Overview
What individuals, corporations, and governments need to know about information-related attacks and defenses!
Every day, we hear reports of hackers who have penetrated computer networks, vandalized Web pages, and accessed sensitive information. We hear how they have tampered with medical records, disrupted emergency 911 systems, and siphoned money from bank accounts. Could information terrorists, using nothing more than a personal computer, cause planes to crash, widespread power blackouts, or financial chaos? Such real and imaginary scenarios, and our defense against them, are the stuff of information warfare-operations that target or exploit information media to win some objective over an adversary.
Dorothy E. Denning, a pioneer in computer security, provides in this book a framework for understanding and dealing with information-based threats: computer break-ins, fraud, sabotage, espionage, piracy, identity theft, invasions of privacy, and electronic warfare. She describes these attacks with astonishing, real examples, as in her analysis of information warfare operations during the Gulf War. Then, offering sound advice for security practices and policies, she explains countermeasures that are both possible and necessary.
You will find in this book:
- A comprehensive and coherent treatment of offensive and defensive information warfare, identifying the key actors, targets, methods, technologies, outcomes, policies, and laws;
- A theory of information warfare that explains and integrates within a single framework operations involving diverse actors and media;
- An accurate picture of the threats, illuminated by actual incidents;
- A description of information warfare technologies and their limitations, particularly the limitations of defensive technologies.
Whatever your interest or role in the emerging field of information warfare, this book will give you the background you need to make informed judgments about potential threats and our defenses against them.
0201433036B04062001
Synopsis
This book is an introduction to information warfare. It is about operations that target or exploit information media in order to win some objective over an adversary. It covers a wide range of activity, including computer break-ins and sabotage, espionage and intelligence operations, telecommunications eavesdropping and fraud, perception management, and electronic warfare. The book is about teenagers who use the Internet as a giant playground for hacking, competitors who steal trade secrets, law enforcement agencies who use information warfare to fight crime and terrorism, and military officers who bring information warfare to the battleground. It is about information-based threats to nations, to business, and to individuals-and countermeasures to these threats. It spans several areas, including crime, terrorism, national security, individual rights, and information security.
The book is not a "how to," with regard to either launching an attack or defending against one. Nevertheless, because the book provides a reasonably comprehensive treatment of the methods and technologies of information warfare, it may be useful for making informed judgments about potential threats and defenses.
The book is intended for a broad audience, from the student and layperson interested in learning more about the domain and what can be done to protect information assets, to the policy maker who wishes to understand the nature of the threat and the technologies and issues, to the information security specialist who desires extensive knowledge about all types of attacks and countermeasures in order to protect organizational assets. It was also written for an international audience.Although the focus is on activity within the United States, activity outside the United States is included.
Comp.society.cu-digest - Rob Slade
Complete and solidly based...clear and thought-provoking...engaging and informative.
Editorials
Rob Slade
Complete and solidly based...clear and thought-provoking...engaging and informative.βComp.society.cu-digest
Booknews
Denning (computer science, Georgetown U.) covers threats such as fraud, sabotage, espionage, piracy, identity theft, and electronic warfare. She uses examples from actual attacks and thefts, including an analysis of information warfare operations during the Gulf War. For each type of threat she includes advice for countermeasures that she argues are both possible and necessary. Specific topics include IP spoofing, software trojans, viruses, cryptography, steganography, biometrics, and the limitations of defensive technologies. Annotation c. by Book News, Inc., Portland, Or.Jonathan Erickson
In all likelihood, Information Warfare and Security won't realize over time the "classic" status of Cryptography and Data Security (they're not the same kinds of books), but it is important as a comprehensive introductory survey of the challenges we face in the coming century.β Electronic Review of Computer Books
Jonathan Erickson
Information Warfare and Security
Dorothy Denning is one of the world's most respected computer-security experts. She's also the author of the now-classic Cryptography and Data Security (Addison-Wesley, 1982) and a professor of computer science at Georgetown University. But if Denning ever wants to chuck it all and opt for an honest living of, say, writing horror stories, her most recent book, Information Warfare and Security, has all the source material she will ever need. Before reading half the book, I was ready to cancel my e-mail accounts, jettison my modems, cancel my credit cards, move what little money I have from the bank to my mattress, and head out for the Flint Hills.
You see, part of what Denning has done in "Information Warfare and Security" is chronicle what seems to be just about every breach in computer security over the past few years. Page after page of hacks, cracks, phreaks, and psyopts by everyone from teenagers and thrill seekers to spies and nuts. Credit card numbers, passwords, bank accounts -- they're all fair game for anyone who is bright, persistent, online, and so inclined.
Not that it was Denning's intent simply to titillate us with one interesting or exciting story after another. Instead, her goal is to provide us with a comprehensive overview of what's become known as "information warfare." In defining this term, Denning relies on a definition supplied by Winn Schwartau in his book Information Warfare (Thunder's Mouth Press, 1996) whereby:
"Information warfare consists of those actions intended to protect, exploit, corrupt, deny, or destroy information or information resources in order to achieve a significant advantage, objective, or victory of a specific adversary or adversaries."
However, Denning doesn't stop there. She goes on to explain that she attempts to take the definition deeper, to
"... provide a theory of information warfare based on the value of information resources to an offense or defense... Information warfare is a 'win-lose' activity. It is about "warfare" in the most general sense of conflict, encompassing certain types of crime as well as military operations."
To that end, Denning opens Information Warfare and Security with a description of the role of information warfare in the Gulf War. The brief history she presents is both interesting and exciting and immediately pulls you into the book. This chapter kicks off "Part I: Introduction" of the book, which covers other topics such as the author's theory of information warfare, and issues such as motivation and types of computer crime. From there, Denning moves to "Part II: Offensive Information Warfare" which addresses topics such as open source (no, not source code, but the information about all of us that is open and easily accessible), psyops ("psychological operations"), traitors and moles, corporate espionage, dumpster diving, shoulder surfing, phone phreaking, packet sniffers, e-mail forgeries, and much more. Finally, in "Part III: Defensive Information Warfare," Denning surveys the tools and techniques that enable individuals and organizations to protect themselves from attacks: cryptography, RSA, biometrics, digital signatures, trash disposal, firewalls, and the like.
Although Denning does explain the basics of topics such as public-key encryption in Part III, "Information Warfare and Security" isn't a technical book. Instead, it is perhaps the best single overview of the real-world security issues that you'll find. And what makes the book particularly interesting is that Denning puts the various types computer cracking into the broader context of topics such as phone phreaking (hey, I always like to read about the exploits of Cap'n Crunch) and other forms of information warfare. In fact, it is hard to imagine how she was able to gather all of the incidents described and present them in a coherent manner that keeps you reading.
In all likelihood, Information Warfare and Security won't realize over time the "classic" status of Cryptography and Data Security (they're not the same kinds of books), but it is important as a comprehensive introductory survey of the challenges we face in the coming century.--Dr. Dobb's Electronic Review of Computer Books