Volume 3, Issue 7, October, 1996
Telecommunications Electronic Reviews (TER) is a publication of the Library and Information Technology Association.
Telecommunications Electronic Reviews (ISSN: 1075-9972) is a periodical copyright © 1996 by the American Library Association. Documents in this issue, subject to copyright by the American Library Association or by the authors of the documents, may be reproduced for noncommercial, educational, or scientific purposes granted by Sections 107 and 108 of the Copyright Revision Act of 1976, provided that the copyright statement and source for that material are clearly acknowledged and that the material is reproduced without alteration. None of these documents may be reproduced or adapted for commercial distribution without the prior written permission of the designated copyright holder for the specific documents.
- REVIEW OF: William R. Chesnick and Steven M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. by Gary Doucette
- REVIEW OF: Conor Sexton. Beyond the Mainframe: A Guide to Open Computer Systems. by Bruce Gilbert
- REVIEW OF: Jacob Palme. Electronic Mail. by Robert Wittorf
- Technology for Enjoyment, or, Water Wants To Be Free! by Thomas C. Wilson
- About TER
REVIEW OF: William R. Chesnick and Steven M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, 1994.
by Gary Doucette
Complete, great reference, well-written. I could leave it at that, and just say every Internet-attached network or system administrator should read it, but I won't. This is the "soup-to-nuts" of Internet security. I'm impressed by the book; it's easy to illustrate why you should be, too.
The book consists of four parts: "Getting Started," "Building Your Own Firewall," "A Look Back," and "Odds and Ends."
In the first part, the authors begin by explaining what levels of security are achievable, and why you should secure a network. They give security strategies and appropriate uses for those strategies, and there is a good discussion of the ethics of security. At the end of this part, there is an explanation of the fundamentals of TCP/IP and the areas that need special security attention.
Part II is a detailed discussion of how to build a firewall. It includes three types of firewalls. It has a chapter on building an application-level firewall with an inside and outside gateway, and the tools needed on each. This implementation is probably more than a small organization can afford, and more restricting than an educational institution can operate with, but it's a real education in how a hacker will attack your site.
You also get a look at the tools a hacker will use to break into your site. This section is followed by a discussion of countermeasures, such as logging, setting up dummy accounts and connection tracing, that will help track down the fiends.
Part III tells you exactly how the hacker will compromise your system. This part discusses the holes the hacker climbs through, and tells an interesting story of one hacker and the authors' experience uncovering the hacker's activities. They show the information found in log files and how to get reports with a little programming, using available tools.
Part IV includes a discussion of legal matters, the uses of encryption and authentication, and appendices. The appendices have a complete list of the tools referenced and where to find them on the Internet. This section may be out of date for some tools, but a Web search should be able to locate them.
The one weakness of this volume is age. It shows in a lackluster single page of discussion about the World Wide Web; then again, the Web was not the dominating entity in 1994 that it is today. A new edition should cover HTTP, Web browsers, Java, and CGI scripting.
There is a large bibliography and many references throughout the book. A very complete index makes this book one I'll return to for help time and time again.
Copyright © 1996 by Gary Doucette. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at firstname.lastname@example.org.
REVIEW OF: Conor Sexton. Beyond the Mainframe: A Guide to Open Computer Systems. Oxford: Butterworth-Heinemann, 1995.
by Bruce Gilbert
Conor Sexton's "Beyond the Mainframe" is addressed, according to the author, to the audience of "non-specialist readers," which includes everyone from Information System managers to "the educated general reader." (p. xiii) Those without any background in computers would, I believe, find this volume to be a little technical, so I would have to rate this book as one written for an "intermediate" audience of individuals who already have some knowledge of information technology.
Mr. Sexton begins his work by stating, "if this book has one objective, it is clarity, both of expression and in demystifying open systems and client-server." (p. xi) In general, his work meets this objective. The problems with this book (which are outlined later) are more errors of omission, rather than commission. With few exceptions, the concepts outlined in this book are explained succinctly and fully. Graphs and tables are used well throughout to demonstrate the relationships discussed in the text. Cross-referencing of various topics as they re-occur in different sections of the book adds value as well.
There are any number of published works that attempt to deal with open systems and client-server technologies; Mr. Sexton notes that not only does his book serve a more general readership, it also covers more diverse topics than earlier texts. "...topics such as IBM PCs, Windows 95, pipelining in RISC microprocessors, and LU6.2 communications are not automatic choices for inclusion in open system texts...but they are real and affect everyday business, so they are included here." (p. xi) This is a laudable sentiment; but it leads to inevitable considerations of "if you included this, then why not that?"
The book itself is divided into three parts: "The Need for Standards," which covers some basic computer concepts, and thus lays the groundwork for the rest of the discussion; "Standards for Portability," which includes both the current state of open system standards (international as well as national) and software; and "Standards for Interconnection and Interoperability," or the "networking" section. This last section also includes Sexton's discussion of client-server applications.
Throughout this book, Sexton maintains a descriptive, even-handed tone; he rarely openly displays his personal preferences, except perhaps in an unqualified statement such as, "UNIX systems are open." (p. 37) The reader is left to speculate, by taking notice of what is not included, as to which areas of open systems that Mr. Sexton either is not familiar with, or doesn't personally favor.
One such area is the discussion of GUI's. Microsoft Windows (both NT and 3.x) are discussed at considerable length; Windows 95 is given two pages (odd, since most of this book was written before the public release of Win 95), and OS/2 is given four pages, even though OS/2's share of the operating system is minuscule.
There is no separate section, on the other hand, for the Macintosh; this seems strange, given that the Macintosh operating system accounted for roughly ten percent of the PC market when this book was being written. Does Sexton believe that Macs are inherently more anti-open-system than these other platforms? If so, shouldn't he state that? The reader is left to wonder.
Perhaps even more problematic is Sexton's treatment of TCP/IP (Transmission Control Protocol/Internet Protocol). He does a very good job of explicating the basics, and in explaining, for example, the differences in the relationship between OSI (Open Systems Interface) protocols and TCP/IP protocols. But his discussion of DNS (Domain Name System) is scanty, and does not include any text on the hierarchical structure of domain names; his example of a typical domain name is neither particularly helpful nor accurate.
Further, when it comes to discussion of TCP/IP applications, there is no mention whatsoever of http (hypertext transfer protocol). Given that http is the fastest-growing protocol on the Internet (perhaps, in all of computerdom, as well) it seems odd that a wide-ranging text on open systems, written as early as last year, should include nothing concerning this Web construct.
Perhaps Sexton could plead "shock of the new," and that http will be included in future editions of this book. This does not explain, however, his light treatment of Electronic Data Interchange, a topic for open system explication if ever there was one. EDI is given only one brief mention (and the otherwise exemplary glossary and index contain no listing for EDI).
These qualms aside, the bulk of what is included in "Beyond the Mainframe" is well worth owning by anyone who has to deal with various computer problems, particularly those who deal with networking and interconnectivity issues. The discussion of client-server, for example, is succinct and straightforward; it includes a thorough airing of both the advantages and disadvantages of this technology. And anyone who has wondered just what is going on "behind the scenes" of their LAN (Local Area Network) will welcome Sexton's relatively jargon-free examination of topologies and Network Operating Systems.
Overall, this is a very worthwhile book. It will perhaps be more useful to the "educated layperson" as a reference tool than as a straight read-through; a quick read of the section on NetWare, for example, would be a valuable preparation the next time the Novell re-seller comes calling. I recommend this as a good general text on the topic, and trust that future editions will shore up some of the omitted areas of the present work.
Bruce Gilbert is Systems Librarian at Drake University in Des Moines, Iowa; he can be reached at BG7601s@acad.drake.edu. He has written articles for several periodicals, including "OCLC Micro," and has reviewed books for "Journal of Academic Libraries."
Copyright © 1996 by Bruce Gilbert. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at BG7601s@acad.drake.edu.
by Robert Wittorf
This book is written as a handbook for electronic mail (e-mail), broadly examining e-mail on the business, machine, and personal levels. Indeed, it seems to be directed to a business audience. Palme's discussion covers the basics, from why a company would want to use e-mail, to how to go about evaluating it in a business context, to the varieties of user functionality.
Palme begins by examining the reasons for e-mail's success, and its growth, strengths and weaknesses as compared to other types of communication. The reasons are probably obvious to those who use postal mail and fax alongside e-mail, but their restatement serves to reinforce the point that the obvious differences in speed and quality will ensure they are not competitors but complementary media.
E-mail is a cost-effective medium for various group and individual contacts within an organization, whether at a single site or several. If e-mail is regularly read and answered, it can reduce time-consuming face to face contacts. In corporate settings where employees need to contact each other across departmental or divisional lines, it broadens communication patterns in a cost-effective way. Its place is not, however, to replace other media in their appropriate use. Palme advises, for example, that while e-mail is a cost-effective communication medium, it is not one that should be used to promote a consensus.
Chapter 5, "Cost/Efficiency Analysis," suggests a quantitative methodology for the study of e-mail's use within a corporate setting. Regardless of the specific e-mail software, a strength of the book is a discussion of functions that e-mail software might provide. Chapters 6 and 7 discuss varieties of messages, bulletin boards, conferencing, directories, encryption, and security. As a user of e-mail for a number of years, I found these chapters particularly fascinating because of their discussions on anonymous messages (which I thought were impossible to send on any mail system) and pseudonymous messages.
In Palme's discussion of ethics and etiquette (Chapter 10), he revisits anonymous e-mail and other issues relating to ethical e-mail usage. He raises awareness of issues which systems administrators and users need to be familiar with: messages with material illegal in one country but not in another; legality of contracts over e-mail and of other communications using electronic mail; private use of electronic mail in a corporate setting, etc. I found Palme's book useful because of his international perspective. The reader should not be disappointed if he does not provide many answers for these problems. The service of this book is making corporate readers aware of problems that can arise with e-mail use.
There are also detailed discussions of the structure of the e-mail header, the international Message Handling System X.400 standard, encoding of attachments--MIME (Multipurpose Internet Mail Extension) but not BINHEX, for example--and gateway standards. Although one would not expect Chapter 8, "Standards," to be lively reading, the discussion gives the layperson a technical understanding of message structure and the facilities (text, voice, graphic, etc.) that are or could be utilized in application software.
His discussion is filled with numerous useful diagrams and examples. Chapter 12, "User Interface Examples," picks up the interface discussion with Pine, SUPERKOM, EAN/ENVOY 400, MEMO 3270 and Macintosh First Class. Most of these systems are, or began as, text-based, line by line mainframe systems of previous generations. They illustrate basic functionality but lack the sophistication and ease of use of recent software such as Qualcomm's Eudora Pro. Other chapters touch upon such diverse questions as e-mail's market, costs, and fees.
Finally, each chapter ends with a bibliography for further study. Many citations are available for downloading over the World Wide Web. For these, he provides full (and accessible) Uniform Resource Locators. A bibliography of International Standards Organization and International Telecommunications Union standards, a glossary, and a useful index complete this handbook. Although positioned for a corporate setting, this handbook would complement academic collections as well.
Robert Wittorf (WITTORF.1@ND.EDU) is Assistant Director for Administrative Services, Planning & Budget, at the University Libraries of Notre Dame.
Copyright © 1996 by Robert Wittorf. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at WITTORF.1@ND.EDU.
by Thomas C. Wilson
It is easy to get so caught up in the challenges of supporting technology that we lose sight of the softer side of it. I could illustrate my point with some entertaining Web sites or 3-D network games that eat countless hours of apparently non-productive time. Instead I'd rather select a more visceral illustration: fountains.
Fountains come in all shapes and sizes and represent an amazing amalgam of technologies. Fountains are inherently public-- something to be shared, at least between the designer and observer, if not more. Throughout history fountains served as gathering points for local communities. These mainstays of parks, malls, and gardens represent a blending of natural elements, such as water and stone, with human creativity to bring enjoyment and reflection.
Two of my favorite examples that incorporate mechanical engineering ingenuity, musical creativity, theatrical design, and computer programming savvy are at Disney's Epcot Center and Cleveland, Ohio's Terminal Tower. Both of these fountains blend fluid and musical dynamics in an experience that pits form and function against the elements--light, water, steam, temperature, gravity. >From light-hearted dancing spurts to stoic glass-like tubes to Icarian leaps of faith, all matching the timing, mood, and presence of the music, these monuments to human technical achievement provide hours of contentment and inspiration.
I am intrigued by the consummation of multiple areas of human endeavor in one incredible experience--a virtual reality in its own right. And while I have experienced fountains in virtual environments, I still prefer the physical ones that whet my appetite and wet my fingers.
I wonder what difference it might make in our creation of networked information systems if we were to incorporate the concepts of enjoyment and reflection into our design outcomes. I don't just mean migrating to a graphical user interface to improve productivity and ease of use. What else might we aspire to in delivering information to others? Do we "enjoy" the systems we create, purchase, or license? Do we even use them? When's the last time we asked users if they are content with the retrieval mechanisms they are offered? We know they use them for hours. Has an information system ever truly inspired someone?
Get to know a fountain near you, and let the water, and inspiration, flow!
Tom Wilson, Editor-in-Chief TER, TWilson@uh.edu
Copyright © 1996 by Thomas C. Wilson. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at TWilson@uh.edu.