Secrets and Lies: Digital Security in a Networked World 1st Edition by Bruce Schneier (PDF)

Description

Bestselling author Bruce Schneier offers his expert guidance on achieving security on a network Internationally recognized computer security expert Bruce Schneier offers a practical, straightforward guide to achieving security throughout computer networks. Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. This practical guide provides readers with a better understanding of why protecting information is harder in the digital world, what they need to know to protect digital information, how to assess business and corporate security needs, and much more. * Walks the reader through the real choices they have now for digital security and how to pick and choose the right one to meet their business needs * Explains what cryptography can and can’t do in achieving digital security

User’s Reviews

Reviews from Amazon users which were colected at the time this book was published on the website:

⭐Written by one of my favorite industry commentators, this is an introductory text on information security that should be useful to just about everyone. I highly recommend this book for the following audiences: · Beginning security specialists · IS and other business managers who make decisions about systems deployment · Experienced security practitioners who want to improve their thinking and analysis skills · Those studying for security certification, such as the CISSP · Software and Internet product planning and marketing staff (and not just security software)Schneier, who is recognized for his contributions to cryptography, has recently found religion. As recounted in a recent interview in “Information Security” magazine, he realized that humans were destroying the purity of his mathematical approach. Instead of retreating into academia, he tackled this issue head-on, some of the result of which is this landmark book. He recommends reading it cover to cover, and I agree with him-it takes all 400 pages to paint the complete story, and if you don’t approach it linearly, you run the risk of missing the subtleties of the author’s message. Skimming this book could easily trap a reader into equating vulnerability with risk. The world is full of risk, and while Schneier takes obvious delight in deconstructing the vulnerabilities of automated systems, it is important to understand that historical manual systems are quite vulnerable too, and humans deal with the risk quite nicely. Read the whole book.The chapters that I found most significant included: · (6 & 7) Cryptography: It is no surprise that he was written a terrific introduction to the concepts and building blocks (primitives and protocols) of encryption. Even techno-agnostics will find great value in his discussion of the problems with proprietary algorithms. · (9) Identification & Authentication: An excellent introduction to the problems of passwords and helpful discussion of the limitations of biometrics. He makes it clear why biometrics are NOT a magic cure for security problems. · (12) Network Defenses: Schneier tells it like it is! The ugly truth about sexy security toys. · (13) Software Reliability: Best description of stack overflow that I’ve ever seen for a lay audience. · (22) Product Testing and Verification: After crypto, evaluating software for security flaws is Schneier’s other specialty, and he’s written an awesome chapter. The author makes it very clear why it is unrealistic to expect invulnerable software, he single-handedly conducts a totally balanced debate on the merits of full disclosure, and he finishes the chapter with sage advice on approaching security product reviews with healthy skepticism.I’m often asked to recommend introductory texts on information security, and unfortunately there really aren’t that many good books for a newbie. If more books existed, I would probably give Schneier’s book a 4 instead of a 5, but for now, this is one of the best. As he explains in the Afterward, his `epiphany’ occurred only 12 months before completing the text-this isn’t much time to become an expert in security process. His background is somewhat removed from day to day operations, and perhaps this lack of administrative experience results in a few weak areas. I suggest that the reader exercise some critical thinking and consult additional authorities when reading the following chapters: · (4) Adversaries: his concept of computer criminals is a bit weak, pretty much lumping all transgressors into the mutually exclusive categories of `spy’ or `hacker’. · (5) Security Needs: Sof of his terminology lacks precision (perhaps inevitable when addressing a general audience). I disagree that a spoofed message represents an integrity failure, and I don’t characterize audit as a requirement, but as a control. · (15) Certificates and Credentials: He totally ignores the concept that practice statements (policies on CA and especially certificate management) provide any arbitrary level of assurance-the more stringent the rules, the higher the assurance. He doesn’t discuss time stamping and other forms of third-party witnessing that can greatly strengthen a digital signature. · (16) Security Tricks: His vehement attack on key recovery is politically extreme. The government’s ill-conceived desire for key escrow should not affect the responsibility a corporation has to protect its own data. Who hasn’t used an encryption product and lost a key? · (21) Attack Trees: This is a marvelously useful idea, but he leaves the impression that these can be used to create quantifiable risk models, and I don’t believe that putting information security risk in dollar value terms is practical.Despite its length, the book is a quick read, and the informal tone makes it very approachable. It is addressed at a completely different audience than “Applied Cryptography”–it isn’t a technical book–it is more of a business book. (Technical specialists would be well advised to read more business texts like this.) My copy is already well marked with highlighting and notes-this text has a lot of meat in it, and many new and useful ideas. If you find this book helpful in your job and you want to do additional reading, two complementary texts on the human aspects of infosec that I recommend are “The Process of Network Security” by Thomas Wadlow, and “Fighting Computer Crime : A New Framework for Protecting Information” by Donn B. Parker (I’ve reviewed both here on Amazon).

⭐See full review at my blog: Terebrate”Secrets and Lies: Digital Security in a Networked World” is the perfect book to hand to new bosses or new employees coming in the door who have not been exposed to cyber security in their past lives. It is also the perfect book for seasoned security practitioners who want an overview of the key issues facing our community today. Schneier wrote it more than a decade ago, but its ideas still resonate. He talks about the idea that “security is a process, not a product.” With that one line, Schneier captures the essence of what our cyber security community should be about. He explains that even though we have advanced technology designed to specifically find cyber break-ins, people are the still the weakest link. He describes how cyber risk is not a special category. It is just another risk to the business. He highlights the ludicrous idea that software vendors have no liability or selling buggy code, and he was one of the first thought leaders to characterize the adversary as something more than just a hacker. He makes the case for things that the cyber security community still needs in order to make the Internet more secure, things like strengthening confidentiality, integrity, and availability (CIA); improving Internet privacy and Internet anonymity; and challenging the idea that security practitioners must make the Sophie’s Choice between better security or more privacy in terms of government surveillance. Finally, he anticipates the need for a Bitcoin-like capability long before Bitcoin became popular. The content within Secrets and Lies is a good introduction to the cyber security community, and Schneier tells the story well. Because of that, Secrets and Lies is candidate for the cyber security canon, and you should have read it by now.

⭐This is basically a good book. Very readable, usually very clear, very broad scope. I think every issue that a security manager needs to know about is at least mentioned, with the really important issues discussed at length. Schneier tries (and usually succeeds) in writing for a general audience without dumbing down the important stuff. Mandatory reading if you have any interest in security.That being said, there are some nits I have to pick. The material is very ad hoc, backed up by mainly by personal (though extensive) experience and casual reading. A useful knowledge base, but limited as a source of primary information.This is aggravated by Schneier’s use of non-technical examples and analogies in many of his arguments. The arguments themselves are very strong, but when he cites this historical example or that financial practice, he often gets his facts wrong. I don’t suppose this has a big effect on his credibility, but it must have some.It’s also a little disappointing that Schneier didn’t bother to get into the general history of the Engima/Ultra business — a prime example of his basic theme, that the smallest failure of the security process is vulnerable to machines with infinite patience.Finally, I’m very, very disappointed that Scheier fails to challenge — and sometimes even supports — the social conservative attitude towards hacking and reverse engineering. He points out the futility of trying to encrypt DVDs — but barely touches on the DMCA. He speaks of general software hacking as a basically benign activity — but he strongly supports criminal punishment even for the most non-invasive electronic “trespass”. This is a point of view utterly at odds with his ideas of security considered in a complete social context.

⭐Put simply, everyone who owns (or uses) a computer that is attached to a network should read Secrets & Lies. Schneier himself recommends reading it “through a second time” (p.xxiii), but I’m not sure that even reading it twice will be sufficient to absorb all the lessons and wisdom that the author offers his readers to keep them safe online! Without doubt, this is the finest book on computing (of any type) that I have read to date and throughout I found myself wishing that I had read it when it was first published.Sure, this seminal treatise on digital security is starting to show signs of age, but then it was originally published in 2000 and the fact that technology has developed so quickly over the intervening decade is a testament to both the simplicity and the enduring relevance of the underlying message: “[s]ecurity is a process, not a product” (p.xxii). As our personal information and virtual existence is increasingly spread across the Internet, this is a lesson that we should all heed. Fortunately, Schneier’s uncomplicated approach coupled with his lucid and inclusive prose means that non-technical readers should not be intimidated by the book’s four-hundred or so pages and it seems to have been written as much for the layman as for technicians and geeks. Indeed, the book’s format and layout are designed to make digital security as accessible as possible and Schneier breaks it into logical sections that provide: the context and justification for digital security (The Landscape); the tools for providing security (Technologies); and how best to deploy these tools (Strategies). However, this is no technical manual – there’s very little in the way of direct implementation advice – more, it is a way of thinking about and planning for security and this is the real secret of the book’s durability.Throughout, there are echoes of Schneier’s despair with his earlier manuscripts and the lack of hope the early drafts gave his readers (p.396). Nonetheless, this serves only to reinforce the importance of the message and the urgency of the risks. Schneier’s epiphany in 1999 (p.397) that led to the resurrection and publication of this book provides us all with the hope that, once we understand the risks and plan our responses, even when those risks are manifest we can mitigate the damage.Whether you have an interest in network security generally or you are one of the computer security’s mystified majority, Secrets & Lies is essential reading.

⭐Being in the field of information security as a professional, I would totally recommend this book to amateurs and professionals alike.Very valuable words written by a guru in cryptography, and it deals with a lot more aspects of computer/information security than other books on the same subject!Also arrived in excellent condition despite buying the “good condition” one.

⭐The book is extensive about security, but it does not get into much detail. It’s too basic for a Computer Engineer, it is rather more directed to people with zero knowledge, rendering it a bit useless to professionals.

⭐Arrived as described. BTW basically covers 85% of the CISSP exam – just misses out of few developments that occured after 1999. A must have book for anyone remotely interested in info.sec.

⭐This was on our reading list by a lecturer at University.This book should be read like a novel rather than a textbook. Just like the Lecturer that recommended this to us, this book is full of information about computing and security. A little dry at times for me but is well worth a read!

Keywords

Free Download Secrets and Lies: Digital Security in a Networked World 1st Edition in PDF format
Secrets and Lies: Digital Security in a Networked World 1st Edition PDF Free Download
Download Secrets and Lies: Digital Security in a Networked World 1st Edition 2011 PDF Free
Secrets and Lies: Digital Security in a Networked World 1st Edition 2011 PDF Free Download
Download Secrets and Lies: Digital Security in a Networked World 1st Edition PDF
Free Download Ebook Secrets and Lies: Digital Security in a Networked World 1st Edition