REVIEW: "Enterprise Directory and Security Implementation Guide", Charles Carrington et al

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Dec 8, 2003.

  1. BKEDASIG.RVW 20031018

    "Enterprise Directory and Security Implementation Guide", Charles
    Carrington et al, 2002, 0-12-160452-7
    %A Charles Carrington
    %A Timothy Speed
    %A Juanita Ellis
    %A Steffano Korper
    %C 525 B Street, Suite 1900, San Diego, CA 92101-4495
    %D 2002
    %G 0-12-160452-7
    %I Academic Press
    %O 619-231-0926 800-321-5068 fax: 619-699-6380
    %O http://www.amazon.com/exec/obidos/ASIN/0121604527/robsladesinterne
    http://www.amazon.co.uk/exec/obidos/ASIN/0121604527/robsladesinte-21
    %O http://www.amazon.ca/exec/obidos/ASIN/0121604527/robsladesin03-20
    %P 238 p.
    %T "Enterprise Directory and Security Implementation Guide"

    You've got to wonder about the quality of a book that starts out with
    an eight page section dedicated to copyright notices and disclaimers.

    The foreword is unclear about what directories are, although it does
    name DNS as a directory. One sentence starts out by saying that there
    are both risks and benefits to publishing a directory and then lists
    only the most dire of risks. There is no mention that directories can
    be used to support security activities such as PKI (Public Key
    Infrastructure.)

    Chapter one is an introduction, stating that directories provide
    information and mentioning X.500 and LDAP (Lightweight Directory
    Access Protocol) without clarifying why directories need a formal
    protocol. (There seems to be, in the text, a preference for humour
    over information.) The basics of directories as information sources
    are given in chapter two (although there is no material on the
    problems of distribution, scaling, and replication), as well as a
    brief mention of security. There is a bit of discussion of directory
    architecture design, another mention of LDAP, and illustrations that
    do not illuminate, in chapter three. Chapter four has an explanation
    of LDAP that will make sense to those already familiar with relational
    database concepts (but probably not, otherwise), and an allusion to
    the difference between security information stored in the database and
    the security of the directory, but this important point is not given
    the emphasis it deserves. Chapter five gives us a history of street
    directories, some discussion of privacy, and a consideration of email
    routing. Basic relational database concepts are examined fairly
    simplistically in chapter six. Chapter seven is a generic overview of
    enterprise security. There is a good outline of the suggested
    contents of a high-level security policy in chapter eight, although
    the material becomes repetitive when an email policy basically
    duplicates the previous material. Chapter nine has a brief but
    reasonable overview of PKI, several pages of screenshots (of
    questionable utility) of a Cylink demonstration, and a fifteen page
    sample "Certification Practices Statement." Examples of directories
    in chapter ten include Kerberos and DNS. A list of miscellaneous PC
    security products is in chapter eleven.

    Although the issues of security related to directories are both
    important and sparsely covered in the security literature, this poorly
    focussed and structured work does not provide much useful direction.

    copyright Robert M. Slade, 2003 BKEDASIG.RVW 20031018

    --
    ======================

    "If you do buy a computer, don't turn it on." - Richards' 2nd Law
    ============= for back issues:
    [Base URL] site http://victoria.tc.ca/techrev/
    or mirror http://sun.soci.niu.edu/~rslade/
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Security Educ.: [Base URL]comseced.htm
    Book reviews: [Base URL]mnbk.htm
    [Base URL]review.htm
    Partial/recent: http://groups.yahoo.com/group/techbooks/
    Security Educ.: http://groups.yahoo.com/group/comseced/
    Review mailing list: send mail to
    Rob Slade, doting grandpa of Ryan and Trevor, Dec 8, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Samia
    Replies:
    4
    Views:
    665
    mark4asp
    Dec 13, 2004
  2. anthonyberet
    Replies:
    48
    Views:
    2,087
    Boomer
    Dec 2, 2003
  3. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Enterprise Directory and Security Implementation Guide", Charles Carrington et al

    Rob Slade, doting grandpa of Ryan and Trevor, Dec 1, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    560
    Rob Slade, doting grandpa of Ryan and Trevor
    Dec 1, 2003
  4. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Effective Security Management", Charles A. Sennewald

    Rob Slade, doting grandpa of Ryan and Trevor, Dec 16, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    862
    Rob Slade, doting grandpa of Ryan and Trevor
    Dec 16, 2003
  5. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Halting State", Charles Stross

    Rob Slade, doting grandpa of Ryan and Trevor, Jul 2, 2009, in forum: Computer Security
    Replies:
    4
    Views:
    723
Loading...

Share This Page