Category Archives: Books

Book reviews, comments and recommended reading

Enterprise Security – A Data Centric Approach – Chapters 7 & 8

28 Tuesday Jan 2014

Posted by in Book Reviews, Books, General, Packt

2 Comments

Tags

, , , , , , , , ,

Chapters 7 and 8 of the book in many respects are the polar opposites in their nature, with Chapter 7 looking at Wireless networks in the Enterprise and technicalities of different encryption frameworks, authentication and authorization.  Then at the other end is chapter 8 facing into the difficulties of social engineering – the approach of using people’s own nature to divulge sensitive information.  Probably one of the most famous people for this sort of thing is Kevin Mitnick and to acts of social engineering are will illustrated in the influential book  Bruce Stirling’s Hacker Crackdown.

Although Chapter 7 is addressing an area many would view as the dark art of wireless network setup; it is well explained and actually worth reading by anyone who would like to better understand their own home wireless network as lot of the information (not all) is relevant even in that context. For example the benefit of supressing the visibility of the Network ID (SSID) doesn’t make the network invisible – it simply makes it harder to spot as any device such as smart phone will call out yo the network to see if it is present and this information can be picked up just as easily if you know what you’re doing.

Drilling into the social engineering aspect, the book looks at the more obvious and perhaps brute force models such as spam to increasingly subtle takes such using social media communications through the likes of linkedin to send emails loaded with malware and see the end user open them. For example pretending to be an agent with a job offer who has found you via LinkedIn. But beyond that, the amount of information being made available via social sites as it can be a means to establish a organisations’ IT fingerprint and therefore suggest the best routes to attacking IT.  The chapter addresses training, and the pros and cons of different approaches, plus mitigation strategies for the different attack strategies.

Previous blog entries:

There is also a supporting website for the book athttp://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Enterprise Security – A Data Centric Approach – Chapters 5 & 6

17 Friday Jan 2014

Posted by in Book Reviews, Books, General, Packt, Technology

3 Comments

Tags

, ,

Continuing with Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody Chapter 5 gest into some of the security processes and technologies to securing you compute platforms covering topics such as:

  • anti-virus (or not),
  • network lock down through the use of local firewalls built into the OS (so people can’t then just access the server by any means they desire SSH, RDP, telnet etc)
  • user permissions
  • auditing (so you can see what is happening/happened and by whom)
  • detection of file change in parts of the system that shouldn’t change except through specific mechanisms e.g. OS files should only change when patching the OS

But more importantly the chapter links these kinds of activities to the analysis of risk and previously developed trust models. So that you can understand how much security is suitable and justifiable.  The ideas along with the pros and cons of each activity are well explained and clearly presented.

Chapter 6 takes us back to central theme of the book – data.  With our policies and models identified we need to locate the data – this is harder than it may sound, not everything is in a database (the amount of business operation that runs on spreadsheets on people’s desktops, is endlessly amazing and then compounded by how we make the data collaborative – emailing, moving with personal USB storage, cloud services and on and on). To help find, track and potentially constrain it  (prevent undue leakage) the book walks through the ideas of classification and ownership/accountability and then really starts to tie together the earlier chapters, as well as introduce some additional technology concepts such as the encryption of data when in transit and at rest. Like chapter 5, you don’t need a PhD to understand where to apply security and why – the doing maybe a different kettle of fish of course.

Previous blog entries:

There is also a supporting website for the book athttp://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Vinyl Junkies – Adventures In Record Collecting A Review

09 Thursday Jan 2014

Posted by in Book Reviews, Books, Music

1 Comment

Tags

, , , , , , , , ,

So I’ve been luxuriating in reading some books more for the pleasure of it (rather than technical stuff to help authors or the day job).  This book is about, record collectors, the act of record collecting and the general love for music both mainstream, obscure and just down right freaky. For the music fan this is Mills & Boon reading.  For those related or taken on the challenge of a partner who is a record collector an insight into the mind of your loved one.

The books tries to explain the passion of collecting from many different perspectives, through the eyes of collectors (some famous – like Peter Buck (of REM fame), Robert Crumb (cartoonist) and Thurston Moore (Sonic Youth), others not so famous but equally obsessed. From a psychologist point of view – clinical (relationship to low sertraline) to psychotherapy.  As a result we get discussions about the sensuality of vinyl and wonderful quotes like “CDs are like sex with a condom”.

We explore the kinds of collecting that go on – from types of records – old pre-war 78s, 1st issues of records, special prints like shaped coloured vinyl, those quickly taken out of circulation through to records that just seem to be rare and then the plain odd like albums commissioned by Listerine (the mouthwash) advocating the product’s wonders to people thinking they’re going to make it big putting out just tuneless oddities, to the child like contributions like Sammy Squirrel Teaches the Multiplication Tables (Which apparently has a publisher’s address on the cover of The Metaphysical Motivational institute, Drawer 400, Ruidoso, NM) and psychotic wonders such  as “Sit on My Face, Stevie Nicks” by the Rotters and Naughty Rock ‘n’ Roll by the P-Verts or maybe various artists on the Sugar Tits Label.

As the book progresses we get a chance to be taken on an exploration of the validity of the portrayal of collector/obsessive music fan portrayed in Nick Hornby’s book High Fidelity by the character Rob Gordon (portrayed by John Cusack in Stephen Frears‘ cinematic adaptation);  music collectors are geeky single men that can’t sustain a relationship etc.

The book is however 10 years old – and sadly doesn’t reflect how the rise in Mp3s has impacted.  As everything get ripped and becomes for ever available (legally or illegally) on the web, what is happening to the passion of the hunt for the mysterious, weird and rare?  Who knows, but its fun hearing the stories.

Vinyl Junkies

Enterprise Security – A Data Centric Approach – Chapter 4

01 Wednesday Jan 2014

Posted by in Books, General, Technology

3 Comments

Tags

, , , , , , ,

Continuing into a chapter 4 of
Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody we start to look at some technical aspects of security and technology covering things like the capabilities of new generation of firewalls, DNS security and so on. The information is presented in a very readable manner.

As an Enterprise Technology Architect, and having security specialist friends I thought I was reasonably well informed in this aspect of IT, but the book still taught me me things. Interestingly, perhaps not intended but the chapter left me with a number of things that could be incorporated into development governance that would make the work of network security a lot easier.

The chapter continues with lots of really helpful references many, maybe all are incorporated into a series of appendices that are full of helpful information references and links. If these are made available on the book’s website (see below) it would likely become a must go to site for security resources.

It does leave me asking one question how does this all fit in when using a PaaS solution such as those offered by the likes of Amazon and Rackspace?

Previous blog entries:

The book has been published by Packt (who at the time of writing are running a promotion – more here)

There is also a supporting website for the book at http://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Enterprise Security – A Data Centric Approach — Chapter 3

29 Sunday Dec 2013

Posted by in Books, General, Technology

5 Comments

Tags

, , , , ,

So I’m back to reading Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody. I’ve not finished reading the book yet but as I’m reviewing one or two chapters at a time, I thought I’d blog about Chapter 3 – particularly given its value (previous blog entry here and here).

Chapter 3 goes by the name of Security As A Process, which addresses the processes to determining security risk, the analysis of cost benefit of implementing security features to address those risks. The chapter then goes on to provide guidance on defining good policies and standards.

In hindsight the process for determining and analyzing the security risks and classifying them is fairly obvious – it took the reading to to draw the points and the mechanisms into focus. But the fact it makes sense in hindsight suggests that the approach the workability and the chance for the business to understand the risks and challenges being taken on.

The chapter also provides some really good information sources for people to use to support the adotion of the processes described. Some I’ve known about such as the SANS Institute others I hadn’t.

I have to say that based on the strength of this chapter alone I’d recommend the book to any architect who is seeking to develop practical appreciation of addressing security considerations or understand what they should be looking for what to ask for in a new organisation. Those trying to drive up the quality of processes or get across the need for a more proactive security strategy that is also pragmatic – reading this chapter alone should help provide some serious points to get a handle on things.

The book has been published by Packt (who at the time of writing are running a promotion – more here)

There is also a supporting website for the book at http://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Appetite for Self-Destruction: The Spectacular Crash of the Record Industry in the Digital Age

29 Sunday Dec 2013

Posted by in Book Reviews, Books, General, Music

Leave a comment

Tags

, , , , ,

With the holiday break, I’ve had a bit of time to get through some reading, including finishing Appetite for Self-Destruction: The Spectacular Crash of the Record Industry in the Digital Age. This an excellent book on how the music industry has managed to shoot itself in the feet a number of times (and with a canon at that); although it does only cover events upto 2008 (as we enter 2014 it would be brilliant to see an additional chapter to get insight into how the resurgence of vinyl and the rise of Spotify has impacted thinking – beyond the deadlines of complaints by the likes of Thom Yorke about Spotify).

Thw book feels well researched (certainly references hold testimony to this), but at the same time it doesn’t read like a dry academic read that you would associate with such a well researched text. But given the attitudes and behaviours of some of the individuals in the big labels their egos run riot far more than most of the ‘rock gods’ that they’re trying to sell.

Steve Knopper has done a great job with the book and I’d recommend it to anyone interested in music or how technology such as peer-to-peer has impacted the media industry. You dont need to be a music fiend or geek to find this a satisfying read.

Steve’s website is http://knopps.com/
 

Packt Books $5 Promotion

19 Thursday Dec 2013

Posted by in Books

2 Comments

Tags

, , , , , , , ,

$5 ebook Bonanza1 template 1

My friends at Packt Publishing have just told me they are repeating last year’s amazing offer of ebooks at a flat price of $5 (for us Brits that’s £3.05) go here.  The Offer runs from sometime today (19th Dec) through to the 3rd of January.

The offer covers both their Open Source books, but also their Enterprise books as well (lots of Oracle and Microsoft publications).

Given the pricing you can’t go wrong.  I know last year I ended up with about 6 months of technical reading.

Checkout :  http://bit.ly/1jdCr2W

SOA Pattern Books

25 Monday Nov 2013

Posted by in Books, General, Technology

Leave a comment

Tags

Just as I wrap up the tech reviewing of one book, Packt invite me to start another. This time a book has the working title of SOA Patterns on the Oracle Platform (no link yet – too early). This is certainly going to be a substantial book with about 12 chapters running to about 50 pages per chapter (certainly for the first 4 chapters). Unlike a lot of the more functional Oracle books I’ve seen from Oracle this is low on graphics and screen shots and high on textual content.

So far the book has given me cause to stop and think hard about the points the author is trying to make and then demonstrate. In some respects like the definitive texts by Thomas Erl, however where Erl is solution agnostic, this book is trying to bring the patterns to life through placing them into a scenario and describing the challenges and implementation approaches in terms of the Oracle platform, particularly BPEL, Mediators, rules engines and SCA (i.e. Oracle SOA Suite).  I have laughed, as I found the book referencing back to Apache Camel.

All of this does mean that the review process is more time consuming than I had anticipated, if the review feedback is taken then I think it will have been a very worthwhile experience.  Watch this space, and I’ll blog on this one once we see the final copy, if not before.

Books, Books & More Books

15 Tuesday Oct 2013

Posted by in Books, Technology

1 Comment

Tags

, , , , , , , , , ,

The blog posts have been a bit slow of late as I’ve been deep into reviewing books for Packt Publishing.  But thought I’d share the fact that Packt are running a big promotion at the moment, offering 50% off all their books if you use the discount code COL50 as part of the celebration of Columbus Day.  The offer currently runs until the Thursday 17th October.

As for books, well I’ve just finished reviewing the Apache Camel Developer’s Cookbook by Jakub Korab and Scott Cranton (Amazon have it currently listed as Camel Enterprise Cookbook.

The version of the book I’ve reviewed was very, very good. I have to admit I went into reviewing this book with high expectations given the fact I’ve worked with Jakub and know the calibre of his output whilst he was consulting for FuseSource (now part of RedHat JBoss) and I’ve not been disappointed.

You can read the book as either a guide to Apache Camel as each recipe builds upon the preceding recipe; or as a dive in as you need a solution to a problem as each recipe pretty much stands up in its own right (cross referencing other supporting recipes or key preceding recipes).  The book explains not only how to do something – from simple routing & filtering through to XA transactions with one of the leading orchestration technology frameworks.

From Jakub & Scott’s fine technical guide, I’ve started to look at a book on Applied SOA Patterns on the Oracle Platform part of Packt’s Enterprise series of books.  I cant say too much on this book yet – it is going to be a fairly chunky book at around 500 pages.  Will post more once we’ve got well into the book I’m sure.

Book Review – MySQL Workbench: Data modelling & Development by Michael McLaughlin

02 Friday Aug 2013

Posted by in Book Reviews, Books, General, Technology

Leave a comment

Tags

, , , ,

MySQL Workbench Data Modeling and Development

MySQL Workbench Data Modeling and Development

Having reviewed several books recently, and currently working on another book – I was offered the chance to look at MySQL Workbench: Data Modelling & Development by Michael McLaughlin which I took up as I was interested to know more about the Workbench tool (despite having worked with MySQL on and off for about 10 years, I’ve only really used command line and SQL editors or Eclipse plugins when working with MySQL).

From a pure readability perspective, this is undoubtedly technically well written. My difficulty with the book comes from the style, and presumed level of intelligence of the reader.  The difficulty comes from several perspectives’ firstly the author can feel a little condescending, to illustrate my point on page 180 the book says ‘Select Schemata step (that’s a fancier word for the fancy word schema) ‘.  Do you really need such a statement? Further the book spends the best part of the first 100 pages on walking through UI based installers for Windows 7, Linux (Debian and Fedora), and Mac OS X.  Although the look and feel of these installers will differ slightly, aside from some of the environmental considerations (configuring your hosts file for example) the installation process is consistent enough (and obvious enough given it is UI wizards) to only need to explain the end to end process for one platform, and then just address the differences for the other platforms, not repeat the entire process.  The only blessing in these first couple of chapters the author has thought to highlight a few common install issues and their resolutions (addressing my classic complaint people only think about the happy path). During the installation, the book makes reference to the use of DNS, but I don’t believe the use of DNS in a production environment is particularly well explained.

Having waded through to chapter 3 we can get started with the modelling aspect of the workbench. The chapter sets out first to explain some modelling concepts – starting with Object Orientation (OO) but doesn’t do a great job of it, starting out making reference to a number principles but then talking about the ‘principle of the one’, given my experience I did understand what the author was trying to express but, for someone experienced it could have been more simply expressed.  after OO, Normalisation is explained, and what defines the different levels of normalisation, but not the mechanics that can be followed to go from the levels of normalisation (something I was taught over 20 years ago).  Given that book talks about modelling,  I had expected the book to at-least touched upon other modelling approaches used for delivering the needs of data warehousing (star schemas etc), but his didn’t even obtain an aside.  Having spent nearly 100 image heavy pages on installation, all of these concepts are introduced in a single very text heavy chapter, which feels like we’ve swung too far the other way.

As the book goes on into development aspects it errs away from addressing SQL at all, and focuses entirely on designing with INNODB table behaviours.  Admittedly INNODB is the common engine (and the default assumed behaviour when thinking about database tables) but isn’t the only table type.  All of which is a shame as if you want to get the most out of MySQL the other table types have their value and benefits.

So, what value does the book bring.  Well for a student learning about databases for the 1st time (hard visualize when you think how pervasive the technology is today – even smart phones carry DBs now) this book along with a good guide on SQL and you’d be well on your way to getting some practical experience with MySQL.  to be honest the book would have setup far better expectations if it had been called MySQL Workbench for Dummies.  For the seasoned engineer who has worked with MySQL, understands database design then you might want to think twice about getting this book; that said I did pickup a few useful titbits – but getting them was hardwork.

Useful Links for the book: