Computer science Professor Dorothy E. Denning’s Information Warfare and Security isn’t just the usual fare. It provides a lot of practical information written so laymen can understand it. Instead of zeroing in on just computers and hackers, she explains on the value of information, no matter where or how it is stored. Information warfare is a confrontation in which the offense tries to steal information—not physical goods—to the detriment of the other side.
Her book points out what security professionals already know—that much of the danger comes from insiders. She breaks that group into six different classes, from traitors (“traditional” spies like Aldrich H. Ames and John A. Walker, Jr.) to untrustworthy subcontractors (a supervisor of a janitorial crew who tried to sell Pittsburgh Plate Glass’s plans) to people who con their way past security guards (Kevin Mittnick during his early escapades against Pacific Bell).
Of course, not all threats come from insiders. Thanks to computer networks, information can now be accessed – and stolen – from great distances. She gives brief case studies of hackers and their attacks, and how weak laws made investigation and prosecution difficult. She explains in layman’s terms how many of the denial of service attacks against computer systems (like the “ping of death” and “syn flood”) work.
Unlike some other books on the topic, hers is rich in details (like names, places, dates and footnotes). For example, she relates the stories of how several celebrities, including unlikely bedfellows Rush Limbaugh and President Bill Clinton were victims of an e-mail flood attack.
As she points out, infowar is not a zero sum game. The writer of a new computer virus or a hacker who breaks into a site and steals some files gains ego satisfaction and some (largely anonymous) acclaim. The company whose computers are struck may loose much more: the cost of repairs and lost productivity, perhaps lost investor confidence or business opportunities. Compromised business plans and data, which may be of no value to the hacker, may now be suspect.
Denning also explains the most effective defenses against both high tech and low tech attacks. Her sections on encryption, steganography, and authentication techniques are written in simple English and are easy enough for even a neophyte to follow.
Not surprisingly, she concludes with tried and true cautions to security managers. Security education is the most cost-effective measure a company can take. Other steps include building secure systems, monitoring vulnerabilities, managing risks, and following up aggressively when incidents do that place.
I’m glad to add this readable and interesting book to my security library, and recommend you do the same.
Reviewed: Information Warfare & Security by Dorothy E. Denning, Reading, MA: Addison-Wesley, 1999, paperback, $34.95.
No comments:
Post a Comment