BKBIOMNS.RVW 20040527 "Biometrics for Network Security", Paul Reid, 2004, 0-13-101549-4, U$44.99/C$67.99 %A Paul Reid %C One Lake St., Upper Saddle River, NJ 07458 %D 2004 %G 0-13-101549-4 %I Prentice Hall %O U$44.99/C$67.99 +1-201-236-7139 fax: +1-201-236-7131 %O http://www.amazon.com/exec/obidos/ASIN/0131015494/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0131015494/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0131015494/robsladesin03-20 %P 252 p. %T "Biometrics for Network Security" In the preface, Reid presents biometrics as the cure for all network security ills. Given his employment, with a company that sells biometric systems, this enthusiasm is understandable, if not totally compelling. Part one deals with introduction and background. Chapter one is the introduction--mostly to the book. The definition of biometrics itself is very terse. Authentication technologies are promised in chapter two--which starts out by repeating the all-too-common error of confusing authentication with identification. Reid then pooh-poohs passwords and tokens and praises biometrics as strong authentication, without dealing with the fact that a biometric is the ultimate static password, or addressing the technologies (and associated error rates) needed to make biometrics a viable authentication factor. Privacy is confused with intellectual property, access control, and improper employee monitoring in chapter three. Part two lists biometric technologies. Chapter four is a disorganized amalgam of factors generally involved in biometric use and applications. Fingerprint features are reviewed in chapter five with incomprehensible explanations and unclear illustrations. Attacks against fingerprint technologies and systems are raised--but are usually dismissed in a fairly cavalier manner. Similar examinations are made of face (chapter six), voice (seven), and iris (eight) systems. Part three looks at implementing the technologies for network applications. Chapter nine compares the four biometrics from part two, in general terms, and states measures that are rather at odds with other biometric literature. Reid makes a big deal out of simple error rate metrics in chapter ten. Most of chapter eleven talks about hardening biometric devices and hardware. Unconvincing fictional "straw man" case studies and some general project planning topics are in chapter twelve, with more of the same in thirteen and fourteen. Part five, which is only chapter fifteen, casts a rosy-spectacled look at the future when all of security will be made perfect through the use of biometrics--essentially returning us to the preface. Basically, this appears to be a promotional pamphlet padded out to book length: it isn't even as good as Richards' article in the "Information Security Management Handbook" (cf. BKINSCMH.RVW). The material will not help you with a realistic assessment of what biometrics can (and cannot) do, or how to implement it. The "Biometrics" text by Woodward, Orlans and Higgins (cf. BKBIOMTC.RVW) is far superior. copyright Robert M. Slade, 2004 BKBIOMNS.RVW 20040527