In this new section of our Web site, New England Members of the Association offer their opinions about recent book releases in the field of Information Security. 

Order Books & Music through Amazon.com!!

Through an agreement with Amazon.com, the ISSA now offers the option to purchase booksonline!!  A percentage of each sale will support the ISSA!!  As of July, you can also order music through our site!!

Go to Amazon for Books:   Or Enter keywords... How about Music:

Some of our Preferred Titles

PKI - A Wiley Tech Brief
By Tom Austin, Internet Business Group
Wiley, Jan 2001. 288pp $24

With major efforts underway to standardize a successful public key infrastructure (PKI) system, there is a growing need among network and security managers for authoritative information on PKI technology. This book offers a plain-language tutorial for people with limited technical background but with acute business need to understand how PKI works. - Amazon.com

Buy Me!!!

Secrets and Lies : Digital Security in a Networked World
By Bruce Schneier, Counterpane Internet Security
Wiley, Aug 2000. 432pp $24

[Bruce] has reached the depressing conclusion that even the loveliest code and toughest hardware still will yield to attackers who exploit human weaknesses in the users. The book is neatly divided into three parts, covering the turn-of-the-century landscape of systems and threats, the technologies used to protect and intercept data, and strategies for proper implementation of security systems. Moving away from blind faith in prevention, Schneier advocates swift detection and response to an attack, while maintaining firewalls and other gateways to keep out the amateurs. - Amazon.com

Buy Me!!!

Windows NT Security: Step-by-Step",
Published by the SANS Institute

Windows NT Security: Step-by-Step; a consensus of NT security experts in 77 large user organizations, Copyright 1998 by The SANS Institute; electronic updates published monthly; The booklet is available on paper ($27) or in pdf format ($69).

Windows NT is a complex environment and the various books published on this subject are voluminous. Trying to apply the information contained in the published references to a specific installation is an overwhelming task to most. Where to start? What is important?

This new guide, "Windows NT Security: Step-by-Step", answers these questions and provides a keyed checklist. Produced during February of 1998 in a joint effort of security experts from Merrill Lynch, the US Air Force, the University of Minnesota, Lockheed-Martin, Motorola, MacDonald Detweiler, Andersen Consulting and more than 70 other large organizations. Participating individuals are credited in the booklet. The experts combined their security tuning techniques, and their work yielded a step-by-step prescription with 93 separate actions, spanning eight phases from installing the machine to ongoing security monitoring.

The specific phases allow the user to focus quickly when needing to deal with a problem. Very logically organized, all actions are numbered within the appropriate phase. At the end of the document is a valuable checklist that is keyed to the action item. As a result, it is an effective tool for auditing, validating, reviewing and so on, an installation.

The booklet strictly limits reproduction. The pdf version (Adobe Acrobat viewer available for a FREE download) allows unlimited reproduction of the checklist. The electronic updates are invaluable and are essential to keeping the document current.

ISSA-NE has obtained significant discounts for its members. You must have the key before completing the order form to obtain the discount. The key including discount (50%) details has been sent to you via E-mail. If you have misplaced the notice, you can obtain another copy by sending an E-mail to issa-ne@computer-security.com with a subject of "Windows NT Security: Step-by-Step Discount". You will receive a prompt reply.

Review by: Bob Johnston, CISSP, Security Advisor, ASC

PROTECTING YOURSELF ONLINE
By Robert B. Gelman with Stanton McCandlish and Members of the Electronic Frontier Foundation
HarperEdge 199pp $15

Protecting Yourself Online is a breezy how-to book giving user-friendly explanations of where the Internet came from, how patents and trademarks work, how surfers should behave on the Net, and so forth. It has tips on spotting forged E-mail, coping with junk E-mail called ''spam,'' and dealing with programs called ''cookies'' that catalog your preferences on a Web site. The discussion never bogs down, and there are lots of Web links for further research.

Buy Me!!!

PRIVACY ON THE LINE
By Whitfield Diffie and Susan Landau
MIT Press 342pp $25

Diffie and Landau argue that privacy has been the rule throughout most of history. Prior to the 20th century, all face-to-face conversations were secure, as long as others were out of earshot. Modern communications changed all that, along with our core relationships. Now, our most intimate friends may be on the other side of the world--and anyone could be listening in on our conversations. ''If people are to enjoy the same effortless privacy that they enjoyed in the past, the means to protect that privacy must be built into their communications systems,'' they write.

The authors' solution is digital encryption. Mysteriously, Diffie and co-writer Susan Landau, a computer scientist
at the University of Massachusetts at Amherst, come up short when addressing cryptography head-on. Early chapters engulf the reader in technical discussions that are less engrossing than what follows.

Chapters on public policy and national security also drag. On the other hand, the authors give clear and authoritative treatments of wiretapping and digital telephony, the flap over the government's famed ''Clipper'' chip, and the legal framework for privacy protection, which is nowhere directly guaranteed in the Constitution. Iin the end, the authors prove their case that ''the preservation of privacy is critical to a democratic political process.''

Buy Me!!!

THE TRANSPARENT SOCIETY
By David Brin
Addison-Wesley 378pp $25

Brin's thesis, amplified in long, unhurried chapters, is that ''transparency'' and accountability are our best defenses against abuses. Cryptography, beloved by spooks, cyberpunks, and civil libertarians alike, is a useful tool, in Brin's eyes. But in an encryption arms race, the rich and powerful--meaning governments and big business--will always outgun ordinary citizens. In any case, Brin claims, snooping technology will advance more quickly than the tools to thwart it. You can digitally scramble a message. But how will you conceal your keystrokes from minuscule, insect-like, remote sensing devices that fly through your window and fix themselves to the ceiling?

New laws are no solution, Brin argues. Regulations will only create new layers of bureaucracy--and ultimately, such laws are unenforceable. Simplified to an extreme, his argument says that the authorities should be permitted to snoop, if that will help them fight criminal elements. But in return, he writes: ''We should make government come begging deferentially, and extract something in return each time. New kinds of supervision. New guarantees of openness. Snap inspections by teams of randomly chosen citizens.

Buy Me!!!!

Digital Fortress, a thriller; Dan Brown; ã 1998 by Dan Brown; ISBN 0-312-18087-X; $24.95

Normally, fiction would not be included at the ISSA web site. However, a quick review of the article that led me to this book will cause you to understand. My wife was shocked when I was reading fiction, but then she got hooked on it too. An engrossing, intriguing mystery focusing upon the National Security Agency and cryptography. While jumping around the globe with suspense, deception and assassination, many theories regarding NSA, its methods of operation, political activities, and the motives of its staff are carefully wove into the fabric of the book. Like most fascinating thrillers, you want to read it quickly so that you can reach the conclusion. However, to do so will cause you to miss many of the details that the author has included. Don't try to read it in one evening. While you might be entertained you will miss the information. Understand that it is fiction and, that while it is based on extensive research by the author, much of what is presented regarding the operation of NSA is the author's conjecture. Must reading for the security professional. If what is presented regarding technology is not already in place, it soon will be.

Review by: Bob Johnston, CISSP, Security Advisor, ASC

Buy Me!!!

TCP/IP , a survival guide for users; Frank Derfler & Steve Rigney; ã1998 by MIS:Press; ISBN 1-55828-564-4; $24.95 U.S., $34.95 Canada

An outstanding book for those seeking to gain a better understanding of TCP/IP or, simply trying to survive. The authors have done an excellent job of removing the mystique and replacing it with understanding. Broken into four logical sections with nineteen meaningful chapters, the information you are seeking is easy to locate. Everyone should read the first six chapters which makeup the first section, "Introduction of TCP/IP". The remaining sections deal with servers, clients and troubleshooting. Finally, here is a book that you can read and feel like you stand a chance when dealing with the network guru. No, it will not make you an authority on the subject. However, it will give you the information that you need to understand the challenges and advantages provided by TCP/IP and a better appreciation of its nuances. No, it is not a security primer. However, before one can address the issues of security and control, you must understand the environment. An excellent book to have on hand when you need it. Unlike many others, this is one that you can use as a reference guide and quickly find what you are looking for.

Review by: Bob Johnston, CISSP, Security Advisor, ASC

Buy Me!!

Intranet Security, stories from the trenches; Linda McCarthy w/forward by Richard Power, CSI; 1998 Sun Microsystems, Inc.; ISBN 0-13-894759-7; $29.95 U.S., $41.95 Canada

An easy to read, interesting book on the hazards of the Intranet. The book proves to be enjoyable reading because it blends statistics with real life stories. At the same time it discusses critical elements of Intranet security. For the experienced computer security professional it serves as a reminder as to what should be done while providing the real life examples that might be needed to convince management that the effort should be made. For the novice and those computer security professionals with modest experience this book will prove to be an excellent primer as well as a how to guide. Anyone caught in the position of having difficulty convincing management of the importance of security on their Intranet will find this book useful.

Review by: Bob Johnston, CISSP, Security Advisor, ASC

Buy Me!!

PC Week Microsoft Windows NT Security, system administrator's guide; Nevin Lambert and Manish Patel; Copyright 1997 by Macmillan Computer Publishing USA; ISBN 1-56276-457-8; $39.99 U.S., $56.95 Canada

A comprehensive guide that provides excellent management perspectives while delving into the necessary detail. A publication of ZD Press, this book meets the quality and content that we have come to expect. Clearly up-to-date, this book not only addresses NT Version 4.0 but also the impacts of upgrading to 5.0. It does an excellent job of discussing concepts as well as detail. If you have one or more current publications on NT 4.0 this is probably not the book for you. On the other hand, if you have not addressed the details for a while, want to review the concepts or the impact of upgrading to 5.0, this is it. While it is unlikely that you will be able to get management to read this book, it will prepare you to talk to them in the manner that they expect rather than "digital detail." A good buy.

Review by: Bob Johnston, CISSP, Security Advisor, ASC

Buy Me!!

@ Large

by David H. Freedman, Charles C. Mann. List: $24.00, Hardcover, 320 pages, Published by Simon & Schuster, Publication date: August 1, 1997, Dimensions (in inches): 9.57 x 6.49 x .99, ISBN: 0684824647

At Large is an amazingly granular book that will appeal to computer junkies everywhere, but may not serve as the public rallying cry it wants to be. The story centers on the exploits of a young hacker known as both phantomd and Infomaster and the terror he inflicts on computer systems worldwide.

The essential question raised by Freedman and Mann is: if phantomd, who is both physically and mentally handicapped, can penetrate into university, corporation, and military systems through sheer tenacity, what will stop the legions of better-equipped, more intelligent cybercriminals from doing far worse? Their conclusion is not pretty.

Each chapter is peppered with plenty of juicy, foreboding quotes from security professionals, industry insiders, and government officials prophesizing the next wave of computer crime and terrorism. The estimations of Internet security are right on the money though. The technical writing is superb, clear, and precise. Anyone could pick this book up and understand the exploits of the hackers and their larger ramifications, but the thorough descriptions and numerous footnotes eventually slow the story's pace down. This is a shame as the ending is worth reaching.

Buy Me!!!