Home

Bulletins

Upcoming
Events

Posters

Recent Newsletters

Past Articles
*  Computer Security
*  Foreign Espionage
*  Industrial Espionage
*  Personal Security
*  Personnel Security
*  Physical Security
*  Security Management

VSAC Desktop
Guide

Security Books
On-Line

Other Security Links

About Us
*  ASIS
*  NCMS
*  VSAC

E-Mail Us
*  ASIS
*  NCMS
*  VSAC
*  Webmaster

We join with those who mourn the loss of life,  the injuries, and the disruption of lives caused  by the attacks  against Washington,  DC, and  New York, N.Y.    All those effected -- the brave people who helped in rescue efforts, those involved in America's response to terror and in the war with Iraq-- are in our thoughts and prayers.

Computer science Professor Dorothy E. Denning’s Information Warfare and Security isn’t just the usual fare.  It provides a lot of practical information written so laymen can understand it.  Instead of zeroing in on just computers and hackers, she explains on the value of information, no matter where or how it is stored.  Information warfare is a confrontation in which the offense tries to steal information—not physical goods—to the detriment of the other side.

Her book points out what security professionals already know—that much of the danger comes from insiders.  She breaks that group into six different classes, from traitors (“traditional” spies like Aldrich H. Ames and John A. Walker, Jr.) to untrustworthy subcontractors (a supervisor of a janitorial crew who tried to sell Pittsburgh Plate Glass’s plans) to people who con their way past security guards (Kevin Mittnick during his early escapades against Pacific Bell). 

Of course, not all threats come from insiders.  Thanks to computer networks, information can now be accessed – and stolen – from great distances.  She gives brief case studies of hackers and their attacks, and how weak laws made investigation and prosecution difficult.  She explains in layman’s terms how many of the denial of service attacks against computer systems (like the “ping of death” and “syn flood”) work.

Unlike some other books on the topic, hers is rich in details (like names, places, dates and footnotes).  For example, she relates the stories of how several celebrities, including unlikely bedfellows Rush Limbaugh and President Bill Clinton were victims of an e-mail flood attack. 

As she points out, infowar is not a zero sum game.  The writer of a new computer virus or a hacker who breaks into a site and steals some files gains ego satisfaction and some (largely anonymous) acclaim.  The company whose computers are struck may loose much more: the cost of repairs and lost productivity, perhaps lost investor confidence or business opportunities.  Compromised business plans and data, which may be of no value to the hacker, may now be suspect.

Denning also explains the most effective defenses against both high tech and low tech attacks.  Her sections on encryption, steganography, and authentication techniques are written in simple English and are easy enough for even a neophyte to follow.

Not surprisingly, she concludes with tried and true cautions to security managers. Security education is the most cost-effective measure a company can take.  Other steps include building secure systems, monitoring vulnerabilities, managing risks, and following up aggressively when incidents do that place.

I’m glad to add this readable and interesting book to my security library, and recommend you do the same.

Reviewed:  Information Warfare & Security by Dorothy E. Denning, Reading, MA: Addison-Wesley, 1999, paperback, $34.95. 

[Webmaster's Note:  This article was written in January 2000 for the VSAC News, NCMS Channel Islands Newsletter, and ASIS Santa Barbara Newsletter.]