REVIEW: "Enterprise Directory and Security Implementation Guide", Charles Carrington et al

From: Rob Slade, doting grandpa of Ryan and Trevor (rslade_at_sprint.ca)
Date: 12/01/03


Date: Mon, 01 Dec 2003 15:43:32 GMT

BKEDASIG.RVW 20031018

"Enterprise Directory and Security Implementation Guide", Charles
Carrington et al, 2002, 0-12-160452-7
%A Charles Carrington
%A Timothy Speed
%A Juanita Ellis
%A Steffano Korper
%C 525 B Street, Suite 1900, San Diego, CA 92101-4495
%D 2002
%G 0-12-160452-7
%I Academic Press
%O 619-231-0926 800-321-5068 fax: 619-699-6380
%O http://www.amazon.com/exec/obidos/ASIN/0121604527/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0121604527/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/0121604527/robsladesin03-20
%P 238 p.
%T "Enterprise Directory and Security Implementation Guide"

You've got to wonder about the quality of a book that starts out with
an eight page section dedicated to copyright notices and disclaimers.

The foreword is unclear about what directories are, although it does
name DNS as a directory. One sentence starts out by saying that there
are both risks and benefits to publishing a directory and then lists
only the most dire of risks. There is no mention that directories can
be used to support security activities such as PKI (Public Key
Infrastructure.)

Chapter one is an introduction, stating that directories provide
information and mentioning X.500 and LDAP (Lightweight Directory
Access Protocol) without clarifying why directories need a formal
protocol. (There seems to be, in the text, a preference for humour
over information.) The basics of directories as information sources
are given in chapter two (although there is no material on the
problems of distribution, scaling, and replication), as well as a
brief mention of security. There is a bit of discussion of directory
architecture design, another mention of LDAP, and illustrations that
do not illuminate, in chapter three. Chapter four has an explanation
of LDAP that will make sense to those already familiar with relational
database concepts (but probably not, otherwise), and an allusion to
the difference between security information stored in the database and
the security of the directory, but this important point is not given
the emphasis it deserves. Chapter five gives us a history of street
directories, some discussion of privacy, and a consideration of email
routing. Basic relational database concepts are examined fairly
simplistically in chapter six. Chapter seven is a generic overview of
enterprise security. There is a good outline of the suggested
contents of a high-level security policy in chapter eight, although
the material becomes repetitive when an email policy basically
duplicates the previous material. Chapter nine has a brief but
reasonable overview of PKI, several pages of screenshots (of
questionable utility) of a Cylink demonstration, and a fifteen page
sample "Certification Practices Statement." Examples of directories
in chapter ten include Kerberos and DNS. A list of miscellaneous PC
security products is in chapter eleven.

Although the issues of security related to directories are both
important and sparsely covered in the security literature, this poorly
focussed and structured work does not provide much useful direction.

copyright Robert M. Slade, 2003 BKEDASIG.RVW 20031018

-- 
====================== 
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
"If you do buy a computer, don't turn it on."     - Richards' 2nd Law
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
      or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs:     [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews:   [Base URL]mnbk.htm
                [Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to techbooks-subscribe@egroups.com


Relevant Pages