|
|
|
John Vacca
Reviewed by Terry Rooker <[email protected]> Intranets being a hot topic, a book on their security is worthwhile. Of course, intranets are just Internet technology used for a new purpose, so it seems that there shouldn't be that much difference. As it turns out, using that technology for new purposes does change some of the assumptions, and you cannot simply apply security precautions developed for the Internet to the new application. Unfortunately, that is the weakness of this book. It rehashes all of the security techniques we've seen before and applies them to intranets. While the book is comprehensive in its coverage of the technology, the coverage is superficial and fails to explain how intranets may change some of the security requirements. The book discusses user administration, some technical issues, virus detection and prevention, intrusion detection, and some legal issues involved in prosecuting those you discover. The level of detail is suitable for maybe first-line managers, and even some of them may find the detail a little lacking. Even though the discussion of certain issues includes some technical safeguards you can use, details on how to implement the safeguard are completely lacking. Furthermore, the approach of the author is to use off-the-shelf (OTS) software where available. The problem with using OTS software is that it causes additional concerns about its implementation and exactly what safeguards it provides. In addition, you need extra analysis to ensure that the assembly of OTS products satisfies your security requirements. Unfortunately, this book does not discuss how to do that. So the repeated references to commercial products makes the book appear more like an advertisement for those products -- an image not helped by the enclosed CD, which includes demonstrations and vendor and product listings. This commercialism would be more acceptable if the book provided some insight into the new security concerns of intranets. Again it disappoints us, mentioning that intranets raise new concerns but offering nothing to help us understand the problem. Yes, without an external network connection or a very limited connection, the main threat to an intranet is insiders. But what does that mean when we go to secure our network? This book provides few answers to that question. The superficial coverage of the technical issues makes Intranet Security of little value to network or system administrators. It is not worthwhile for readers trying to understand how intranets change the security issues. The comprehensive coverage of general network security issues is worthwhile, but then there are already many such books. The book does provide a good survey of some commercial products, so it would be worthwhile to someone looking for guidance to make a decision about purchasing commercial security products.
|
 Need help? Use our Contacts page.
First posted: 22 Mar. 1999 jr Last changed: 22 Mar. 1999 jr |
|
Issue index