Commencez à lire Secrets and Lies: Digital Security in a Networked World sur votre Kindle dans moins d'une minute. Vous n'avez pas encore de Kindle ? Achetez-le ici Ou commencez à lire dès maintenant avec l'une de nos applications de lecture Kindle gratuites.

Envoyer sur votre Kindle ou un autre appareil

 
 
 

Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

Désolé, cet article n'est pas disponible en
Image non disponible pour la
couleur :
Image non disponible
 

Secrets and Lies: Digital Security in a Networked World [Format Kindle]

Bruce Schneier
5.0 étoiles sur 5  Voir tous les commentaires (3 commentaires client)

Prix conseillé : EUR 16,56 De quoi s'agit-il ?
Prix éditeur - format imprimé : EUR 17,38
Prix Kindle : EUR 11,59 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 5,79 (33%)

App de lecture Kindle gratuite Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.

Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.

Formats

Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 11,59  
Relié --  
Broché EUR 12,92  





Descriptions du produit

Revue de presse

"...make yourself better informed. Read this book." ( CVu, The Journal of the ACCU, Vol 16(3), June 2004)

TECHNOLOGY YOU By Stephen H. Wildstrom
THE SECRETS LIES OF CYBER–SECURITY
A computer virus shuts down your corporate e–mail for a day. Hackers deface your Web site with pornography. The need to share data with customers and vendors exposes critical corporate information to online theft. With your business ever more dependent on safe use of the Internet, security savvy has become as important as understanding marketing or finance.
Such savvy, however, has been hard for non–techie executives to acquire. Books and articles on security generally came in two equally useless varieties: incomprehensible or sensationalized. Remember all those books on how the Y2K bug would end civilization as we knew it? Now, Bruce Schneier, a highly respected security expert, has stepped into the breach with Secrets Lies: Digital Security in a Networked World (John Wiley Sons, $29.99). The book is of value to anyone whose business depends on safe use of
e–mail, the Web, or other networked communications. If that′s not yet everybody, it soon will be.
Schneier brings strong credentials to the job. His book Applied Cryptography is a classic in the field, and he is one of t he creators of the Twofish algorithm, a finalist in the U.S. government′s competition for the Advanced Encryption Standard. Schneier serves as chief technology officer of Counterpane Internet Security (www.counterpane.com), which manages computer security for corporations.
Although this is a book for the general reader, it′s not always easy going. But Secrets Lies requires no prior knowledge of computer or security technology and should be accessible to anyone who is willing to put in a little effort. For example, Schneier explains encryption, essentially a mathematical process, without resorting to a single equation. While Schneier is not an elegant writer, he has a nice ability to use analogies to make the obscure understandable.
The book has two main thrusts. First is Schneier′s mantra: "Security is a process, not a product." Anyone who promises you a hacker–proof system or offers to provide "unbreakable" encryption is selling you snake oil. There is simply no way to wave a magic wand over a system to make it –and keep it– secure. Second, Schneier says, getting security right is hard, and small mistakes can be deadly.
Risk Management. Schneier backs his opinions with real–world examples. For instance, Hollywood was terrified of piracy and worked hard on a scheme to encrypt digital videodisks so that only authorized players could read the disks. The encryption would have been hard to break, but hackers didn′t have to do it. A design flaw made it easy to steal the decryption keys from the software players supplied with PC′s. Similarly, most e–commerce sites use a technology called SSL to protect transaction data from online snoopers. SSL works fine, but some e–tailers left customers′ credit card information in files where hackers could swipe it.
The last third of the book is most valuable to managers. In it, Schneier discusses the process by which people should assess security vulnerabilities and decide what to do about them. His central point: Computer security is basically risk management. Banks and credit–card companies can tolerate a considerable amount of credit risk and fraud because they know how to anticipate losses and price their services accordingly. That′s good, since zero tolerance would put them out of business. Similarly, seeking perfect security would make a system useless because anything worth doing carries some risk.
Unfortunately, the art of computer security has not progressed to the point where Underwriters Labs can certify that a firewall can protect you against attack for two hours, as can be done for safes and fire doors. But with the crude tools that are available, managers have to decide what they are trying to protect and how much they are willing to spend, both in cost and convenience, to defend it. This is a business issue, not a technical one, and executives can no longer leave such decisions to techies. That′s why Secrets and Lies belongs in every manager′s library. (Business Week, September 18, 2000)

As an editor at a computer publication in the early 1990s, I hired a freelance security expert to evaluate anti–virus software. After extensive testing he faxed the results; unfortunately, the fax went to one of my publication′s direct competitors. His gaffe
demonstrated why we will never see fail–safe computer security: human error.
That premise emerged as a central theme of a new book written by the same freelancer, now a leading security expert. "Secrets and Lies: Digital Security in a Networked World" (John Wiley Sons, 2000, $29.99), by Bruce Schneier, is a compelling brief on the industry′s most obsessive anxiety.
It′s not a story for the faint of heart. Schneier′s scary world makes the Wild West––to which the Internet is often compared––look like kindergarten. (For every gory detail on computer crime, check out "Tangled Web," by Richard Power; Que, 2000, $25.)
"Secrets and Lies" is well–timed on the heels of an apparently unstoppable wave of security foul–ups, hacks and government surveillance revelations. The best–known attacks––such as the breach of Microsoft′s corporate network revealed last week, disruptions of Yahoo, EBay and other top Web sites early this year, and the "Love Bug" virus, which infected millions of computers––made headlines.
Paranoids have delighted in recent revelations about "Echelon," the government′s once super–secret system for monitoring worldwide voice and data communications, and the FBI′s "Carnivore" technology, which sniffs millions of supposedly private e–mail messages.
A burgeoning underground of Internet vandals, network nihilists, data thieves and those who probe vulnerabilities as an intellectual exercise begs a scorecard to distinguish "hackers" from "crackers," "white hats" from "black hats."
"Script kiddies"––wannabes who use turnkey hacking tools they find posted on the Web––may be emerging as the biggest threat.
Schneier explains the reasons for this grim scenario in simple truths:
∗ In the hacking wars, technology favors offense over defense.
∗ Complexity is the enemy of security, and the Internet is the mother of all complex systems.
∗ Software is buggy. Experts suggest that every 1,000 lines of computer programming code contains between five and 15 mistakes, some of which inevitably open security holes. Consider that Windows 2000 shipped with some 63,000 known bugs and incompatibilities.
∗ People are often foolish. Early this month the National Institute of Standards and Technology adopted an encryption
algorithm (a mathematical formula used to scramble digital data) that it said would take more than 149 trillion years to crack. Then again, if you use your name or the word
"password" as a decoding key––typical among lazy computer users––a neophyte
hacker would need about five minutes.
Any security scheme can and will be subverted. Little wonder that software licensing agreements specifically disclaim responsibility for the product working as advertised.
It′s not hard to imagine why security software developers would be short on confidence––their products are nearly always developed in a vacuum.
"A common joke from my college physics class was to ′assume a spherical cow of uniform density,′ " Schneier writes. "We could only make calculations on idealized systems; the real world was much too complicated for the theory. Digital system security is the same way"––probably reliable in the lab, always vulnerable in the wild. Part of the problem is that conventional thinking about Internet security is drawn from the physical world, where some kinds of security are "good enough."
"If you had a great scam to pick someone′s pocket, but it only worked once every hundred thousand tries, you′d starve before you robbed anyone," Schneier writes. "In cyberspace, you can set your computer to look for the one–in–a–hundred–thousand chance. You′d probably find a couple dozen every day."
A big part of the solution, he writes, is to recognize that "security is a process, not a product." Virus–protection software and "firewalls" designed to guard private networks can be effective only as part of a comprehensive strategy about security. This means that network users––as individuals or employees––must understand their role in protecting information––instead of naively relying on software tools to work without
human vigilance.
So how to reach people with this geeky material? Schneier, founder of Counterpane Internet Security Inc. in San Jose, peppers the book with lively anecdotes and aphorisms, making it unusually accessible. But I still wouldn′t have judged it suitable for the average reader. So I wasstonished to find "Secrets and Lies" recently ranked 68th on Amazon.com′s sales list. Unless all the buyers are hackers, that′s a hopeful sign.
So take Schneier′s good advice, but don′t panic: Like security, fear–mongering is a process. Exploiting that fear has become a growth industry. Hundreds of security companies shamelessly hype every new virus or hacking to pump up business. Consider that while it′s theoretically possible to bring down much of the Internet with a
single orchestrated hack, the most damaging episodes so far have affected only a few sites out of millions. The worst ones, such as Love Bug, though genuinely harmful,
fade in a couple of weeks.
Dopey business plans are a bigger threat to the "dot–com" world, and the sale of personal data by marketers a bigger threat to individuals,than hackers will ever be.

Monday, October 30, 2000, ′Lies′ Propagates One Truth: No One Can Get a Lock on Net Security
Los Angeles Times by Charles Piller

A Security State of Mind
It′s not encryption. It′s not a password. It′s not connecting through a VPN or an anonymizing service. Security means vastly different things to a national government, an e–commerce site, or a home user.
Governments are rightly paranoid about little things like their military preparedness, new weapons systems, communications codes, and sensitive information about other governments. E–commerce sites amass records for millions of consumers; a break–in could net huge numbers of credit cards. Businesses are constantly evolving, and your chief competitor would love to know what you′re up to.
On the personal level, most of us don′t have anything quite so vital as state secrets to protect, but theft of numbers and information that we use every day can make our lives a living hell. You only have to talk to one victim of identity theft to understand the excruciating–agony of suddenly being victimized by technology, as computers reject your bank and credit cards, and credit reports repeatedly reflect some crook′s misadventures with your name and money.

SCHNEIER SAYS
Security expert Bruce Schneier′s new book, Secrets and Lies, details the challenges of maintaining security in a networked world. Time and again, he makes the depressing point that security ultimately depends on human nature. The person who doesn′t follow procedure, the careless user who leaves a password on a sticky note, and the one who attaches a modem connected to an outside line to a machine behind the firewall are all committing security breaches. And those are the ones without malfeasance.
Schneier′s book is an excellent read. Although he′s a mathematician and security expert, the book is largely nontechnical–and even amusing, once you get past some of the horror stories. Unlike some other nontechnical security resources, Schneier′s book is authoritative because he′s been there and done that, having invented–and cracked–a couple of equally important algorithms. He understands the issues and the issues behind the issues.
If you′re not a hacker, or if you′re new to the scene, you′ll gain an appreciation for why designers of security systems and inventors of encryption algorithms put their documentation into public view and invite attacks. Basically, if someone can point out a flaw in your logic or a vulnerability in the system, then you can eliminate the weakness. And if attackers can′t break in with full knowledge of the mechanism you′re using to keep them out, that′s good security.
The book also shows you why formerly secure algorithms are no longer secure. In many cases it′s simply that machines have gotten so fast that previously impossible numbers of calculations are now possible. Or that hundreds or thousands of machines working in concert over network can outperform some of the largest supercomputers in decryption.
But in his introduction, Schneier says, "I have written this book...to correct a mistake." The mistake was his earlier contention that cryptography would keep all our information safe and be the key to a sophisticated digital world. As things have turned out, cryptography is a small but necessary ingredient in the much more complex recipe for security and privacy.

FOR YOUR EYES ONLY?
I regard privacy as a special instance of security. It′s information security on the personal level: Your phone number. Your purchasing habits. Your bookmarked Web sites. Your credit card numbers. Your e–mail address. Your bank account number. Your vices. Your IP address.
We have different levels of sensitivity. My phone number is listed; perhaps yours isn′t. I shop online with credit cards; maybe you don′t. You browse without much thought to where you′ve been; I purge cookies and anonymize.
Virtually all e–commerce sites collect as much data on users as they can in order to amass demographic and psychographic profiles. This helps them personalize your on–line experience. In theory, it costs them less to sell more, and we should all benefit. But when private information becomes a corporate asset to be bought, bartered, and sold, as it recently did with Amazon.com′s revised privacy policy, we have to pay attention to the ramifications.
Schneier′s book will give you a firm foundation in what it takes to establish and maintain network security, but you should also think afresh about personal security. I recently found an uncharacteristically useful government–issued document in the form of a booklet, "Know the Rules; Use the Tools," from Senator Orrin Hatch′s Judiciary Committee, available online at http://judiciary.senate.gov/Drivacv.htm. Download it. Read it. Use it. (PC Magazine, November 21, 2000, p. 91)

Think You′re Safe Online? Think Again!
Let′s assume for a moment that you are not a techie or a hacker. You′re browsing in a bookstore and happen to pick up a copy of Secrets and Lies: Digital Security in a Networked World (John Wiley Sons, $29.99). As you idly flip through it, all you see are dense paragraphs on arcana: the role of symmetric algorithms in encryption systems, the relative merits of code signing and access control at the interfaces, and what a one–way hash function does. Whoa! This is way over your head, you think, as you sheepishly put the book down and look for the latest Grisham thriller.
Not so fast. Despite big chunks of esoteric techspeak, Secrets and Lies is a thriller of subtler sort. Author Bruce Schneier, chief technology officer at counterpane Internet Security in San Jose, wrote a 1994 book called Applied Cryptography that became the bible of the field. Since then, while consulting for clients like Hewlett–Packard, Intel, and Merrill Lynch, he has done some deep and imaginative thinking on whether digital security is in fact an oxymoron. (As he says in the preface, if you think technology can solve your security problems, then you don′t understand the problems and you don′t understand the technology.) The result is a startlingly lively treatise on, among many other things, why our basic decency, trust, and willingness to help others will always allow "social engineers" (a hacker term for con artists) to leapfrog even the most elaborate firewall. There are, however, ways to minimize the damage, which Schneier spells out in user–friendly language, with lots of colorful asides: In a discussion of page–jacking, he mentions that the dial telephone was invented in 1887 by a Kansas City funeral director named Almon Strowger, who suspected that operators were routing his phone calls to rival undertakers.
But Secrets and Lies is also a jewel box of little surprises you can actually use. See, for example, Schneier′s persuasive analysis of why writing down your password (in defiance of your system administrator′s pleas) can make your computer, and your network, more secure rather than less. One thing′s certain: This book will make you think twice about ever again using your Visa card on a secure Website. (Anne Fisher, Fortune Magazine, November 27, 2000, p. 304)

Attack Defense
Laymen have no idea just how hard maintaining security really is. For a more readable but rather depressing look at just how tough it can be, read Secrets and Lies: Digital Security in a Networked World (Wiley, $30), in which cryptographer and security consultant Bruce Schneier minces no words in describing the many ways computer systems can be compromised. The problem, it turns out, is as much human as technological. System managers often fail to install important security fixes. Users don′t like systems that get in their way – like having to use passwords that are hard to remember. Miscreants may find it simpler to ask or pay someone for a password or trick them into divulging it rather than using sophisticated technical means. It can happen to you.
And you can minimize the risk. When it comes to security software, says Schneier, "Testing for all possible weaknesses is impossible." But he adds that "mediocre security now is better than perfect security never."
So keep that antivirus software updated, follow the other suggestions I offered in our June 12 issue and get yourself a firewall. I can′t pretend to be able to test all the ins and outs of firewall software – Schneier makes it clear what a daunting task that is – but Zone–Alarm from Zone Labs seems to do a good job not just of fending off outsiders but also of warning you when the kind of malware that apparently bit Microsoft attempts to make mischief via the Net from inside your machine. It′s free for personal and nonprofit users, $40 or less per machine for others.
Like other firewalls, ZoneAlarm will force you to make some decisions about permission that you are probably ill–equipped to make. But even if you get a few of those calls wrong, it′s better than perfect security never. (Forbes Magazine, 11/27/00)

Bruce Schneier′s latest book on security is a rare achievment, as it takes a highly technical and often deadly dull topic and creates a surprisingly acessible and often fascinating read for even the least techy exec. "Secrets and Lies" lays out the current landscape of network security– from the challenges presented by hackers and viruses to the often ineffectual state of corporate security systems. Schneier offers enough gritty history, cautionary tales, and colorful explinations to keep readers engrossed, whether they′re new to the security field or seasoned professionals. In addition, he has managed to pepper his text (especially the latter sections) with plenty of useful tips and advice that can help companies battle their way through the dangerous and often confusing task of securing their most valued assets. Daintry Duffy (CIO Magazine, page 58, November 15, 2000)

"The great thing about the book – the thing that makes it an essential read – is that Schneier is an excellent teacher. .... At times the book is even funny, which makes even technical chapters an easy read..."(Computing, 22nd March 2001)

"Bruce Schneier′s book is a common–sense, practical guide..."(Computing, 22nd March 2001)

"As a thoughtful read, prior to planning or reviewing your business′s security strategy, you could not do better...." (Unixnt, February 2001)

"...worth a read..." (The Journal, November 2000)

"...essential reading for security practitioners..." (Computer Bulletin – Book of the Month, January 2001)

"...provides a timely debunking of myths...an invaluable reference point" (Computer Business Review, November 2000)

"not only is it entertaining, but it is likely to end up on the reference shelf of thousands of CIOs worldwide." (Information Age, December 2000)

"...a good read..." "The book is interesting [and] educational..." (E–business, Jan 2001)

"...a pragmatic, stimulating and rather readable guide..." (The Bookseller, 17th November 2000)

"This book is a must for any business person with a stake in e–commerce." (EuroBusiness, December 2000)

"...a jewel box of little surprises you can actually use" "...a startlingly lively treatise..." (Fortune, 27th November 2000)

"A thoroughly practical and accessible guide..." (Webspace, November 2000)

"[It′s] written like a thriller (and a good one at that)..." (Managing Information Strategies, November 2000)

"Anyone who does business online should buy this book and read it carefully." (QSDG, December 2000)

"The book is an impressive ′how to think′ like a hacker." (Supply Management, 16th November 2000)

"Schneier writes with a pleasingly readable style." (MacFormat, December 2000)

"Setting himself apart, Schneier navigates rough terrain without being overly technical or sensational..." (Computer Weekly, 26th October 2000)

"...a very practical guide..." (Webspace, October 2000)

"If you only have time to read a single book on the subject, this is the one to read." "I think you owe it to yourself to take the time to read this book" "Highly recommended to all." (Overload, September 2000)

"A thoroughly practical and accessible guide to achieving security" (Webspace, August 2001)

"...if you haven′t read Secrets and Lies yet, you should. If you have but it′s been a while, take it along for your next plane ride..." (Technology and Society, 7 February 2003)



"...make yourself better informed. Read this book." ( CVu, The Journal of the ACCU, Vol 16(3), June 2004)

Stephen Manes writes, "...Bruce Schneier minces no words in describing the many ways computer systems can be compromised". (Forbes)

"...this book isn′t just for techies. Schneier peppers the book with lively anecdotes and aphorisms, making it unusually accessible." (LA Times)

"Schneier′s book is an excellent read.... He understands the issues and the issues behind the issues." (Bill Machrone)

"Secrets and Lies should begin to dispel the fog of deception and special pleading around security, and it′s fun.." (New Scientist, 2nd September 2000)

"Bruce Schneier′s book is a common–sense, practical guide..."(Computing, 22nd March 2001)

"As a thoughtful read, prior to planning or reviewing your business′s security strategy, you could not do better...." (Unixnt, February 2001)

"...worth a read..." (The Journal, November 2000)

"...essential reading for security practitioners..." (Computer Bulletin – Book of the Month, January 2001)

"...provides a timely debunking of myths...an invaluable reference point" (Computer Business Review, November 2000)

"not only is it entertaining, but it is likely to end up on the reference shelf of thousan ds of CIOs worldwide." (Information Age, December 2000)

"...a good read..." "The book is interesting [and] educational..." (E–business, Jan 2001)

"...a pragmatic, stimulating and rather readable guide..." (The Bookseller, 17th November 2000)

"This book is a must for any business person with a stake in e–commerce." (EuroBusiness, December 2000)

"...a jewel box of little surprises you can actually use" "...a startlingly lively treatise..." (Fortune, 27th November 2000)

"A thoroughly practical and accessible guide..." (Webspace, November 2000)

"[It′s] written like a thriller (and a good one at that)..." (Managing Information Strategies, November 2000)

"Anyone who does business online should buy this book and read it carefully." (QSDG, December 2000)

"The book is an impressive ′how to think′ like a hacker." (Supply Management, 16th November 2000)

"Schneier writes with a pleasingly readable style." (MacFormat, December 2000)

"Setting himself apart, Schneier navigates rough terrain without being overly technical or sensational..." (Computer Weekly, 26th October 2000)

"...a very practical guide..." (Webspace, October 2000)

"A thoroughly practical and accessible guide to achieving security" (Webspace, August 2001)

"...if you haven′t read Secrets and Lies yet, you should. If you have but it′s been a while, take it along for your next plane ride..." (Technology and Society, 7 February 2003)

Présentation de l'éditeur

Bestselling author Bruce Schneier offers his expert guidance on achieving security on a network
Internationally recognized computer security expert Bruce Schneier offers a practical, straightforward guide to achieving security throughout computer networks. Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. This practical guide provides readers with a better understanding of why protecting information is harder in the digital world, what they need to know to protect digital information, how to assess business and corporate security needs, and much more.
* Walks the reader through the real choices they have now for digital security and how to pick and choose the right one to meet their business needs
* Explains what cryptography can and can't do in achieving digital security

Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 3870 KB
  • Nombre de pages de l'édition imprimée : 433 pages
  • Editeur : Wiley; Édition : 1 (25 mars 2011)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • ASIN: B004UARVS0
  • Synthèse vocale : Activée
  • X-Ray :
  • Word Wise: Non activé
  • Moyenne des commentaires client : 5.0 étoiles sur 5  Voir tous les commentaires (3 commentaires client)
  • Classement des meilleures ventes d'Amazon: n°152.192 dans la Boutique Kindle (Voir le Top 100 dans la Boutique Kindle)
  •  Souhaitez-vous faire modifier les images ?


En savoir plus sur l'auteur

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Commentaires en ligne

4 étoiles
0
3 étoiles
0
2 étoiles
0
1 étoiles
0
5.0 étoiles sur 5
5.0 étoiles sur 5
Commentaires client les plus utiles
5.0 étoiles sur 5 A qui faire confiance ? 24 août 2006
Format:Broché
C'est un Bruce Schneier un rien désabusé qui s'interroge dans ce livre sur les enjeux de la sécurité sur Internet.

Bruce Schneier s'était avant cela fait connaitre comme un grand expert en cryptographie, auteur, notamment, du classique "Applied Cryptography". Dans Secrets & Lies, il reconnait que la cryptographie en soi ne résoud pas tous les problèmes de sécurité, loin de là, et qu'il reste encore beaucoup à faire pour recréer un climat de confiance sur Internet.

B. Schneier aborde et traite la question de la confiance numérique sous un angle "philosophique" et non technique, l'ouvrage est donc à mettre dans toutes les mains.
Avez-vous trouvé ce commentaire utile ?
5.0 étoiles sur 5 Simplement excellent 19 février 2006
Format:Relié
Secrets and Lies est un excellent livre traitant de façon globale de la sécurité de l'information. Il ne s'agit en aucun cas d'un ouvrage technique. Le texte est très facilement abordable et rédigé de façon très claire. Le spécialiste du domaine devrait y trouver son compte tout autant que le néophyte. Probablement le meilleur texte qu'il m'ait été donné de lire sur le sujet.
Avez-vous trouvé ce commentaire utile ?
5.0 étoiles sur 5 Merveilleux ! 6 octobre 2013
Format:Format Kindle|Achat vérifié
Même si ce livre date un peu, il est toujours d'actualité. Je l'avais déjà lu en version papier lors de sa sortie ; un plaisir de le relire en numérique.
Avez-vous trouvé ce commentaire utile ?
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.4 étoiles sur 5  144 commentaires
127 internautes sur 134 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 A must-read for true computer security professionals 30 octobre 2000
Par Richard Bejtlich - Publié sur Amazon.com
Format:Relié
I am an Air Force officer and technical resource for a 50-person military intrusion detection operation. I've seen Bruce speak twice and he never fails to impress. "Secrets and Lies" is no different. This book is not designed to teach readers about the latest security technologies. It was not written to promote specific products, although Bruce explains how the book's themes caused him to revamp his Counterpane firm. What the book does is teach security professionals how to think about their craft. I would recommend it to everyone in the field from day one, but its deeper meanings would probably not be evident until a year's work on the front lines.
Some of the ideas aren't new. For example, I've heard members of the L0pht petition for a software Underwriter's Lab for years, and others have encouraged liability laws for software vendors. Bruce builds on these ideas and weaves them into his own prescription for dealing with complex and inherently insecure systems. This is the type of book that gives a professional the vocabulary and framework to organize his understanding of the security process. "Secrets and Lies" creates the "little voice" that warns against a vendor's promises to solve all your problems with a $30,000 box-of-wonders.
Of particular interest to me, after training in economics, is Bruce's insistence that "the buying public has no way to differentiate real security from bad security." It logicially follows that the market cannot address this problem, since "perfect information" does not exist. Therefore, outside organizations (perhaps an FDA for software?) should get involved, but not by outlawing reverse engineering and security tools.
I give five stars to books that make the complex simple, that reveal and enhance technical details, or that change the way I look at the world. This book fits two, and possibly three of those categories. Bravo, Bruce.
85 internautes sur 91 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Excellent intro infosec book that everyone should read 18 septembre 2000
Par J. G. Heiser - Publié sur Amazon.com
Format:Relié|Achat vérifié
Written by one of my favorite industry commentators, this is an introductory text on information security that should be useful to just about everyone. I highly recommend this book for the following audiences:
· Beginning security specialists
· IS and other business managers who make decisions about systems deployment
· Experienced security practitioners who want to improve their thinking and analysis skills
· Those studying for security certification, such as the CISSP
· Software and Internet product planning and marketing staff (and not just security software)
Schneier, who is recognized for his contributions to cryptography, has recently found religion. As recounted in a recent interview in "Information Security" magazine, he realized that humans were destroying the purity of his mathematical approach. Instead of retreating into academia, he tackled this issue head-on, some of the result of which is this landmark book. He recommends reading it cover to cover, and I agree with him-it takes all 400 pages to paint the complete story, and if you don't approach it linearly, you run the risk of missing the subtleties of the author's message. Skimming this book could easily trap a reader into equating vulnerability with risk. The world is full of risk, and while Schneier takes obvious delight in deconstructing the vulnerabilities of automated systems, it is important to understand that historical manual systems are quite vulnerable too, and humans deal with the risk quite nicely. Read the whole book.
The chapters that I found most significant included:
· (6 & 7) Cryptography: It is no surprise that he was written a terrific introduction to the concepts and building blocks (primitives and protocols) of encryption. Even techno-agnostics will find great value in his discussion of the problems with proprietary algorithms.
· (9) Identification & Authentication: An excellent introduction to the problems of passwords and helpful discussion of the limitations of biometrics. He makes it clear why biometrics are NOT a magic cure for security problems.
· (12) Network Defenses: Schneier tells it like it is! The ugly truth about sexy security toys.
· (13) Software Reliability: Best description of stack overflow that I've ever seen for a lay audience.
· (22) Product Testing and Verification: After crypto, evaluating software for security flaws is Schneier's other specialty, and he's written an awesome chapter. The author makes it very clear why it is unrealistic to expect invulnerable software, he single-handedly conducts a totally balanced debate on the merits of full disclosure, and he finishes the chapter with sage advice on approaching security product reviews with healthy skepticism.
I'm often asked to recommend introductory texts on information security, and unfortunately there really aren't that many good books for a newbie. If more books existed, I would probably give Schneier's book a 4 instead of a 5, but for now, this is one of the best. As he explains in the Afterward, his `epiphany' occurred only 12 months before completing the text-this isn't much time to become an expert in security process. His background is somewhat removed from day to day operations, and perhaps this lack of administrative experience results in a few weak areas. I suggest that the reader exercise some critical thinking and consult additional authorities when reading the following chapters:
· (4) Adversaries: his concept of computer criminals is a bit weak, pretty much lumping all transgressors into the mutually exclusive categories of `spy' or `hacker'.
· (5) Security Needs: Sof of his terminology lacks precision (perhaps inevitable when addressing a general audience). I disagree that a spoofed message represents an integrity failure, and I don't characterize audit as a requirement, but as a control.
· (15) Certificates and Credentials: He totally ignores the concept that practice statements (policies on CA and especially certificate management) provide any arbitrary level of assurance-the more stringent the rules, the higher the assurance. He doesn't discuss time stamping and other forms of third-party witnessing that can greatly strengthen a digital signature.
· (16) Security Tricks: His vehement attack on key recovery is politically extreme. The government's ill-conceived desire for key escrow should not affect the responsibility a corporation has to protect its own data. Who hasn't used an encryption product and lost a key?
· (21) Attack Trees: This is a marvelously useful idea, but he leaves the impression that these can be used to create quantifiable risk models, and I don't believe that putting information security risk in dollar value terms is practical.
Despite its length, the book is a quick read, and the informal tone makes it very approachable. It is addressed at a completely different audience than "Applied Cryptography"--it isn't a technical book--it is more of a business book. (Technical specialists would be well advised to read more business texts like this.) My copy is already well marked with highlighting and notes-this text has a lot of meat in it, and many new and useful ideas. If you find this book helpful in your job and you want to do additional reading, two complementary texts on the human aspects of infosec that I recommend are "The Process of Network Security" by Thomas Wadlow, and "Fighting Computer Crime : A New Framework for Protecting Information" by Donn B. Parker (I've reviewed both here on Amazon).
41 internautes sur 42 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Secrets and Lies and Schneier, oh my 6 septembre 2000
Par Un client - Publié sur Amazon.com
Format:Relié
_Secrets and Lies_ is a necessary book for everyone who wonders about privacy and security on the Internet--that is to say, everyone. Schneier discusses the threats in cyberspace, the technologies to combat them, and (most importantly) the strategies that make those technologies work. It's not surprising that the technical information is solid. What might be surprising to some, though, is how lucid and funny Schneier's writing is. He doesn't talk down to readers, but you don't have to be a complete techie to understand what he's saying.
Schneier's discussion of where things are and where they're going is fascinating and informative. I was especially interested by the legal stuff--many of the laws designed to enhance security and privacy actually damage it. Read this book, make your boss read it, make your IT manager read it, and send a copy to your congresscritter. It might just help make the Net safer.
18 internautes sur 20 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Classic Schneier 21 août 2000
Par Ryan L. Russell - Publié sur Amazon.com
Format:Relié
If you're a fan of Bruce Schneier, whether it be his live presentations, his books, or Crypto-Gram, then you'll love this book. Bruce has shifted his focus away somewhat from the deep technical details that he has in "Applied Cryptography." In this book, he delves more into the hows and whys of security, and focuses heavily on the trade-offs that reality forces security people to make. This book is a must-read for anyone responsible for making security decisions.
19 internautes sur 22 ont trouvé ce commentaire utile 
3.0 étoiles sur 5 Why Digital Security Isn't! 24 février 2002
Par Un client - Publié sur Amazon.com
Format:Relié
Bruce Schneier has an M.S. in Computer Science from American University and a B.S. in Physics from the University of Rochester but he is self-educated in the areas of computer security and cryptography. An acknowledged expert in the field of cryptography, he has written eight books and dozens of articles on topics as wide ranging as techniques for securing installations of the MacOS to the detailed specifications of an encryption algorithm. He used to be president of Counterpane Systems, which was a consulting firm specializing in cryptography and computer security. He is now Chief Technical Officer of Counterpane Internet Security, Inc., a company he co-founded, which provides world wide real-time security monitoring services.
Secrets & Lies is an attempt at writing a book to provide everything you wanted to know about cryptography, computer hacking, and the security issues of computers and computer networks. The book is written in three main sections. The first concentrates on the modern electronic environment and the threats to security and commerce that exist within it, and how these weaknesses and threats compare to the more traditional security threats that have existed for years. The second section deals with the main categories of technologies that exist to secure computers and computer networks, and with the weaknesses of each of the types of security. The third section deals with how to develop a threat model, how to analyze a system for security vulnerabilities, and the future of data network security.
Secrets & Lies contains a lot of information arranged as a broad overview of information technology security. It is not, by any stretch of the imagination, a technician's handbook for securing a server or network. The system administrator or network operator may find some of the sections, such as how to analyze a system for security vulnerabilities, very useful but will not find a lot of answers on how to secure their particular network or system.
The main points that the author is attempting to impart can be discovered fairly quickly are that security is a process and not a product, security should be layered like an onion, security is like a chain in that it is only as strong as it's weakest link, and finally that security should be applied to the entire system and not just individual pieces. Yes, the book does read as if a computer security consultant wrote it, which is exactly what the author has been doing for a good part of his life. Having said that, the book is very readable and would be understandable to most business people, whether a person is an IT professional or a financial department manager. If new to the IT field or IT security a person would benefit greatly from this book.
Another theme of the author's, though it is only mentioned once, is the idea that computer security rests on the three pillars of integrity, availability, and confidentiality. Though much of the book is admittedly written with the goal of explaining how each of these "pillars" can or can't be accomplished, a disservice is done by not mentioning these principles earlier and providing them a higher level of importance. The technologies, the threats, and the weaknesses of the technologies receive the limelight in this book but the big "so what" is why the technologies even exist. The "why" is explained by the three pillars and though they are a conceptual idea it is important that the reader understand their importance prior to getting distracted by 128 bit encryption which is, after all, only a means to an end.
The IT professional; however, may find the book overly long and wordy. To make the different technologies understandable to almost anyone the author made free and extensive use of analogies that can at times be quite lengthy and simplistic. The analogies do accomplish the goal of clearly explaining the underlying principles, operation, and problems in several areas such as PKI and certificates but the IT professional who already is familiar with the topic will cringe at some of the simplistic explanations.
This is a good one over the world familiarization book on digital security. IT professionals should read this book, though they might want to consider skipping the first six chapters. The first six chapters are; however, an excellent primer for managers who are unfamiliar with data network security and the huge challenge posed by securing information systems and networks.
PJZ
Ces commentaires ont-ils été utiles ?   Dites-le-nous
Rechercher des commentaires
Rechercher uniquement parmi les commentaires portant sur ce produit

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Thème:
Première publication:
Aller s'identifier
 

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon
   


Rechercher des articles similaires par rubrique