Going Postal by Terry Pratchett is a good layman’s introduction to network security. It only covers a few points, although they are significant ones, some of which are not often discussed:
- Social engineering
- Authentication
- Redundancy
- Robustness
The book itself teaches about these from an unusual point of view, that of looking at things from the point of view of an attacker. It is written as though it is one large anecdote that makes all these points in the course of the telling. It’s useful for those who may not understand the details of networking so deeply, as it makes heavy use of metaphor to illustrate the points.
The network described is the primary means of long-distance communication for a group of people, and the attacker uses weaknesses of it to exploit it for his own ends. As these weaknesses, which are the ones listed above, are presented, you are shown the means and method of the attacks directly through the eyes of the attacker.
It is also worth noting that the author takes an interesting moralistic approach. Where most books from the attacker’s point of view don’t put things in bad guy/good guy terms, and most books from the point of view of network security staff do, this one reverses the normal roles. In Going Postal, the attacker is seen as the ‘good guy’, and the owners of the network are the ‘bad guys’. It also contains the interesting view that the network operators specifically aren’t seen to be bad, but merely doing the best they can under bad circumstances.
The main flaw is that, while the weaknesses described are brought to the readers attention, few specific solutions are presented. This may be something of an asset for the book however, as it will certainly prevent it from becoming out of date, as many standard technical books do.
It’d recommend this book to anyone who wants to get a general feel for network security, or likes a good long-running anecdote (one might almost say ‘story’).
[OK, serious bit now. I’ve not read much Terry Pratchett (to my own detriment), but all I have read were very fun. This book certainly doesn’t go against that in any way. Go read it!]
Heh — nice review ^_^
If you’re not already a Pratchett fan, I’d suggest starting with some of his earlier stuff — I must admit I gave up at about the third Watchmen-featuring book, with the feeling that he was just resting on his jokes and recycling his laurels. Abigail Nussbaum (whose opinion on such matters I respect) says more or less the same thing about his most recent efforts, but more eloquently and with more nuance — almost enough to convince me to give him another try. http://wrongquestions.blogspot.com/2006/01/not-with-bang-but-with-thud-or-whither.html
My personal earlier favourites: Small Gods, Reaper Man (might need one other to introduce the mythos first), Men At Arms.
I knew there was a reason I had to get hold of that book. 🙂
Though, out of all my tech pratchett reading folk, you are the only one to come up with that analogy… you still coding in your sleep?
Read the book and you’ll see it’s not really an analogy. The people who take over the lamp-signalling systems call themselves crackers, “because flashers was already taken”.