Not so long ago, the thought of running a corporate PBX on a client/server network was unthinkable, almost ludicrous. Now many companies have a VoIP (Voice Over IP) PBX via their Cisco routers. Some organizations have separate VON (Voice Over Network) systems. While the benefits of convergence are many, their security implications are often ignored or, when they are considered, are addressed too far along into the development process.

That convergence is the focus of Voice and Data Security. About a third of the book addresses the fundamentals of voice and data security, covering topics such as cryptography, sniffing, and spoofing. The rest of the book deals with securing digital and voice assets.

As an example, PBX and mail fraud are huge problems facing corporate America. Yet while most companies are aware of the situation, many organizations don't do all they can to secure their voice systems. This book contains an excellent policy and audit checklist on how to set up a corporate PBX policy. Items such as protection management, standards and procedures, technical safeguards, and incident response are discussed in the checklist, which alone is worth the cost of the book.

A single unauthorized modem in a corporate network will undermine firewalls, cryptography, and all other protection mechanisms. Thus, the authors cover how war dialers and telephone line scanners can be used to ensure that the back doors that unauthorized corporate modems create are closed.

Voice and Data Security is valuable to those needing a good introduction to the core ideas and security repercussions involved with the convergence of voice and data systems. It speaks volumes.

I am a senior engineer for network security operations. I read "Voice and Data Security" (VaDS) to learn more about vulnerabilities in the voice world. A search for "voice security" here yields four results, of which VaDS is the only in-print title. Although I would have preferred VaDS to focus solely on voice security issues, I still recommend it as the only modern published reference for this critical topic.

When reading VaDS, it's important to remember that all of the authors have some sort of relationship with San Antonio-based voice security company SecureLogix. That's ok, as Foundstone is the powerhouse behind the successful "Hacking Exposed" book series. Some parts of the book read like commercials for SecureLogix products like TeleSweep and TeleWall, but the authors largely focus on non-proprietary solutions to voice security.

VaDS is strongest when it speaks solely to voice security issues, and, to a lesser degree, network infrastructure. I learned quite a bit about tapping phones (ch. 11), voice mail abuse (ch. 14), and voice-data convergence (ch. 5). Chapters on broadband infrastructure and exploitation were helpful. Even though the final chapter seemed out of place, its intriguing coverage of cyber law kept my attention.

Less helpful were the chapters covering general security issues, such as cryptography (ch. 18), malware (ch. 19), sniffing (ch. 20), scanning (ch. 21), passwords (ch. 22), firewalls (ch. 23), IDS (ch. 24), and denial of service (ch. 26). This material is so well-covered elsewhere that its appearance did little to help VaDS distinguish itself. Chapter 27 was an exception, with its succinct discussions of popular Microsoft IIS web server vulnerabilities.

Aside from including well-worn material, VaDS suffered slightly from a few technical mistakes. Explanations of buffer overflows in chapter 4 needlessly associated them with TCP-based sessions. UDP-based buffer overflows are exploited regularly. The author of this chapter also seems to believe that buffer overflows are a problem because they overwrite "user ID and privilege information" on the stack. That's rarely the case; subverting return pointers is the problem. Chapters 8 and 15, describing voice protocols like H.323, were difficult to understand, and ch. 18 (p. 283) makes an unsubstantiated claim that "a well-known Mid-East terrorist was discovered to be using steganography." Typos on pp. 155-156 appeared, and port 443 was replaced by 444 on p. 69.

Overall, VaDS marks a welcome contribution to the information security community. I plan to include it in my tier two security analyst reading list, with recommendations to concentrate on its voice-related content. Hopefully the second edition will strip out the unnecessary network security coverage found elsewhere, and include more excellent explanations of voice security issues.

(Disclaimer: I received a free review copy from the publisher.)

As a Christian teacher who has utilized this book in a high school Bible class, I would emphasize the book's own category of reader: young adult. Someone in an earlier review suggested giving this to a high school or college student. My suggestion is, maybe not. It is more suited to a junior high audience. Out of perhaps 150 of my junior and senior high school students who read this book as a requirment for an apologetics Bible class (semester long), I would say about half would have given it 4 or 5 stars. A number of the students were honestly insulted by the way the authors tried to be "hip" in their use of slang. Unfortunately, the teens just don't talk like this anymore. (Maybe, like, 10 years ago the language was "cool.") Based on this, I changed my policy and no longer have it as required reading, but I still offer it as a choice, and some actually gravitate to an apologetics book that is such easy reading.

So, while this book may not be for everyone, I still give it four stars (even though I haven't read it cover to cover myself) because the information is very pertinent to those who are just now exploring their faith. As I tell my students, there is coming a time when it will no longer be OK to borrow their parents' faith. In fact, it is time to own their own faith. A book like this introduces some different philosophies that they will be inundated with in the not-so-distant future. Mature junior highers should be given this book before they attempt to share their faith with the cultist at the door.

I have read this book and studied a lot of Mormonism. I can't tell you about the rest of the cults they talked about in this book, but I can tell you that the information given about the Mormons is extremely accurate. The explanation of a cult is very good and the way they talk about cults is so true. You know that if you've ever talked to a door-to-door missionary that this book is very accurate and they have done a wonderful job at explaining who and what the cults are and believe.

I am a high school student. I have been reading many books on cults in the past years of my life to learn, who, what, and where they are. This book is very accurate on what it says. I enjoy reading it andit speaks the truth. Some of the passages can be taken out of context and changed in this book to sound as if it is bad, but you must read all of it to understand. This book is taken out of context just like the Bible is by cults. Anybody, child, teen, adult, who is interested in learning about different cults should know this is a good place to start. It explains cults in good terms. I would also suggest reading, "So What's the Difference?" It is a book that talks about all religions and which ones are cults. This book is good. It has some very good references to Bible passages.

This text is poorly put together and laden with typoes. White tries too hard to be witty, as are most of the other writers of the series, and loses focus in the meantime. White completely omits the first act of Twilight of the Gods as well in his overview. Only the experienced Wagner fan can go back and use this as a nice reference piece.

There are three unavoidable truths about Wagner: that he was one of the most repellent men who ever lived; that he was one of the greatest geniuses that ever lived; and that people either love him or hate him.

Michael White's highly entertaining introduction to this horrifying figure concentrates mostly on the first 'fact' - it is, after all, easier to list someone's biographical failures than explain why the closing symphony of the Gotterdammerung sounds both like the terrible end of the world and the unaccountable essence of sublimity (I'm afraid he gets you talking this way).

And so, amusingly, we are told about Wagner's cruelties, caprices, infidelities, and, of course, his anti-Semitism; and given an interesting guide to some of the more sensible influences (eg Schopenhauer, Proudhon) on Wagner's loony philosophies, and a sound cultural and political background.

This proper emphasis on the man rather neglects the artist, and while White quite rightly argues the impossibility of separating both, you don't get much sense of the sheer magnitude of Wagner's achievement (using the odd big word isn't enough), or what it means for us, the listener, to be entranced by the works of such an ogre.

That said, the sheer readability and cheek of this book, as with all others in this series, is great fun, even if it doesn't achieve its aim (to make you master of the subject) as the book on Post-Modernism did.

The chief joy of this series, however, is the illustration, and Kevin Scott keeps up the remarkably high standard, fusing dada, colage, pop art, with some astonishing pastiche and cartoon work, which means every page, even if you are dissatisfied with its contents, is a pleasure to read.

This book was a complete let down for me. A very shallow and thin book with not a lot of useful information in it. It is simply too watered down and should be renamed "beginers basics for learning to sail your folding trimaran" rather than trying to pretend it tackles the much deeper subjects of cruising. For someone looking to learn the basics I would suggest a better combination of reading Royce's Sailing Illustrated, and then take a look at The Cruising Multihull by Chris White. You will get a lot more useful information both on the beginner and advanced end from that combination than this very weak book gives.

This book is intended for people who know very little about sailing, and even less about multihulls.

If you have sailing and multihull experience this book is not for you.

At last an intelligible multihull book that you can read & understand almost instantly . Full of practical knowledge and clearly written - you don't need to be a 5-10 yrs skipper or have a PhD in astrophysics to understand this lucid book. There are plenty of clear diagrams, safety aspects are well covered but the authors remain enthusiastic and balanced re multi vs monohull. Thouroughly recommended as an introductory text and for existing catamaran owners!

It's a breezy read, which is pretty amazing, given the number of obscure details that Shimomura feels compelled to share, such as his lunch menu. Still, when you team up an experienced author with a brilliant subject matter expert, it shouldn't be a surprise that the result is something which demands attention.

The definitive story of Kevin Mitnick has still not been told--this is an interesting story, but it is hardly conclusive. Furthermore, given the author's attitude--he's got an ego a mile wide--it's difficult to accept everything in this book at face value. Certainly, Shimomura and Markoff had every incentive during their journey to work towards creating an exciting story. A critical reader must consider the possibility that they manipulated events in order to increase sales of their expected book. It is certainly possible that this did not happen, but how can you know?

A greater understanding of what Mitnick represents is important in developing an ability to think in useful information security ways. He's become such a cultural icon--a criminal genious in the eyes of one side, and a victimized innocent on the other. Neither of these simplistic views is accurate. I believe that Mitnick probably is a genius, but not in technical terms. He's truly one America's great con-men, and his story teaches us a great deal about how gullible normal people can be, and how easy it is for a smooth-talker with selfish motivations to manipulate normal people. There are a lot of lessons to be learned from a study of Mitnick, although the writers of this text provide minimal assistance in helping the reader draw useful conclusions about the story. They are much more concerned with showing how incredibly clever Shimomura is, purportedly tracking Mitnick from ISP to ISP across the Internet, and eventually right to his doorstep with a junior G-man RDF unit.

A Mitnick story that I believe is much more balanced is Jonathan Littman's book, "The Fugitive Game : Online With Kevin Mitnick," which is unfortunately out of print. While Littman's personal relationship with Mitnick--Mitnick apparently just likes him--also should be a datapoint in your evaluation of what actually happened, I think he takes care to make any potential bias clear, and to avoid it.

Littman raises some interesting questions about Shimomura. I summarize my feelings about the purported Mitnick attack on Shimomura like this: 1) Shimomura makes it widely known that he has software on his Internet server that is of interest to hackers. 2) He leaves an incredibly obvious security hole open on his Unix server that any Unix newbie would have known to plug. 3) He sends the syslog (system logging) data to another host, which just so happens to be REALLY TIGHT. If he's capable of capturing syslog records in such a secure and non-compromisable way, why did he leave r-services running on the server with the source code? We will probably never know if he actually created a honeypot with the intention of entrapping Mitnick and writing a book about it, but what he did was fully consistent with such a plan. Fascinating, huh? I guess you'll need to read the book to make up your own mind, but if that is what really happened, how do you feel about subsidizing it through reading the book?

We'll also never know if Mitnick was really the one who hacked into Shimomura's Sun box using a technique that was previously considered theoretical. Somebody did, and Mitnick certainly was aware of it, but I personally don't believe that Mitnick is technically capable of writing such hack code himself, and I'm not sure that he was the one to perform the exploit. The best description I know of this exploit is found in Stephen Northcutt's book, "Network Intrusion Detection."

So it is an important story that can help you develop a better understanding of Internet security, and both security experts and non-specialists could benefit from having a realistic view of the significance of Mitnick. For the time being, this is the most detailed book available, and as an autobiographical account of one the participants in Mitnick's takedown, the book will always have a certain historical significance. But be an especially critical reader with this one. Think through the motivations of the authors, and consider the possibility that Mitnick is a genius at social engineering, but only an average technician. If that's the case, then what really did happen? Read Shimomura's account, and make up your own mind.

I really enjoyed this book, and found it very quick and easy to read. The only thing that kept me from giving it a "10" was the never-ending deluge of trivia about Tsutomu Shimomura's life, and his disdain for everyone he meets.

I liked having the technical details included. Far too many books about computer crime include every gory detail of dumpster-diving and skim lightly over what happens on the computer. After all, people reading these books are likely to be computer people!

As an author myself, I understand the need to promote yourself. I don't understand the need to pepper the book with the minutia of your day-to-day life, and I'm sure my readers couldn't care less what I eat. I certainly hope that in the future, Shimomura learns to keep his self-promotion on the dust jacket, and to control his obvious contempt for everyone he works with.

All in all, I'd recommend this book. It has much better technical information than Jonathan Littman's book about Kevin Mitnick and provides a much different slant on Mitnick. If you're really curious, read both.

Shimomura was a teen physics prodigy in Physics and Computers and has now ended up as one of the world's leading experts on computer security.

He's also a ski-bum so he's not all that bad :-)

This book details the story of what happened when the "world's most wanted hacker", Kevin Mitnick, payed an uninvited visit to Shimomura's computer and then taunted him about afterwards. He lived to regret it.

Shimomura is a curious mix of characteristics. The arrogance and show-off nature of his character are offset by his very real achievements, some natural goofy charm (especially the relentless California slang) and in the end this reader was left with admiration for his skills, jealousy of his career and a certain sense of relief that I never got into computer-cracking in the first place.

Unix fans will delight in the Unearthed Arcana displayed by Shimomura and I suspect one or two victims of computer crime may have scribbled down the odd technical note when reading his descriptions of the cyber-forensic investigation he performed on his violated computer.

There is even a certain amount of philosophy which adds depth but is not too pretentious. Shimomura names his computers but makes it clear that that is simply pragmatic, they are not his friends and he prefers people to computers. He also thinks people should not share a room with the moving parts (disk drives, fans etc) and so banishes the boxes to the cupboard and allows only the keyboard and monitor into his presence. As I sit in the white noise hell of my office I sometimes wish my elders and betters felt this way.

The story has some amusing twists and turns but is not as satisfying a story as The Cuckoo's Egg. On the other hand it is bang up-to-date and the book is accompanied by it's own web site.

I enjoyed the book and it's recommended reading for anyone interested in computer crime.

Overall, it is easy book to read but you could really tell that each chapter was written by a different person. Some chapters are good but others are really poor. The end of the chapter tests were way too easy compared to the actual test. It has an incredible number of mistakes and typos especially in the calculation of subnet masking. I went round in circles and wasted so much time trying to figure out why I could never get a question correct. I think this book has a second edition that I hope is better. Avoid this book and you will be a much happier person.

OK! I know there are a lot of mistakes...especially for the beginner like me...I am really confused by this book because of its unnecessary mistakes...but, I really like the chapter 2...it's very easy to understand the ARP...IP or ICMP..However, I got confused on the chapter 5 with the wrong route table...Man, I hope it would be better when it come to the second edition!

I am using this book to upgrade my TCP/IP 3.5 to TCP/IP 4.0. I am already a CNE, NCIP, and MCSE. I'm working towards my MCSE+I. This book is a first print (or close to) of a TECHNICAL book. It will have errors! On New Riders' web site, they have a page with corrections which you can print out. I used these corrections as I went through the book. The CONTENT of this book is great and on target. I give four stars because I know from my past education, experience and my knowledge of what is expected on the exam that is book is key! Minus one star for the errors which DON'T affect the content due to the corrections page, but hopefully will be gone in the next print. MCP Magazine also did ratings on the best TCP/IP study book and THIS BOOK WON!

Ugh. What a turkey. There's nothing worth having here: The rotes are uninteresting and uninspiring, the information on Mage-ly Seattle is silly and unbalanced and that leaves the information on the "signature characters" used in the examples in the rule books. Surely there's a better way to spend your money.

White has picked an interesting subject (twentieth-century American sexuality) but his insights and comments are deeply troubling. White clearly has an agenda and while all good historians have an agenda, White's views are especially worrisome as he often ignores and manipulates evidence to reflect his own views.

Of particular concern is White's over-arching view of Victorianism. In an early chapter, White claims that "Victorianism worked. Rates of divorce and illegitimacy remained low." An interesting comment but one which is not at all supported by any evidence which White provides. Low rates of divorce and illegitimacy are not evidence of happiness and/or lack of sexual license. My understanding---drawn from British material---is that abortions were frighteningly common during the late nineteenth century and that varying forms of birth control were becoming more widely available (rates of illegitimacy are thus a dicey monitor to use to assess whether Victorians lived by their own sexual standards). Also, as any historian can tell you---divorce was uncommon simply b/c it was extraordinarily difficult to obtain. The absence of divorce in a society (esp. one where death rates sharply curtailed the length of marriages anyway) should not be read as evidence of high social/sexual standards and/or contentment with these standards.

My greatest complaint, however, is White's clear difficulty with the idea that women can assume positions other than passivity as far as sex is concerned. White is dismissive of the concept of date rape and he quotes Robert BORK to support the idea that concern abt date rape has been overdrawn (oddly enough just because a woman agrees to be kissed or fondled does NOT mean she is willing to have sex---and the same is true of men-it is not extraordinary for young women and young men to want to give their consent to sexual acts).

White also seems dismissive of the idea that greater sexual freedom brought any type of happiness or pleasure to men or women. He cites comments from bohemians who decided that they preferred non-intellectual women but ignores the great intellectual bohemian relationships of the period completely.

What kind of an historian ignores evidence? Not a very good one, I'm afraid. Give this book a miss.