BKLNSCNW.RVW 940720 SAMS Publishing 11711 N. College Ave., Suite 140 Carmel, IN 46032-5634 317-573-2500 317-581-3535 800-428-5331 800-428-3804 hayden@hayden.com haydenbks@aol.com 76350.3014@compuserve.com "LAN Desktop Guide to Security, NetWare Edition", Sawicki, 1992, 0-672-30085-0, U$27.95/C$34.95 In some catalogues the subtitle gets dropped so be warned: this is about NetWare, and NetWare only. Given that, this is a generally competent and practical set of information and suggestions for securing a NetWare based LAN (up to the 3.x level). The table of contents gives a fairly standard range of topics. Chapters are devoted to accounts, workstation security, diskless workstations, physical security, viruses and trojans, server-based protection, the bindery, attributes, rights, security provided by applications, menus, time and date, and audit trails. Appendices cover backups, product vendors, security related commands and a sample security policy. Sawicki knows NetWare: there are numerous interesting and helpful inside tips strewn throughout the book. Sawicki may know NetWare too well: important information such as the determination of effective rights is passed over very quickly and is not likely to help sysadmins who have long been troubled by the complexity of the system. Sawicki does not know other systems as well: WordPerfect's encryption is mentioned, but not the ease with which it can be broken. The chapter on viral programs was, of course, of interest to me, the more so with the frequent mention of viruses throughout the text. Given the copyright date and the references to Michelangelo (including one thanking the author!) it is not hard to think of a possible trigger event that the author might have thought would boost sales. In any event, beyond a slavish devotion to McAfee products, the chapter is not bad. Odd, though, that Sawicki does not give much LAN specific protection ideas, such as an automated checking and reporting system using login scripts and email. Overall this book has much of practical value in terms of tips for the administrator. The advice on relative levels of risk is fairly sound, although Sawicki tends to go overboard in the direction of securing everything in sight. If you want to increase the security of your system, this can be very helpful. Don't rely on it, though, to tell you how much you are really at risk. copyright Robert M. Slade, 1994 BKLNSCNW.RVW 940720 ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" (Oct. '94) Springer-Verlag