# 94-19

Contents


        Book Beat -- MAC Protection
        LAVA -- Latest Eruption Notice
        Yet Another Just Say No to Clipper Article
        RSA Data Security Conference


1.  Bruce Schneier has written a book "Protect Your Macintosh" which
addresses disaster planning, encryption, network security, physical
security, and virus protection.  The work is available from Peachpit Press,
800-283-9444, for $23.95.  I received a copy, and have made a cursory review
of the chapter summaries.  The author does good work on access control,   
cryptography, and virus protection.  Chapters on personnel security, software
integrity, TEMPEST, disaster planning and document security are thin, and
in my mind could have been eliminated.  On page 301 is an offer to purchase
a "Macintosh source code disk set" for an additional $35.00 directly from
the author.  The partial listing of programs suggests that the author has
collected a range of freeware programs for access control, logging, file
erasure, encryption, etc.

2.  Suzanne Smith, the principal developer of the Los Alamos Vulnerability
Assessment (LAVA), has sent out an updated status report on the risk 
assessment tool.  LAVA has evolved over the years to include applications
for operations security (LAVA/OPSEC) and for local area networks (LAVA/LAN).
I have used LAVA over the years, but consider myself a novice.  If interested,
send a message to Suzanne at 70243.625@compuserve.com or telephone at 505-
662-3744.

3.  In the latest edition of "Security Technology & Design" Mr. Francis Hamit
has a wonderful article entitled "Why the Clipper Chip Will Fail".  Since
the publication has rather limited distribution, send me your fax number if
you would like a copy.  The publication is bi-monthly with this article in
the 11/94 edition.

4.  The advance program for the 1994 RSA Data Security Conference is available.
The conference, scheduled for January 9-11, 1995 in Redwood Shores, CA has
an extremely attractive agenda.  One may obtain information by calling 415-
595-8782.  There is a registration fee for the conference:  $295 before 
December 16, 1994; $395 after that date.


[Disclaimer:  Information Systems Security Updates represent the
opinions and views of the author, not his employer.  Recipients
are free to quote all/parts of the ISSU with credit/blame to the
author.]