Copyright 1996 CAUSE. From CAUSE/EFFECT Volume 19, Number 2, Summer 1996, pp. 52-53. Permission to copy or disseminate all or part of this material is granted provided that the copies are not made or distributed for commercial advantage, the CAUSE copyright and its date appear, and notice is given that copying is by permission of CAUSE, the association for managing and using information resources in higher education. To disseminate otherwise, or to republish, requires written permission. For further information, contact Julia Rudy at CAUSE, 4840 Pearl East Circle, Suite 302E, Boulder, CO 80301 USA; 303-939-0308; e-mail: [email protected]

Recommended Reading

Reviewed by Kathleen Kimball

Building Internet Firewalls is a "must-have" resource for anyone interested in network security. Whether your passion is policy or protocols, there's enough in this book to satisfy all tastes. Moreover, the writing style is clear and understandable, with the minimum amount of techno-talk necessary to explain the underlying concepts. Where technical terminology is used, it is explained in sufficient detail that a newcomer to the field can easily follow the discussion, yet this book won't bore the professional. The fluid style makes it a wonderful starting place for those who are only beginning to become familiar with the peculiar vernacular of the network security practitioner.

While it is possible to read the book cover to cover, its organizational structure makes it easy to jump between topics of current interest. Certainly all readers should, at some point, read the excellent foreword by Ed DeHart and Part I, "Network Security." They nicely set the stage by reviewing the risks associated with various Internet services, the types of individuals who compromise systems, and the basic types of security models available to deal with the rising trend in incidents.

If your institution's hottest security issue lies in formulating security policy and in determining how to respond to incidents, you can easily skip to Part III, "Keeping Your Site Secure," and save the technical meat in Part II, "Building Firewalls," for a later date. Or if you have already committed to a firewall strategy either globally or in some departments, Part II will give you more than enough information to discuss the advantages of a screened subnet versus a dual-homed host architecture with the best of them!

Athough I often find appendices to be on the decorative or "fluffy" side, in this book they are much more than an afterthought. Even jaded networking experts will find themselves returning to Appendix C for a brief, well-written description of how the TCP/IP protocols work, adapted from Craig Hunt's TCP/IP Network Administration (O'Reilly & Associates, 1992). It would be difficult to find a more compact resource for explaining the basics of TCP/IP. Newcomers will also find Appendices A and B, on "Resources" and "Tools" respectively, extremely valuable as pointers for follow-on study.

Building Internet Firewalls may not be the best book ever written on network security, but it would certainly rank among the top five. It has earned a place of honor on my bookshelf, right next to Cheswick and Bellovin's Firewalls and Internet Security (Addison-Wesley, 1994), and Practical Unix Security by Gene Spafford and Simson Garfinkel (O'Reilly & Associates, 1991). (A substantially revised version of the latter was recently published under the title Practical Unix and Internet Security, 2nd Edition). Building Internet Firewalls is well worth a trip to the library or bookstore and is recommended for all information technology professionals, regardless of their prior background in network security.

Reviewer Kathleen Kimball is University Computer, Network, and Information Security Officer for The Pennsylvania State University, where she is responsible for the development of University-wide security policies and procedures, the establishment of effective security training and awareness programs, and security incident response.

Pritchett Change Management
Handbooks Series
by Price Pritchett and Ron Pound
(Pritchett & Associates, 800-992-5922, $5.95 each)

Reviewed by Carole A. Barone

Even those who "get it" will find The Employee Handbook of New Work Habits for a Radically Changing World and the other Pritchett Change Management Handbooks useful. Our organization orders them by the case. Since they are a quick read, these handbooks serve as an easy, yet powerful, vehicle to keep us from reverting to the old, and still more comfortable, habits of behavior.

The Pritchett handbooks remind us how fragile the new ways of conceptualizing our environment really are. I always have one or two on my desk and I frequently turn to them when I feel the need to refresh my paradigms.

New Work Habits for a Radically Changing World offers "13 Ground Rules for Job Success in the Information Age." Each "chapter" is just two pages long and packed with punchy exhortations. For example, the chapter entitled "Speed Up" contains this advice:

So many of the changes you see going on these days are designed to help organizations pick up speed. These are not casual moves or random acts dreamed up by bored and heartless top executives. What you're witnessing are raw survival instincts at work. Organizations must accelerate, or they will die. ... Take no part whatsoever in resistance to change. If the organization decides to turn on a dime, follow it like a trailer. Corner quickly. Turn for turn. The organization can't wait for employees to go through some slow adjustment process. It can't afford to gear down while people decide whether or not they're going to get on board.

The chapter entitled "Stay in School" ends with a straightforward recommendation that speaks to the importance of such activities as CAUSE's newly expanded and expanding professional development program.

So just forget about "finishing" your education. Defend your career by developing a better package of knowledge and skills than the next person.

Although this and other handbooks in the series would be useful tools for anyone in an organization, some focus specifically on managers. High-Velocity Culture Change tells managers on page one that "... you'll have trouble creating a new culture if you insist on doing it in ways that are consistent with the old one." The authors Price Pritchett and Ron Pound advocate a blunt, hard-hitting, persistent, results-oriented approach to changing the culture of an organization. The title for their final chapter, for example, is "Go Flat Out."

In Culture Shift: The Employee Handbook for Changing Corporate Culture, Price Pritchett offers guidelines to "Stop doing what comes naturally... and do what works." In so doing, he attacks many of the shibboleths of our behavior in organizations and, indeed, our self-image and identity as members of organizations. For example, although it is natural to "rely more heavily on your strengths," Pritchett admonishes, "don't let strengths become weaknesses."

Each of the more than a dozen handbooks in the series has a slightly different format. Most are fewer than fifty pages and offer a dozen or so guidelines for achieving the personal or organizational change recommended in the title. The series confronts us with the brunt of the new reality of the information age. While the series does not let us shrink from the full implications of that new reality, it does offer guidelines that enable individuals to establish habits, identities, and goals that are in harmony with it, and it does it with humor and panache.

Reviewed by Carole A. Barone, Associate Vice Chancellor for Information Technology at the University of California Davis. She was the recipient of the 1995 CAUSE ELITE award and currently chairs the CAUSE Professional Development Committee.

Over the years, CAUSE members have contributed to a growing list of books that they have found worthwhile reading. Each issue of CAUSE/EFFECT magazine features several book reviews like the ones above. We hope you will share with us the titles of books that you would like to recommend to your colleagues.