Perspectives on Computer Security
8/95 Dr. Dobb’s Journal, USA: Programmer’s Bookshelf: Perspectives on Computer Security, Lynne Greer Jolitz . When you get on the net, who can you trust? Lynne examines several new books that address this question: Network Security: Private Communications in a Public World, by Charlie Kaufman, Radia Perlman, and Michael Speciner; E-Mail Security, by Bruce Schneier; Network Security, by Steven Shaffer and Alan Simon; and Network Security: How to Plan for It and Achieve It, by Richard H. Baker.
[Embedded in "Le Monde En Tique" ]
Perspectives on Computer Security
Review by Lynne Greer Jolitz
Copyright (C) Dr. Dobb's Journal, August, 1995
For most people, security is as simple as locking the front door or putting
a Club on a car's steering wheel. For networked computer users, security
is a devilish issue, because a computer system can be compromised by any
one of millions of other computers around the globe. Fortunately, a good
number of books on network-security techniques are available, and while
none will protect a computer from the latest attack (you'll just have to
keep up on journals and conferences for that), many offer valuable insights.
Network Security: Private Communications in a Public World, by Charlie
Kaufman, Radia Perlman, and Michael Speciner, discusses the practical issues
of secure communications, including cryptographic techniques, applied-number
theory, authentication, and integrity. It also covers existing Internet
mechanisms used to increase network security (Kerberos, PEM, PGP, and the
like) as well as extensions to X.400 and NetWare. Finally, the book provides
a good overview of encrypted communications and authentication as currently
used on the Internet. It avoids matters such as the formal government-security
framework and concentrates on the actual moving pieces used in security
I enjoyed this book primarily because it was loaded with insider jokes and
minutiae, such as "UNIX, an unusually user-hostile and otherwise mediocre
operating system" or (my personal favorite)
plausible deniability, a situation in which events are
structured so that someone can claim not to have known or done something,
and no proof exists to the contrary. Whenever this term comes up, the person
in question is almost certainly guilty.
The authors are not afraid to voice opinions on popularly perceived solutions
to insecure networks. For example, the current trend of developing, selling,
and purchasing commercial firewall packages is concisely characterized by
Firewalls are the wrong approach. They don't solve the general problem,
and they make it very difficult or impossible to do many things. On the
other hand, if I were in charge of a corporate network, I'd never consider
hooking into the Internet without one. And if I were looking for a likely
financially successful security product to invest in, I'd pick firewalls.
The meat of Network Security: Private Communications in a Public World
is its practical introduction to communications-oriented security in the
form of encryption and authentication; specific implementation details are
described only casually. Of particular interest in this post-Mitnick era
is the brief discussion of sabotage-resistant routing protocols. Since routing
is the next logical target of attack, it is an area worthy of critical study.
In fact, secure routing and network integrity alone could fill another book.
Network Security: Private Communications in a Public World provides
a balanced treatment of controversial topics (such as cryptography), but
it isn't a war-stories book. The level of discussion is technical enough
to get the point across, yet not so detailed as to become dull. Still, the
book lacks descriptions of attacks against TCP and DNS. Even though they've
been covered in other security books, these topics still have a place in
a discussion of attack pathologies.
The book also omitted discussions of the Green Book, the follow-up work
to the Orange Book (which maps the Trusted Computing metaphor into a networking
paradigm). While of admittedly limited use, the Green Book does offer sanguine
observations about network security that fall into the scope of this book.
Finally, the text jumps right into specific algorithms without bothering
to develop the subject of cryptography. The result is an incomplete picture:
It's unclear why a certain technique is employed in a given algorithm or
why an algorithm is considered flawed.
E-Mail Security for the Layman
While insider stories and algorithmic examinations are interesting, they
are less than useful to the individual trying to protect e-mail from prying
eyes. To complicate matters, while regular surface mail is protected by
a host of laws regarding privacy and is processed by a quasi-governmental
agency which must follow certain regulations, most e-mail correspondence
is not (yet) as carefully protected or regulated. The law is still murky
regarding privacy from coworkers, system administrators, managers, and the
like. Thus, protection of sensitive correspondence and the limits of such
protection are topical subjects.
E-Mail Security: How to Keep your Electronic Messages Private, by
DDJ contributing editor Bruce Schneier, is an in-depth treatment of electronic-mail
security intended for immediate application by the reader. Schneier begins
with an overview of electronic-mail security and goes on to discuss and
contrast the two preeminent security encapsulations used in network electronic
mailPretty Good Privacy (PGP) and Privacy Enhanced Mail (PEM). Finally,
the book addresses restrictions placed on its use by the government and
Schneier's discussion of finite mathematics alone is worth the price of
the book. The one downside is Schneiers view that it is absolutely good
to secure all communications in this manner. While this approach probably
appeals to his target audience, it is ironic that the same tools that can
prevent misappropriation of information can also be used to shield a scoundrel
who misappropriates others' work. Yes, I've heard the argument that anyone
who doesn't secure their work deserves to be punished, but that's just the
old blame-the-victim routine, which doesn't deal with reality.
In addition, shielding posters or remailers on the net, making them effectively
anonymous, is not a defensive security approach intended to keep personal
e-mail private, but instead an ideologically motivated offensive tactic.
Net users should be aware that this approach is rarely used for purposes
of, say, revealing a governmental plot to suppress information: Instead,
it's used for character assassination, personal vendettas, theft of work,
disinformation, petty criminal behavior, and worse. In fact, the current
chaos is eerily similar to John Brunners prediction in his classic book
The Shockwave Rider over 20 years ago, where anonymous denunciation
lines allowed antagonists to destroy a protagonist's credit, job status,
and even marriage without fear of retribution. Ignoring or aiding this practice
without regard for the consequences is ethically questionable at best.
Overall, Schneier's writing has a concise, readable, appealing style. E-Mail
Security: How to Keep your Electronic Messages Private is ideal for
the computer user who feels insecure about sending Internet mail and has
an active interest in the powerful tools available for securing it.
Network Security as a Professional Practice
Network Security, by Steven L. Shaffer and Alan R. Simon, provides
a comprehensive, top-down approach to computer and networking security as
a professional practice. It focuses primarily on the formal nomenclature
and structure used as the framework for government- and commercial-security
environments. This formalism is critical for serious computer-security work.
Network Security is ideal as a top-down introduction to any intensive study
of formal security mechanisms and policies of the last 20 years. Not included
are the tools of the trade that a network-security officer uses in practice,
the methodology that programmers use to implement secure operating systems,
or the cryptographic mechanisms that secure communications across a data
network. However, bibliographic references provide pointers for the serious
One nice feature of this book is a description of representative-government-security
programs that show the formal information- security structure in practice.
Among the programs discussed are the Department of Defenses BLACKER, DNSIX,
and CCEP; profiles of security-product vendors are given as well. (This
latter group was incomplete: Suns Secure Solaris, Oracles MLS products,
and HPs HP-UX BLS were missing.)
A downside of Network Security is its insularity and relative blindness
that stems from its proximity to traditional security perspectives. For
example, while PEM and Kerberos are discussed briefly, unofficial security
mechanisms, such as PGP and COPS, are not. There is no critical analysis
of the inherent weaknesses of the official architectures for information
security. Despite these omissions, however, Network Security's coverage
of the appropriate formalisms make it essential to the serious security
Enterprise Network Security
Network Security: How to Plan for It and Achieve It, by Richard Baker,
is the most ambitious of the books discussed here. It develops and implements
an enterprise networks security envelope from the bottom-up, but avoids
discussion of the underlying mechanisms. Baker speaks to MIS managers or
network administrators who must develop and implement an official, organized
security policy, comprising physical security, business-management structures,
backups, training, viruses, and security audits.
Each chapter begins with an overview of a problem (such as securing the
desktop), then develops a top-down plan to deal with it. While fleshing
out these details, Baker discusses the elements and management of a careful,
secure environment (occasionally citing industry examples). The book does
not cover operating-system and software architectures; it concentrates on
operational aspects pertinent to a business.
Network Security: How to Plan for It and Achieve It reminds us that
information security often fails because it is not integrated into the information
system from the start.
The breadth of the book is exemplified in its discussion of the legal requirements
of a network-information processing service, including the legal doctrines
of due care and due diligence. Few administrators are aware of the potential
liabilities of insecure or improperly maintained information systems, which
are magnified when the system retains information covered by privacy or
intellectual-property rights. The Infobahn of the future will likely involve
many suits over negligent operation of information services, resulting in
substantial liability awards from unsuspecting companies.
Baker approaches enterprise network security from a situational perspective.
This is bound to appeal to the administrator who can directly apply Baker's
solutions to rectify a situation or avoid an incident; enterprise network
administrators should keep this book handy.
Network Security: Private Communications in a Public World
Charlie Kaufman, Radia Perlman, and Michael Speciner
Prentice-Hall, 1995, 504 pp. $46.00
Steven L. Shaffer and Alan R. Simon
Academic Press, 1994, 318 pp. $25.95
E-Mail Security: How to Keep your Electronic Messages Private
John Wiley & Sons, 1995, 362 pp. $24.95
Network Security: How to Plan for It and Achieve It
Richard H. Baker
McGraw-Hill, 1995, 456 pp. $34.95