Index
Previous
Next
Letter from Cybersalem #8
From the cross-examination of Rich Cower, Intel Network Security Expert and State's Expert for the prosecution, by Marc Sussman, Randal's lawyer:
Sussman: "Are you familiar with a book entitled [ Firewalls and Internet Security, Repelling the Wily Hacker, by William Cheswick and Steven Bellovin ]"
Cower: "What does 'familiar' mean?"
Sussman: "Have you seen their book?"
Cower: "I ever seen it?"
Sussman: "Do you recognize it as --"
Cower: "That's a new book."
Sussman: "One that's reliable, kind of an authority on this subject?"
Cower: "It's a new book." [1]
Those who are in the Internet security field should find the above responses from someone purporting to be an expert in their field stand on their own. Not all my readers will be in the field, however, so I'll supply some background.
Cheswick and Bellovin, coming out in June 1994 [2], was the first book on firewall-based Internet security [3], and filled what had become a desperate need. More and more enterprises were hooking networks with sensitive data onto the Internet, and information on how to do this securely had to be found in papers, proceedings, talks, classes and class notes.
"With the wholesale rush to Internet connectivity, its about time someone sat down and wrote a good book about how to do this exercise safely! And, sure enough, Cheswick and Bellovin have done just that." [4]
C&B's timeliness and authority instantly made it into something of an icon in the field. By now, C&B has quality competition, but it is still universally recognized as an authority.
Cliff Stoll: "I wish that Cheswick and Bellovin had written this 6 years ago. I could have nailed down my system and avoided chasing a spy around the world."
Datamation: "The most popular text on the subject."
ATM User: "Make this book required reading by anybody responsible for your LANs and internetworks."
SCO World: "Consider by many the definitive book on Internet security."
Linux Journal: "... has no rival ... Anyone in charge of installing or administering an Internet firewall would be insane not to get a copy."
Uniforum Monthly: "Anyone who has to administer a network of computers or is thinking of connecting to the Internet ought to read this book first. ... To miss the opportunity to benefit from their advice and experience borders on the foolhardy." [5]
Not only does the Intel-titled and court-recognized Internet security expert refuse to acknowledge the reliability or authority of the most highly regarded book in what is supposedly his field, he does not even recognize the cover. Even as fakery, this is pretty poor stuff.
Finally, for those who, like Rich Cower, do not know what familiar means, I will use the word in some sample contexts:
It is a familiar, if sad, fact of life for those who take the trouble to become competent in technical fields, that those who do not often have the advantage over them.
Those who simply tell others what they expect or want to hear, clearly have a ready ear; for what they say will have a familiar ring to it, which many mistake as a sign of truth. The conveniently ignorant may well consider it unnecessary to learn the truth and those who undertake that trouble fools.
Those who make themselves familiar with difficult technologies must face the further difficulty of explaining to others things they find strange, implausible or unpleasant.
Situations where the competent find themselves the prey of the willfully ignorant are all too familiar.
Note 1: Tr. 7-24-95, page 58, lines 7 to 17. The court reporter mangled the title and authors, though it is quite clear which book is intended. Here I have repaired the reference. The above URL contains the transcript unaltered.
Note 2: According to amazon.com. My copy is June 1994, but it's a second printing. However, it seems quite possible this book went into a second printing the month it was published.
Note 3: A review at www.anatomy.su.oz.au. This seems to be the same review that the Linux Journal printed.
Note 4: From Ray Kaplan's May 2, 1994 posting, based on his already dog-eared March 1994 review copy. It apparently went to RISKS and comp.security.announce among other places.
Note 5: The Stoll, Datamation, ATM User, SCO World, Linux Journal and Uniforum Monthly quotes are collected at the publisher's website. Those for whom this is not enough can ask any Internet security expert -- any real one, that is -- or can fire up their favorite search engine. More examples at random: a page entitled "Good Books (and other resources) on BSD/OS and Related Subjects" ("a must"); a description in Global Techology's "Links of interest"; and Kelly L. Fulks "Books I use sometimes".
Index
Previous
Next