You keep using that word. I do not think it means what you think it means.---William Goldman, The Princess Bride
That's how Paul Robichaux ( http://www.robichaux.net/blog/ ) starts his book, Secure Messaging with Microsoft Exchange Server 2003 ( http://www.amazon.com/exec/obidos/ASIN/0735619905/robichaassocia/002-8369409-2002460 ). For my money, you've got to love a guy who quotes The Princess Bride, not just because it's the kind of cool, ubiquitous cultural reference that's sure to conjure images of Andre the Giant hauling Mandy Potamkin, Wally Shawn and the Princess Bride up the side of a cliff (which it certainly does), but rather, he uses the quote to succinctly make his point and draw us into the story of Secure Messaging in Exchange 2003.
The point he makes in those opening paragraphs is that we all bandy about security related jargon, but we do we honestly know what it all means? Take the words confidentiality and privacy for example. How many times a day do you use those words? Yet, if I asked you to explain the difference how would differentiate them? Could you? They are different words; they must have different meanings, don't they? Or do they?
Read chapter one to find out; plus much more. In the initial chapter Paul clearly defines the common security buzzwords, what they mean and why they are important. This sets the stage for what's to come.
Chapter 2 is a great primer on encryption algorithms and security protocols. If you've never understood how IPSEC works or what the difference between LM, NTLM and NTLMv2, it's all right there. Great review if you’re familiar with these, solid introduction if these are new to you.
I can’t believe I haven't read this book until now. Just having gotten through the first two chapters, I'm already stoked and I thought, I'm going to blog about this book as I work through it and invite everybody to join me. If you've read this book or, like me, been meaning to, pick it up and let's read it together.
Over the next couple weeks I'm going work through the book. I'll read a chapter or two and post my thoughts. I'd love it if some of you out there did the same. You can post comments, questions and criticisms here. It's not the Oprah Book Club, but if you're serious about making Exchange secure, this is a great place to start.
<p>One of the best parts of writing a security-focused book was that I had the luxury of including background material to help Exchange admins get the right vocabulary and mindset to talk security with real security folks. This makes my book very different from other Exchange books, since they normally have to cover so many topics that they can't provide much depth in any one area.</p>