BKPCNSEC.RVW 980426 "Practical Computer Network Security", Mike Hendry, 1995, 0-89006-801-1, U$55.00 %A Mike Hendry %C 685 Canton St., Norwood, MA 02062 %D 1995 %G 0-89006-801-1 %I Artech House/Horizon %O U$55.00 800-225-9977 fax: 617-769-6334 artech@world.std.com %P 203 p. %T "Practical Computer Network Security" This book asks the questions of what is security, and can security be achieved, for every level of audience. The text does, in fact, answer the questions, but the answers turn out to be profoundly uninteresting. Part one explains some of the conceptual framework for data security on networks. Chapter one is an introduction to the book overall. It is not terribly clear about the scope of the book, but does state that the material will look at failures caused by humans (both deliberate and accidental) as well as short and long term machine failures. The terms defined seem to indicate an emphasis on problems in the actual transmission of data. Six types of failures are outlined quickly in chapter two, although there is no explanation of the difference between "inaccuracy" and "alteration" of data, both seeming to relate to the more general realm of reliability. Tables relating these types of failures to those outlined in the preceding section are confusing. The overview of systems aspects of security in chapter three is terse and seemingly random. A simple idea of risk assessment is given in chapter four. Chapter five looks at a number of specific points of failure in hardware and software: confidence is not increased by a network diagram that demonstrates no knowledge of the OSI (Open Systems Interconnect) reference model. Specific perils for particular applications are mentioned in chapter six, but only for a small set of industries. Part two reviews security technologies. There is a brief introduction to encryption (and an even briefer look at identity) in chapter seven. Chapter eight is quite odd, showing a number of partial algorithms for key use, but almost nothing on key management. Various hardware security devices are discussed in chapter nine, but, again, the overview seems to be fairly random. Chapter ten is a vague and generic look at different aspects of software related to security. The section of viruses is appalling, containing almost no accurate information at all. The material on access control in chapter eleven is also nebulous, and not likely to be of help to either the user or manager. Chapter twelve, on types of networks, has no relation to security at all, even though network type may very well have a bearing on risks. Part three looks at security by application type. Chapter thirteen is a very general overview of commercial applications, ranging from a simplistic look at database security to a section that gets very detailed about the motives that drive sales people to defraud the company but doesn't present very helpful advice on what to do about it. Banking gets a fair amount of space in chapter fourteen, but then it does cover a considerable amount of territory. Subscription services, from confidential databases to email, are discussed in chapter fifteen. The rest of the world is covered in the five pages of chapter sixteen. Chapter seventeen is a review of the chapters. For the complete novice to computer and communications security, the book does raise a number of issues to think about. The lack of scope in the book means that a number of additional points would need to be considered in any workable security plan. The lack of detail included means that other references will be needed to make any plan workable. copyright Robert M. Slade, 1998 BKPCNSEC.RVW 980426