46 of 50 people found the following review helpful
on July 11, 2001
A large group of programmers were asked a hypothetical question: If Microsoft was to build an airplane, would you get on it? All of the programmers instantly said no, save for a sole programmer who said he would definitely board the plane. When asked why he was so confident about getting on the plane, he replied, "If Microsoft were to ever build an airplane, it would be extremely safe since the plane would never make it out of the gate."
When it comes to information security, its current state is similar to that of a Microsoft airplane--built, but often flashy, while not forcefully functional. The root of the problem is that most organizations view security as something added on in a piecemeal fashion, rather than an integral engineering issue.
Those in the construction business get this concept; they know that designs, plans, permits, coordination, commitment, buy-in, etc.,; are all requirements, not options. Similarly, before any information security product is rolled-out, the appropriate project plans must exist. While the concept that design must come before implementation is a given in most other industries, many IT departments lack this understanding.
Thus is the quandary that Ross Anderson deals with in Security Engineering: A Guide to Building Dependable Distributed Systems. In a nutshell, Security Engineering is one of the best security books ever written. If you are looking for 50 pages of screen prints on how to install and configure a printer under Windows 2000, this is the wrong book for that. What Anderson does, in great detail and with lucidity, is particularize all of the aspects that are required to create a security infrastructure. He relentlessly reiterates that security must be engineered into information systems from the outset. When security is retrofitted into an application or system, it is never as effective.
Anderson defines security engineering as "building systems to remain dependable in the face of malice, error or mischance. As a discipline, it focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves."
In its 24 chapters, the book covers every domain of computer security. As noted security guru Bruce Schneier writes in the book's foreword "If you're even thinking of doing any security engineering, you need to read this book." Schneier's comment compliments his own attitude that security is not a product, rather a process. Going with that mantra, Anderson demonstrates in exhaustive detail how information security must be implemented in every aspect of the information system's infrastructure in order for systems to be dependable and secure.
The often knee-jerk response to information security is to deal with it at the product level. With that, the security product of the year is purchased (Air Gap, IDS, PKI, etc.) and the company hopes and prays for security. Unfortunately, it does not work like that. Anderson writes that security products can't operate in a vacuum. They must operate in the framework of a comprehensive architecture supported by policies. That is precisely why there are huge amounts of books on security component technology, but very few on how to use them effectively. When it comes to making all of these security technologies interoperate, there are few good titles in print, and that is the value of this book....
In more than 600 pages of intense information, Anderson lays the groundwork on how to build a secure and dependable system. Every aspect of information security is discussed in the book -- from passwords, access control, and attacks, to physical security and policy. Additionally, relevant and timely topics such as information warfare, privacy protection, access control, and more are discussed. This is the only book that covers the end-to-end spectrum of security design and engineering.
Just as important as the technical issues covered in the book, the entire range of attacks that distributed systems can face (technical, procedural, and physical) are also covered. Understanding these threats are paramount in order to properly secure the system. Anderson notes from years of personal experience that many security systems are designed solely to keep the good guys out without thinking of the bad guys. There are two mistakes with this approach -- it only solves a smart part of the problem, and more importantly, the bad guys do not follow the rules. Bruce Schneier likens this approach to security as putting a pole in front of your house and hoping the attacker runs into the pole. The reality is that the adversary will simply go around the pole.
While many of the chapter topics may sound unexciting, Anderson has a wonderful writing style and at times reads almost like a Tom Clancy thriller with its details of military command and control systems and other similar topics. Anyone responsible for information security should read Security Engineering.
32 of 34 people found the following review helpful
on April 6, 2001
It is about time that this book has been written!
Ross Anderson has a unique perspective to offer. He explains complex information, such as the inner working of cryptographic functions, with a clear and precise manner, while at the same time always relating the content to the real world. He possess a rare combination of expertise in theory and experience in practice.
This book covers everything from security of ATM machines, to secure printing; from multi-level security to information warfare; from hardware security to e-commerce; from legal issues to intellectual property protection; from biometrics to tamper resistance. In short, Anderson's book basically covers the entire field of computer security. It is also refreshing that the book is as deep as it is broad.
I will use this book to teach and also to learn. It is a good read cover to cover, and I imagine it will make a fine textbook for many classes on computer security. Every chapter ends with suggestions for interesting research problems and further reading.
As I was reading this book, I kept asking myself how one person could have produced such a comprehensive and complete book. It is indeed a treasure.
21 of 22 people found the following review helpful
on June 27, 2002
This book changes everything. "Security Engineering" is the new must-read book for any serious information security professional. In fact, it may be required reading for anyone concerned with engineering of any sort. Ross Anderson's ability to blend technology, history, and policy makes "Security Engineering" a landmark work.
Engineers learn more from failure than success. "Security Engineering" brings this practice to life, investigating the design and weaknesses of ATM machines, currency printing, nuclear command and control, radar, and dozens of other topics. Anderson's insights are accurate and helpful, partly because he's served as consultant for diverse industries. His descriptions of criminal and intelligence agency exploitation of insecure systems are startling; fake cellular base stations, fly-by-night phone companies, TEMPEST/EMSEC viruses, freezing electronics to preserve RAM -- all are explained in layman's terms.
The bibliography offers exceptional opportunities for further research, but the second edition needs a glossary. I found some of the cryptography chapter too complicated for non-mathematicians. I also believe the author was misled by whomever told him that "at the time of writing, the US Air Force has so far not detected an intrusion using the systems it has deployed on local networks." (p. 387) (I know from experience this is false.) Nevertheless, these are my only criticisms for a 612 page text.
"Security Engineering" is a book of principles, lessons, and case studies. It offers history, tools, and standards to judge engineering endeavors. This book actually inspired me to learn how brick-and-mortar engineers learn their trade, as their methods and failure analysis may apply to the software world. "Security Engineering" will remain relevant for years, but I recommend you read it as soon as possible.
7 of 7 people found the following review helpful
on May 2, 2001
Format: PaperbackVerified Purchase
Those of us in the computer security business have been mining Ross Anderson's web site for years, since he's done some really unique and important work in the field. Finally he's pulled it into an incredible book, one that's essential for anyone interested in information security.
Two elements combine make this book unique: first, the book manages to cover all of the major topics in the field, and second, the book covers the whole range of attacks that systems can face: technical, procedural and physical. Historically, writers on information security have focused on computers and disembodied "users," downplaying the crucial issues of physical security, perimeters, operating procedures, and the limits of human behavior. This book tries to integrate such concerns into information security thinking, instead of treating them as "special concerns that computer geeks don't really care about."
Best of all, the book is a great read. Ross has a fine way of drawing out the irony we encounter in user behavior, enterprise behavior, and even in the actions of presumed authorities in industry and government. At one point he discusses a government endorsed security evaluation process "which, as mentioned, is sufficient to keep out all attackers but the competent ones."
Ross unabashedly explains several aspects of information security that most writers ignore entirely, like security printing, seals, tamper resistance, and associated procedures. In my own books, reviewers have chided me for including such "irrelevant" topics, even though they play an essential part in making a real system work. As Ross ably points out, most successful attacks these days are pretty mundane and don't involve cryptanalysis or sophisticated protocol hacking. ATM fraud, for example, often relies on pre-computer technology like binoculars to pick up a victim's PIN. This book should open a lot of peoples' eyes.
11 of 13 people found the following review helpful
on June 21, 2001
This book does so much more than guiding the reader through the design of distributed systems. It is the most comprehensive and general definition and illustration of information security that I have ever seen in one place. This is a book that can teach you to look at the world through security glasses so to speak and that of course is a prerequisite for security engineering. It is also a good thing to be able to do if you need to evaluate security measures for quality and appropriateness.
The way Ross Anderson goes about this task is systematic and pedagogical. He has obviously been lecturing for many years and is both an excellent presenter and a person demonstrating a good understanding of learning curves. Both the book as a whole and the individual chapters have been constructed in such a way that the reader can give up at various points of complexity without losing the plot altogether and simply start at the beginning of the following chapter for a less deep education than if he read and understood everything but nevertheless gaining a comprehensive feel for the nature of security and how to tackle its implementation. This design also enables the book to be used either as a textbook or as a reference work. Very smart - many technical authors could learn something from observing how Ross goes about it.
I also like that each chapter ends with a discussion of possible research projects, literature recommendations and of course a summary. The only irritating thing is that there are too many stupid typos such as missing words, things which another read-through by the editor should have caught. An example: `...using the key in Figure 5.7, it enciphers to TB while rf enciphers to OB...' should be `...using the key in Figure 5.7, rd enciphers to TB while rf enciphers to OB...' It is fine to use typographic tricks for illustrative purposes but you must make sure they make it into print if you do. I'm certain many readers will find the chapter on cryptography difficult enough without errors. Well, next edition...
The book consists of three parts. The first is a quite basic intro to security concepts, protocols, human-to-computer interfaces, access control, cryptography and distributed systems. I think that perhaps Ross gets a little bit carried away in Chapter 5 on crypt - I mean, why is a proof for Fermat's little theorem included? There are no other mathematical proofs anywhere. I also think that parts of this chapter could benefit from added verbosity or perhaps a few more illustrations. Whereas in this context it is not so important how crypt primitives function internally it is of course very important how they behave as system components. Just a suggestion - no real criticism.
In the second part of the book the author ingeniously uses a whole range of well-known systems incorporating security to illustrate both analytical methods and security engineering fundamentals. Using this pedagogical method, moving from the concrete and well-known to the abstract and general is good engineering practice. Almost every main section contains a subsection called What Goes Wrong in which the author analyses and presents architectural and design weaknesses in everything from ATMs to nuclear systems. I find this approach incredibly valuable, not only because it teaches good engineering methodology but also because it gives the author an opportunity to present a huge number of security problems at the implementation level in a context, from which they can be lifted, cross-referenced and placed in different contexts. This method, combined with the informed and intelligent analysis is what makes this book such a brilliant generator of understanding of security, the broad and full concept.
Also in this part of the book there is a clear line which is not only technological but which serves to place security concepts in organisational frameworks, another very strong point in favour of this work. This leads to the third part of the book, which in the words of the author deals with politics, management and assurance. Very good entertainment as well. The book ends with one of the best bibliographies that I have ever seen in the field.
Kudos to Ross Anderson for writing such a fantastic book - highly recommended reading!
5 of 5 people found the following review helpful
on April 3, 2001
The review copy of Security Engineering (still not finished reading) will soon take pride of place in my book case, next to Schneier's Applied Cryptography. I have now found a pair of books to suit my Master of Information Technology semester subject "Advances in Information Security". My students, many commercial data processing people with IT degrees, can take this book to work after class. It will help them answer competently many questions of the "how do they..." type.
This book is current. For example in relation to SET Anderson says "...is being allowed to expire quietly". Often conference, web and journal research fails to pick up the demise of an idea, research is swamped by the proposal. In my class I set research topics and get papers reporting what was to be, and rarely, what is. This book will replace most of my paper readings and, if I am not mindful, replace my role as skeptic before my class.
My pet topic traffic analysis gets a solid mention. Look, this book is comprehensive. There are 823 items in the bibliography. What would you expect from the foundation editor of Computer & Communications Security Abstracts.
The style is that of a self confident expert. There are many anecdotes of protocol failure with analysis.
I think it may be time to put book indexes online. I would love to see a search engine, returning key word in context with page references for this book. It is 612 pages long and I found the 18 page index insufficient. If my wishes came true, I would also have some discussion questions and exercises at the end of chapters. Each chapter has a summary, research problems and further readings, but no simple exercises.
The maths and BAN notation is kept to a minimum.
In summary, in my opinion, this book met three of its stated purposes, as a text, a reference and a significant contribution to the science (some might say art) of security engineering. It is a bit light on as an introduction to crypto, but good as an introduction to other fundamental security tools like tamper resistance, authentication, multilevel security and models.
I agree with Schneier who says in the foreword "It's the first, and only, end-to-end modern security design and engineering book ever written."
I will prescribe this book to my next class, and I strongly recommend it to you "dear reader".
20 of 26 people found the following review helpful
on March 29, 2006
This is certainly a good book for getting introduced to most high-level architectural concepts related to Network security, cryptography, mandatory/multi-level access control etc. From a application development perspective, this book falls short on how to build architecure, design and implement them into your business applications which ultimately meets the end-user. The author justifies the high-level concepts well enough from a generalist perspective, but the industry-standards from OASIS leans towards standards-based application security protocols..which pushes a developer/architect like me to take those suggestions first and how to apply them in real world. The book also does'nt address on how-to build security for emerging application architectures based on Service-oriented architecture (SOA), Identity Management, Net-centric Federated applications. As a developer/architect using Java or Microsoft .NET or open-source based distributed applications, I need guidance on how to implement the recommended concepts (in the book) for example using biometrics or smartcards for building multi-factor access control at my application-level...unfortunately I don't find any answers for real-world implementation.
11 of 14 people found the following review helpful
on August 31, 2001
This book is for anyone who wonders how security mechanisms function. What separates this book from every other book on security is that this book is not limited to computer or network security, it gets into the nitty gritty of digital security.
The author is nothing short of brilliant. He covers a great variety of security issues, from smart cards, power monitoring, cryptography, passwords, access control, EMF emission monitoring [Tempest], biometrics, banking security, the history of all the previous topics, etc., etc., etc..
The other impressive qualities of this book are its clear and amusing writing style, excellent references, and tieing all this together in a fashion that provides a cohesive strategy for implementing truly secure systems.
While this book purports not to be for hackers, they will doubtlessly find this book of immense interest as well, as it covers information that I have not seen addressed in any other book that I have come across. You will learn more from reading this book than reading three years worth of 2600 Magazine.
All in all, great reading, intensely valuable information, and more fun than a barrel of monkeys.
6 of 7 people found the following review helpful
on March 31, 2001
Usually, Cryptography books always talk about mathematics which are the important base of cryptography. A lot of technical people who are not really interested in the mathematics detail won't like these kind of books. This book present Computer Security and Cryptography in a different view. The reader can understand the security without even realizing the underlying matematics behind that. This is the case that is usually needed by a Security Engineer. As the title suggested, this book is a perfect book for people who don't really care about the detail, but they are really care about the security of the system. The book gives a broad overview, from security of a single computer, network up to telecommunication related (even with 3G telecommunication system). This is a compact book that covers nearly all the applications needed today. A must have for a practical person who cares about security. If you are looking for a theretical book which covers a lot of things in depth, maybe this book is not really suitable for you. However, if you want to know security as a beginner, then this book is also perfect for you.
1 of 1 people found the following review helpful
on July 4, 2007
The title is maybe misleading. It is not really a guide that will show you a procedure step by step 'how to do' to build secure systems as most engineering books do. It is rather a survey of the different security protocols used in various fields. Of course, you can learn from the success and errors described in the book and use this knowledge for developing a new system but you will have to connect the dots yourself.
The book is very dense in information and at first, its format was making it tedious for me to read. It did take around 3 chapters before I get accustomed to the format. Once, this aspect was out of the way, this book became amazingly interesting. It describes systems used in banking, by diplomats, military, for nuclear weapons, police, set-up box TV decoders smart cards and anti tampering devices in general, spies, biometric authentication, etc.. and focus on the security protocols used by these systems and then highlights the weaknesses of the systems and how people have figured out how to workaround these protocols.
The best quality of the book is that it will help you to better understand the mindset of a secure system designer and a system hacker.