices and disclaimers. The foreword is unclear about what directories are, although it does name DNS as a directory. One sentence starts out by saying that there are both risks and benefits to publishing a directory and then lists only the most dire of risks. There is no mention that directories can be used to support security activities such as PKI (Public Key Infrastructure.) Chapter one is an introduction, stating that directories provide information and mentioning X.500 and LDAP (Lightweight Directory Access Protocol) without clarifying why directories need a formal protocol. (There seems to be, in the text, a preference for humour over information.) The basics of directories as information sources are given in chapter two (although there is no material on the problems of distribution, scaling, and replication), as well as a brief mention of security. There is a bit of discussion of directory architecture design, another mention of LDAP, and illustrations that do not illuminate, in chapter three. Chapter four has an explanation of LDAP that will make sense to those already familiar with relational database concepts (but probably not, otherwise), and an allusion to the difference between security information stored in the database and the security of the directory, but this important point is not given the emphasis it deserves. Chapter five gives us a history of street directories, some discussion of privacy, and a consideration of email routing. Basic relational database concepts are examined fairly simplistically in chapter six. Chapter seven is a generic overview of enterprise security. There is a good outline of the suggested contents of a high-level security policy in chapter eight, although the material becomes repetitive when an email policy basically duplicates the previous material. Chapter nine has a brief but reasonable overview of PKI, several pages of screenshots (of questionable utility) of a Cylink demonstration, and a fifteen page sample "Certification Practices Statement." Examples of directories in chapter ten include Kerberos and DNS. A list of miscellaneous PC security products is in chapter eleven. Although the issues of security related to directories are both important and sparsely covered in the security literature, this poorly focussed and structured work does not provide much useful direction. copyright Robert M. Slade, 2003 BKEDASIG.RVW 20031018