|
|||||||||
Better Together
Customers Who Bought This Item Also Bought
The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick  (119)
$11.53
|
Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition by Bruce Schneier  (99)
$37.80
|
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers by Kevin D. Mitnick (35)
$11.53
|
Practical Cryptography by Niels Ferguson (16)
$31.50
|
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll (155)
$10.20
|
Whom can you trust? Try Bruce Schneier, whose rare gift for common sense makes his book Secrets and Lies: Digital Security in a Networked World both enlightening and practical. He's worked in cryptography and electronic security for years, and has reached the depressing conclusion that even the loveliest code and toughest hardware still will yield to attackers who exploit human weaknesses in the users. The book is neatly divided into three parts, covering the turn-of-the-century landscape of systems and threats, the technologies used to protect and intercept data, and strategies for proper implementation of security systems. Moving away from blind faith in prevention, Schneier advocates swift detection and response to an attack, while maintaining firewalls and other gateways to keep out the amateurs.
Newcomers to the world of Schneier will be surprised at how funny he can be, especially given a subject commonly perceived as quiet and dull. Whether he's analyzing the security issues of the rebels and the Death Star in Star Wars or poking fun at the giant software and e-commerce companies that consistently sacrifice security for sexier features, he's one of the few tech writers who can provoke laughter consistently. While moderately pessimistic on the future of systems vulnerability, he goes on to relieve the reader's tension by comparing our electronic world to the equally insecure paper world we've endured for centuries--a little smart-card fraud doesn't seem so bad after all. Despite his unfortunate (but brief) shill for his consulting company in the book's afterword, you can trust Schneier to dish the dirt in Secrets and Lies. --Rob Lightner
--This text refers to an out of print or unavailable edition of this title.
From The Industry Standard
In April 1999, Bruce Schneier, mathematician, digital security expert and unlikely hacker-scene hero, had an epiphany. It prodded him to reorganize his company, Counterpane Internet Security, and altered his view of securing computer systems. The fruits of that thinking also make up the bulk of his engaging and exhaustive new book, Secrets and Lies: Digital Security in a Networked World.
Schneier, the creator of two widely used data-scrambling formulas and author of the definitive Applied Cryptography, realized that he and his colleagues were trained to view security as a hopeless prophylactic, a passive approach that relies too heavily on complex technologies to keep hackers and criminals out. "Too many system designers think about security design as a cookbook thing," writes Schneier. Add a firewall and a pinch of encryption, and eventually you'll have a secure system.
He concluded that technology, no matter how complex, can't solve all our problems. "Security is rooted in the physical world. The physical world is not logical. It is not orderly," he explains. "People don't play along. They do the unexpected; they break the rules."
In a land of rule-breakers, rules-based systems are not especially useful. Instead of building the digital equivalent of a Maginot Line, Schneier argues, it is far more effective to think of security as an ongoing process of "risk management" that includes not just protection, but also detection and reaction mechanisms.
Secrets and Lies, then, isn't so much a "how-to" as a "how-to-think" - a philosophical road map in which Schneier guides the reader along the same path that brought about his new thinking. With the single-minded discipline of a programmer, Schneier spends almost two-thirds of the 400-page book getting to know the mind of the enemy; surveying the methods hackers employ to break into systems, from automated programs to the person-to-person con games known as "social engineering."
The aim in mastering such arcana, according to Schneier, is "threat modeling," which is his way of teaching readers to think like the most methodic of thieves. Schneier provides a series of cognitive exercises designed to get crime-inspiring synapses firing. How might one rig an election or hack a stored-value smartcard without getting caught, for instance?
In one exhaustive deconstruction, Schneier walks readers through the process of getting free pancakes: "We can eat and run. We can pay with a fake credit card, a fake check or counterfeit cash. We can persuade another patron to leave the restaurant without eating and eat his food. We can impersonate (or actually become) a cook, a waiter or the restaurant owner ..." Schneier goes so far as to diagram these threat models - to near-comic effect - with what he calls "attack trees." With such deep knowledge of one's potential security flaws in hand, managers can far more effectively secure their systems.
Schneier is the right person to popularize these views. His prose is lively and his work is informed by current headlines about the I Love You virus, obscure historical facts about Germany's World War II "Enigma" data-scrambling device and ancient myth. (How did Zeus sneak into Danae's supposedly impenetrable bronze chamber? He turned himself into gold dust and showered down into Danae's lap through a hole in the roof.)
In the wake of this year's denial-of-service attacks on major Web sites, Schneier's book joins a host of other popular works on digital security - most notably Winn Schwartau's Cybershock. Setting himself apart, Schneier navigates rough terrain without being overly technical or sensational - two common pitfalls of writers who take on cybercrime and security. All this helps to explain Schneier's long-standing cult-hero status, even - indeed especially - among his esteemed hacker adversaries.
John Simons is a Markle Fellow at the New America Foundation in Washington. --This text refers to an out of print or unavailable edition of this title.
See all Editorial Reviews
Product Details
|
