# 95-08 Contents Books on the Horizon Firewall Standards--RFC, ANSI, IEEE? Bad Vibes in Show Low--Where is that you ask? Pop Journalism Thrives 1. O'Reilly & Associates promises two additional items for Fall reading: (1) "Internet Security Firewalls" by Brent Chapman and Elizabeth Zwicky (ISBN 1-56592-124-0) at $29.95; and (2) "Essential System Administration" by Aeleen Frisch (ISBN 1-56592-127-5) at $29.95. Both books have an estimated release date of September 1995. You might want to order the Chapman/Zwicky book now since it has been anticipated for sometime, and may go into backorder quickly. Mr. Chapman is the moderator of the Firewalls Discussion mailing, and conducts seminars on the subject. 2. The Firewalls Discussion group has spun off another mailing on firewall standards. One can subscribe by sending a message to MajorDomo@GreatCircle. Com with this phrase in the body of the message: subscribe firewalls- standards. 3. The June 1995 edition of Mark Ludwig's "Underground Technology Review" arrived from a new address. American Eagle Publications can now be contacted at P.O. Box 1507, Show Low, AZ 85901. The first article is atypical in that Mr. Ludwig attacks "Virus Bulletin" for failing to fill an order he placed, and then proceeds to lambast Dr. David Stang on a variety of subjects. There is an extended article on Windows 95 features which may have possible security implications. But the edition ends with a tortuous piece on self-defense weapons. The comments on Dr. Stang apparently originate from Mr. Ludwig's perception that David Stang has criticized Mark's distribution of viral code, but has recently hired the author of the MS-DOS NATAS virus. Mr. Ludwig quotes George Smith, the author of the recent book "The Virus Creation Labs", as confirmation of Dr. Stang's hiring decision. 4. The July 1995 edition of "Open Computing" does a lead story on information security with two articles: "Outside Security: The Growing Professional Menance" by Rochelle Garner; and "Inside Security: Is it Negligence?" by Natalie Engler. While both authors reference the usual list of "experts", the lack of analysis stands out in both pieces. The use of statistics, which in many instances are unverifiable and probably suspect, is what most disturbed me. The familiar litany of "war stories" probably does not even play in Peoria, so why should it work with anyone remotely literate in the field of information systems security? Perhaps the saving grace is a timeline of "computer crime and information warfare events" supplied by the Computer Security Institute. I did find it odd, however, that the introduction of the Data Encryption Standard was in the timeline. Apparently CSI considers this a "crime" and/or a "warfare" development? [Disclaimer: Information Systems Security Updates represent the opinions and views of the author, not his employer. Recipients are free to quote all/parts of the ISSU with credit/blame to the author.]