![[LWN Logo]](/images/lwn.banner.gif)
Date: Fri, 19 Feb 1999 15:13:25 -0700 (MST) From: mea culpa <jericho@dimensional.com> To: InfoSec News <isn@repsec.com> Subject: [ISN] REVIEW: "Top Secret Intranet", Fredrick Thomas Martin Forwarded From: "Rob Slade" <rslade@sprint.ca> BKTPSCIN.RVW 990117 "Top Secret Intranet", Fredrick Thomas Martin, 1999, 0-13-080898-9, U$34.99/C$49.95 %A Fredrick Thomas Martin %C One Lake St., Upper Saddle River, NJ 07458 %D 1999 %G 0-13-080898-9 %I Prentice Hall %O U$34.99/C$49.95 800-576-3800, 416-293-3621 %P 380 p. %S Charles F. Goldfarb Series on Open Information Management %T "Top Secret Intranet" Does anyone else think it is ironic that this book is part of a series on *open* information management? No, I didn't think so. Part one is an introduction to Intelink, the intranet connecting the thirteen various agencies involved in the US intelligence community. Chapter one is a very superficial overview of some basics: who are the departments, packet networks, layered protocols, and so forth. The description of Intelink as a combination of groupware, data warehouse, and help desk, based on "commercial, off-the-shelf" (COTS) technology with Internet and Web protocols, in chapter two, should come as no big surprise. Part two looks at the implementation (well, a rather high level design, anyway) of Intelink. Chapter three reviews the various government standards used as reference materials for the system, which boil down to open (known) standards except for the secret stuff, for which we get acronyms. There is a quick look at electronic intruders, encryption, and security policy in chapter four. Various security practices used in the system are mentioned in chapter five, but even fairly innocuous details are lacking. For example, "strong authentication" is discussed in terms of certificates and smartcards, but a challenge/response system that does not send passwords over the net, such as Kerberos, is not, except in the (coded?) word "token." Almost all of chapter six, describing tools and functions, will be immediately familiar to regular Internet users. Chapter seven takes a return look at standards. The case studies in chapter eight all seem to lean very heavily on SGML (Standard Generalized Markup Language) for some reason. Part three is editorial in nature. Chapter nine stresses the importance of information. (Its centerpiece, a look at statements from some of the Disney Fellows from the Imagineering division is somewhat paradoxically loose with the facts.) The book closes with an analysis of intelligence service "agility," using technology as an answer to everything except interdepartmental rivalries. Probably the most interesting aspect of the book is the existence of Intelink at all, and the fact that it uses COTS components and open standard protocols. (Of course, since it was defence money that seeded the development of the Internet in the first place, one could see Intelink simply as a belated recognition of the usefulness of the product.) For those into the details of the US government's more secretive services there is some mildly interesting information in the book. For those charged with building secure intranets there is some good pep talk material, but little assistance. copyright Robert M. Slade, 1999 BKTPSCIN.RVW 990117 -o- Subscribe: mail majordomo@repsec.com with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]