BKINTRAS.RVW 980206 "Intranet Security", John Vacca, 1997, 1-886801-56-8, U$49.95 %A John Vacca jvacca@hti.net %C 403 VFW Drive, PO Box 417, Rockland, MA 02370 %D 1997 %G 1-886801-56-8 %I Charles River Media %O U$49.95 800-382-8505 617-871-4184 fax 617-871-4376 %O chrivmedia@aol.com www.charlesriver.com %P 506 p. + CD-ROM %T "Intranet Security" While the author seems to be sincerely motivated by a concern for security, this book badly needs more discipline, more material, and more fact checking. Not to mention a closer alignment with the stated topic. Part one is a general guide to data security. Chapter one, although titled "Intranet Security Trends," provides an overview of vulnerabilities, means to address them, and security policies. Security policies are covered in more depth in chapter two, and then really again in chapter three, although there are slight variations in emphasis. Chapter four introduces Internet (TCP/IP) specific topics, but still is dealing at the level of policy. Part one closes with a look at hiring or being hired (it's a bit difficult to tell) for a security position. Part two is said to address intranet security threats, but starts out with a look at security protection tools in chapter six. (More specifically, chapter six presents a kind of extended case study of the work at Portland State University.) Chapter seven discusses security applications again, in part more generally, and in part mentioning specific proprietary programs. Chapter eight does the same thing. Finally, chapter nine does look at a variety of risks associated with Internet use, although it seems to keep lapsing into a discussion of encryption as a security tool. (There is also a rather odd statement about using antiviral software to protect confidential documents.) Identification of computer viruses, in chapter ten, contains generally good advice, but some extremely suspect assertions in the background discussion. Chapter eleven is supposed to talk about antivirus software, but after a non-sensical description of an almost unknown "type" of antiviral software, the rest of the chapter meanders around oddball virus related topics without divulging too much useful information. (This emphasis on viruses is, of course, rather gratifying from my perspective, but doesn't seem to have much to do with the stated topic of intranets. In terms of intranets, the gravest viral danger is probably that of the MS Word macro viruses, which get some space, but don't seem to be a priority.) Disaster avoidance, in part three, would seem to be what computer security is all about. The recovery part seems to be primarily physical, since chapter twelve stresses redundant hardware and hot sites. Part four discusses development, implementation, and management of security. Chapter thirteen reprises some of the information from part one in reference to workstations. Database security is important, but chapter fourteen does not provide enough coverage to really get down to work on it. Chapter fifteen looks briefly, but not in much detail, at security for remote users. Policy is revisited in chapter sixteen. Part five is supposed to look to the future, but chapter seventeen is little more than a collection of computer crime war stories. Chapter eighteen proposes that the Year 2000 problem might raise security issues, but is short on specifics. Internet security related issues are once again discussed briefly in chapter nineteen. Chapter twenty is supposed to be a summary and recommendations, but seems to be simply a rather random assortment of additional security related bits. Although there is some general security related material in this book, almost nothing relates directly or particularly to intranets. The security content is not too bad as far as generic advice is concerned, but isn't anything too significant, either. Overall the book is woefully short in some areas, redundant in others, and badly disorganized. For standard security advice the reader can easily do better. copyright Robert M. Slade, 1998 BKINTRAS.RVW 980206