|
|
|
|
|
Posted by Rob Slade, doting grandpa of R on August 12, 2005, 3:26 pm
If you were Registered and logged in, you could reply and use other advanced thread options
BKPHDVSC.RVW 20050615
"Black Hat Physical Device Security", Drew Miller, 2005,
1-932266-81-X, U$49.95/C$72.95
%A Drew Miller jdrewm@gmail.com
%C 800 Hingham Street, Rockland, MA 02370
%D 2005
%G 1-932266-81-X
%I Syngress Media, Inc.
%O U$49.95/C$72.95 781-681-5151 fax: 781-681-3585 amy@syngress.com
%O http://www.amazon.com/exec/obidos/ASIN/193226681X/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/193226681X/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/193226681X/robsladesin03-20
%O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 363 p.
%T "Black Hat Physical Device Security"
The introduction asserts that products are insecure, and also tries to
say something about trust. There is no clear statement in regard to
the purpose or intent of the book, however. In addition, there are an
alarming number of grammatical and spelling errors, and this error
rate doesn't get any better in the course of the text.
Chapter one notes that it is possible to program safely. Most systems
have bugs, notes chapter two, but despite the fact that we have to
rely on insecure systems, the document points out that we can retrofit
security onto systems. Encryption is covered in chapter three, which
also contains ten pages of C language source code, which apparently is
an attempt to convince you how simple encryption is. There is also
some discussion of standard authentication forms and biometrics: it
seems rather odd, but is tied in towards the end of the chapter with a
discussion of how encryption can protect authentication data. Chapter
four describes a number of attacks involving input, and suggests
mitigating procedures. Monitoring of data submitted is recommended in
chapter five. Various hardware security devices are considered in
chapter six. Chapter seven is mostly authentication, and a little bit
of cryptography. There is more on monitoring in chapter eight.
Chapter nine closes off with discussions of notification.
Given no stated purpose for the book, it is very difficult to say
whether it reaches its own, or any other, objective. There are scraps
of useful information contained in these pages, but little structure
and no apparent purpose.
copyright Robert M. Slade, 2005 BKPHDVSC.RVW 20050615
--
======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@sun.soci.niu.edu
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to techbooks-subscribe@egroups.com
or techbooks-subscribe@topica.com
|
| Similar Threads | Posted | | Physical Security Quesiton | December 20, 2005, 9:31 am |
| REVIEW: "Software Security Engineering", Julia H. Allen et al | November 13, 2008, 11:58 am |
| Black Hat Federal and Europe CFP and Registration now open | November 4, 2005, 12:42 pm |
| Black Hat Federal and Europe Call for Papers | December 28, 2005, 8:33 pm |
| Black Hat Call for Papers and Registration now open | April 3, 2006, 7:50 pm |
| REVIEW: "Corporate Computer and Network Security", Raymond R. Panko | August 25, 2005, 8:25 pm |
| REVIEW: "Application Security in the ISO27001 Environment", Vinod Vasudevan et al | November 20, 2008, 12:38 pm |
| Symantec Gateway Security 5400 device and rDNS issue | May 10, 2007, 1:11 pm |
| REVIEW: "Enterprise Information Systems Assurance and System Security", Merrill Warkentin/Rayford Vaughn | May 23, 2008, 4:44 pm |
| Best Practices for secure delivery / transportation of physical media (tapes, CDs, etc.) | April 24, 2007, 4:13 pm |
|
|
|
XML site map