Upload
graham-roberts
View
212
Download
0
Embed Size (px)
Citation preview
Tangled Web - Tales of Digital Crime from the Shadows of Cyberspace
Richard Power Que Corporation, 2000
In Tangled Web, Power attempts to document incidents in the last 5 years or so
which expose the insecurity of computer systems and the Internet, including the
World Wide Web. He succeeds. The inevitable patchwork quilt of articles and
anecdotes however is not designed to make one cosy for a night’s sleep. His intent
is to awaken us from slumbering complacency.
Unsurprisingly, this book addresses an
audience in the United States. I shall
endeavour to drop into conversation at
my next dinner party that the Pentagon
has 2. I million computers. Yes, that many
(page 263).
If Power is a cyber-prophet, he is not a
doom monger. He tells us things are bad,
and could get worse or better, dependent
on our level of complacency. He
recounts the law, he documents recent
reality and bravely delves into the
motives of particular individuals and
groups who, one way or another, threat-
en cyberspace. He describes kinds of
attack and types of attacker. He suggests
what we can do to better protect our dig-
ital information, and he gives pointers
on the way we can equip ourselves to
fight - and win - the cyberwar. The
book exudes a spirit of “Sure it’s bad
sometimes, but don’t give up; it can get
better”.
Every book has a weakness, and this
one has so many journalistic reports,
tables, charts and graphs documenting
the cyberwar that the flow of the prose is
fragmented, threatening its coherence.
The detail that adds weight to his
undoubted authority sometimes obscures
the overall theme of the book. For
instance, his revelation and explanation of
the new term hacktivist (a portmanteau
of activist and hacker) is incisive, but
almost hidden in a surfeit of detailed inci-
dents recorded as examples.
The final chapter is brilliant, and pos-
sibly worth the cost of he book on its
own. “Countermeasures” has more than
30 pages of eponymous guidance. It
explains the wisdom of using the term
Information Protection (II’) rather than
information security, which can appear
chilling and threatening. Building on a
positivistic approach, Powers discusses
the Information Protection Assessment
Kit (IPAK) and p rovides Seven Steps to
Success. IP seems to convey ownership
to individuals charged with security of
digital data and engender an ideal of
proactive and constant vigilance. It
changed my way of thinking about
security.
It would be refreshing to read a book
that did not attack Microsoft, and
Power resists admirably a tempting tar-
get. He gently reminds us that when
operating systems require patches or
add-ons to upgrade protection of data,
it is clear that security is not sufficiently
inherent in the architecture. He delivers
a wry quote from Marcus Ranum, who
describes the problem as “trying to
change the hull of a ship at sea.”
If you seek appreciation of the cur-
rent state of cyber security, particularly
on the Internet, this book will enlight-
en you. If you are an individual or a
company concerned with protecting
your information, this book can give
some excellent practical guidance on
countermeasures to common threats to
computer and network security. If you
think cyberspace is safe (which I
doubt), you need to read this book -
and soon.
Graham Roberts
The Vanishing Firewall Jon David
Only a few short years ago, firewalls were looked on at the ultimate and often the
only necessary form of protection for those connecting to the Internet. They’d
gotten bigger and bigger year after year, and more and more powerful with more
and more features. If you look around today though, these ‘oldies’ are getting
harder and harder to find. They have evolved in two separate directions, and this
article examines the transformations of the one-time ideal firewall and the impli-
cations of these transformations.
Introduction
The Internet started as a mechanism to
allow the ready sharing of information
among practitioners in the academic
and research communities. As an avenue
of sharing, it was never meant to be
secure, and the RFCs (Requests For
Comment), the specifications to which
the Internet was built and to which it
conforms, actually state that security is
not provided, and is the responsibility of