• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Secrets & Lies - Digital Security in a Networked World

 
Bartender
Posts: 962
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Author/s : Bruce Schneier
Publisher : John Wiley & Sons
Category : Other
Review by : Ulf Dittmer
Rating : 8 horseshoes

Although several years old by now, this book about computer and network security is still as relevant today as it was when it was first published. Bruce Schneier is one of the best-known computer security experts, and he imparts his expertise in a very readable and highly informative way.

The core message is that "security is a process, not a product or technology", and it must be designed into any system from the start, instead of trying to bolt it on as an afterthought. The other important point is that defense against an attack should consist of prevention, detection and response; neither of these is likely to work perfectly, so only a combination can make a system secure. And lastly, security is in interactive process between attacker and defender - advances on one side will lead to advances one the other, thus creating an eternal cat and mouse game.

After surveying in depth the various technologies available to secure systems, and analyzing their respective strengths and weaknesses, as well as how they might be circumvented by a different attack, Schneier presents strategies for dealing with them. This involves thread modeling (determining ALL the ways in which a system might be attacked), defining a security policy that defends against those threats, and putting in place the prevention/detection/response mechanisms that implement that policy. This approach can be used for every system (and for non-computer systems as well).

Throughout the book, many examples are used to illustrate the points which help the reader think about security (not just of the computer kind) in a wholly new way. It thus holds applicable lessons that go way beyond the immediate audience of the book.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic