VDINSCTC.RVW 980808 "Introduction to Security Technologies", Michael P. Ressler/Charles Blauner, 1995, 1-57305-067-9, U$1295.00 %A Michael P. Ressler %A Charles Blauner %C Room 3A184, 8 Corporate Place, Piscataway, NJ 08854 %D 1995 %G 1-57305-067-9 %I Bellcore %O U$1295.00 800-521-CORE fax: 908-336-2559 %P 224 min., 5 tapes, 260 p. %T "Introduction to Security Technologies" This five tape series is saved from being the proverbial "talking head" only because the video feed of the "head" in question is frequently interrupted by shots of lecture foils. The presentation uses text slides in almost every case. As the presenter states, at the end of pretty much every tape, the material is very brief and conceptual, giving very few details. In fact, the contents of each tape would be most suitable as the introductory chapter to a book on the relevant topic, since little more is done than to give a definition of the subject and some related issues. The use of video seems to be completely unnecessary, since the material could be presented just as well with an audio tape and copies of the foils (which are, in fact, provided). The first tape, only twenty minutes long, talks about issues in distributed systems security. The fundamentals are not well addressed, and the presentation is somewhat confused. In fact, the totality of distributed systems security is not addressed, and the main concerns are on single sign-on, encrypted or tunneling channels, and ticket access management for authentication. The UNIX security basics tape is very basic, including some history, file naming, and operations of some of the elementary security utilities such as chmod (used for changing file permissions). There is discussion of some slightly higher level concepts, such as the fact that the password file is world readable by default. There is also some mention of the fact that "trusted" hosts can be a vulnerability. However, about half of this tape is given over to a promotional demonstration of an AT&T UNIX security analysis tool. The third tape seems slightly out of place, since its discussion of Internet firewalls comes prior to the material to be later provided introducing the Internet. Oddly, the presentation of packet filtering is poorly explained and quite limited, whereas the explanation of the proxy server is pretty clear. This is the reverse of the usual case. As with tape two, some of the space is given over to a demonstration of the AT&T PINGWARE product. Tape four introduces TCP/IP and Internet security. Most of the material actually concentrates on a description of the Internet, packet encapsulation of Internet data, and a brief overview of basic Internet applications. In terms of security, Sun Microsystems gets hit on for its invention of remote procedure calls and the Portmapper program. The remaining material seems to boil down to "it's scary out there: you'd better learn something." The final item looks at DCE (Distributed Computing Environment) security. This is a slightly more detailed, and specific, version of tape one. (With the change of presenter we see a subtle change in "presentation" values. For whatever reason, the video taping was allowed to include a good deal of Blauner facing away from the audience. The impression left is that he is much more comfortable with his presentation software than he is with the audience.) It is difficult to think of anyone to recommend this product to. On the one hand, it could be calculated that for the price of one registration to a three or four day security course, you could give your whole department (and all future incoming staff) a morning of training. On the other hand, this is not the first morning of such a course, but rather the first half hour of each morning of a five day course. The actual content has been written in a number of places well enough to be read and understood in ten to fifteen minutes per topic. The presentation is not thrilling enough to catch the attention of those who could not be bothered to read it. Not even if you served popcorn. copyright Robert M. Slade, 1998 VDINSCTC.RVW 980808