Envoyer sur votre Kindle ou un autre appareil

 
 
 

Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.
Security Engineering: A Guide to Building Dependable Distributed Systems
 
Agrandissez cette image
 

Security Engineering: A Guide to Building Dependable Distributed Systems [Format Kindle]

Ross J. Anderson
5.0 étoiles sur 5  Voir tous les commentaires (1 commentaire client)

Prix conseillé : EUR 57,65 De quoi s'agit-il ?
Prix éditeur - format imprimé : EUR 53,18
Prix Kindle : EUR 36,96 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 16,22 (31%)

  • Longueur : 640 pages
  • Langue : Anglais
  • En raison de la taille importante du fichier, ce livre peut prendre plus de temps à télécharger
  • Vous n'avez pas encore de Kindle ? Achetez-le ici Ou commencez à lire dès maintenant avec l'une de nos applications de lecture Kindle gratuites.

Formats

Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 36,96  
Broché EUR 52,80  
Broché --  

Auteurs, publiez directement sur Kindle !

KDP
Via notre service de Publication Directe sur Kindle, publiez vous-même vos livres dans la boutique Kindle d'Amazon. C'est rapide, simple et totalement gratuit.



Le Pack de la Rentrée : 24 applis offertes, plus de 50 euros d'économies, jusqu'au 4 septembre sur l'App-Shop pour Android. Profitez-en et partagez la nouvelle. En savoir plus.


Descriptions du produit

Présentation de l'éditeur

The first quick reference guide to the do's and don'ts of creating high quality security systems.
Ross Anderson, widely recognized as one of the world's foremost authorities on security engineering, presents a comprehensive design tutorial that covers a wide range of applications. Designed for today's programmers who need to build systems that withstand malice as well as error (but have no time to go do a PhD in security), this book illustrates basic concepts through many real-world system design successes and failures. Topics range from firewalls, through phone phreaking and copyright protection, to frauds against e-businesses. Anderson's book shows how to use a wide range of tools, from cryptology through smartcards to applied psychology. As everything from burglar alarms through heart monitors to bus ticket dispensers starts talking IP, the techniques taught in this book will become vital to everyone who wants to build systems that are secure, dependable and manageable.

Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 11723 KB
  • Nombre de pages de l'édition imprimée : 640 pages
  • Editeur : Wiley; Édition : 1 (23 mars 2001)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • ASIN: B00B4OHOSW
  • Synthèse vocale : Activée
  • X-Ray :
  • Moyenne des commentaires client : 5.0 étoiles sur 5  Voir tous les commentaires (1 commentaire client)
  •  Souhaitez-vous faire modifier les images ?


Commentaires en ligne 

4 étoiles
0
3 étoiles
0
2 étoiles
0
1 étoiles
0
5.0 étoiles sur 5
5.0 étoiles sur 5
Commentaires client les plus utiles
2 internautes sur 2 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 La réference en matière de sécurité 23 avril 2002
Par Un client
Format:Broché
Des théories, des exemples historiques...
Anderson conduit le lecteur à penser comme un extra-terrestre, hors du respect des règles pour contourner les systèmes de sécurité ou mesurer les risques des systèmes complexes
Avez-vous trouvé ce commentaire utile ?
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.8 étoiles sur 5  28 commentaires
46 internautes sur 50 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Anyone responsible for info security should read this book 11 juillet 2001
Par Ben Rothke - Publié sur Amazon.com
Format:Broché
A large group of programmers were asked a hypothetical question: If Microsoft was to build an airplane, would you get on it? All of the programmers instantly said no, save for a sole programmer who said he would definitely board the plane. When asked why he was so confident about getting on the plane, he replied, "If Microsoft were to ever build an airplane, it would be extremely safe since the plane would never make it out of the gate."
When it comes to information security, its current state is similar to that of a Microsoft airplane--built, but often flashy, while not forcefully functional. The root of the problem is that most organizations view security as something added on in a piecemeal fashion, rather than an integral engineering issue.
Those in the construction business get this concept; they know that designs, plans, permits, coordination, commitment, buy-in, etc.,; are all requirements, not options. Similarly, before any information security product is rolled-out, the appropriate project plans must exist. While the concept that design must come before implementation is a given in most other industries, many IT departments lack this understanding.
Thus is the quandary that Ross Anderson deals with in Security Engineering: A Guide to Building Dependable Distributed Systems. In a nutshell, Security Engineering is one of the best security books ever written. If you are looking for 50 pages of screen prints on how to install and configure a printer under Windows 2000, this is the wrong book for that. What Anderson does, in great detail and with lucidity, is particularize all of the aspects that are required to create a security infrastructure. He relentlessly reiterates that security must be engineered into information systems from the outset. When security is retrofitted into an application or system, it is never as effective.
Anderson defines security engineering as "building systems to remain dependable in the face of malice, error or mischance. As a discipline, it focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves."
In its 24 chapters, the book covers every domain of computer security. As noted security guru Bruce Schneier writes in the book's foreword "If you're even thinking of doing any security engineering, you need to read this book." Schneier's comment compliments his own attitude that security is not a product, rather a process. Going with that mantra, Anderson demonstrates in exhaustive detail how information security must be implemented in every aspect of the information system's infrastructure in order for systems to be dependable and secure.
The often knee-jerk response to information security is to deal with it at the product level. With that, the security product of the year is purchased (Air Gap, IDS, PKI, etc.) and the company hopes and prays for security. Unfortunately, it does not work like that. Anderson writes that security products can't operate in a vacuum. They must operate in the framework of a comprehensive architecture supported by policies. That is precisely why there are huge amounts of books on security component technology, but very few on how to use them effectively. When it comes to making all of these security technologies interoperate, there are few good titles in print, and that is the value of this book....
In more than 600 pages of intense information, Anderson lays the groundwork on how to build a secure and dependable system. Every aspect of information security is discussed in the book -- from passwords, access control, and attacks, to physical security and policy. Additionally, relevant and timely topics such as information warfare, privacy protection, access control, and more are discussed. This is the only book that covers the end-to-end spectrum of security design and engineering.
Just as important as the technical issues covered in the book, the entire range of attacks that distributed systems can face (technical, procedural, and physical) are also covered. Understanding these threats are paramount in order to properly secure the system. Anderson notes from years of personal experience that many security systems are designed solely to keep the good guys out without thinking of the bad guys. There are two mistakes with this approach -- it only solves a smart part of the problem, and more importantly, the bad guys do not follow the rules. Bruce Schneier likens this approach to security as putting a pole in front of your house and hoping the attacker runs into the pole. The reality is that the adversary will simply go around the pole.
While many of the chapter topics may sound unexciting, Anderson has a wonderful writing style and at times reads almost like a Tom Clancy thriller with its details of military command and control systems and other similar topics. Anyone responsible for information security should read Security Engineering.
32 internautes sur 34 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Comprehensive, current, and stunningly good 6 avril 2001
Par Avi Rubin - Publié sur Amazon.com
Format:Broché
It is about time that this book has been written!
Ross Anderson has a unique perspective to offer. He explains complex information, such as the inner working of cryptographic functions, with a clear and precise manner, while at the same time always relating the content to the real world. He possess a rare combination of expertise in theory and experience in practice.
This book covers everything from security of ATM machines, to secure printing; from multi-level security to information warfare; from hardware security to e-commerce; from legal issues to intellectual property protection; from biometrics to tamper resistance. In short, Anderson's book basically covers the entire field of computer security. It is also refreshing that the book is as deep as it is broad.
I will use this book to teach and also to learn. It is a good read cover to cover, and I imagine it will make a fine textbook for many classes on computer security. Every chapter ends with suggestions for interesting research problems and further reading.
As I was reading this book, I kept asking myself how one person could have produced such a comprehensive and complete book. It is indeed a treasure.
21 internautes sur 22 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 A watershed book for the security community 27 juin 2002
Par Richard Bejtlich - Publié sur Amazon.com
Format:Broché
This book changes everything. "Security Engineering" is the new must-read book for any serious information security professional. In fact, it may be required reading for anyone concerned with engineering of any sort. Ross Anderson's ability to blend technology, history, and policy makes "Security Engineering" a landmark work.

Engineers learn more from failure than success. "Security Engineering" brings this practice to life, investigating the design and weaknesses of ATM machines, currency printing, nuclear command and control, radar, and dozens of other topics. Anderson's insights are accurate and helpful, partly because he's served as consultant for diverse industries. His descriptions of criminal and intelligence agency exploitation of insecure systems are startling; fake cellular base stations, fly-by-night phone companies, TEMPEST/EMSEC viruses, freezing electronics to preserve RAM -- all are explained in layman's terms.

The bibliography offers exceptional opportunities for further research, but the second edition needs a glossary. I found some of the cryptography chapter too complicated for non-mathematicians. I also believe the author was misled by whomever told him that "at the time of writing, the US Air Force has so far not detected an intrusion using the systems it has deployed on local networks." (p. 387) (I know from experience this is false.) Nevertheless, these are my only criticisms for a 612 page text.

"Security Engineering" is a book of principles, lessons, and case studies. It offers history, tools, and standards to judge engineering endeavors. This book actually inspired me to learn how brick-and-mortar engineers learn their trade, as their methods and failure analysis may apply to the software world. "Security Engineering" will remain relevant for years, but I recommend you read it as soon as possible.
7 internautes sur 7 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Incomparable book on information security 2 mai 2001
Par R. Smith - Publié sur Amazon.com
Format:Broché|Achat vérifié
Those of us in the computer security business have been mining Ross Anderson's web site for years, since he's done some really unique and important work in the field. Finally he's pulled it into an incredible book, one that's essential for anyone interested in information security.
Two elements combine make this book unique: first, the book manages to cover all of the major topics in the field, and second, the book covers the whole range of attacks that systems can face: technical, procedural and physical. Historically, writers on information security have focused on computers and disembodied "users," downplaying the crucial issues of physical security, perimeters, operating procedures, and the limits of human behavior. This book tries to integrate such concerns into information security thinking, instead of treating them as "special concerns that computer geeks don't really care about."
Best of all, the book is a great read. Ross has a fine way of drawing out the irony we encounter in user behavior, enterprise behavior, and even in the actions of presumed authorities in industry and government. At one point he discusses a government endorsed security evaluation process "which, as mentioned, is sufficient to keep out all attackers but the competent ones."
Ross unabashedly explains several aspects of information security that most writers ignore entirely, like security printing, seals, tamper resistance, and associated procedures. In my own books, reviewers have chided me for including such "irrelevant" topics, even though they play an essential part in making a real system work. As Ross ably points out, most successful attacks these days are pretty mundane and don't involve cryptanalysis or sophisticated protocol hacking. ATM fraud, for example, often relies on pre-computer technology like binoculars to pick up a victim's PIN. This book should open a lot of peoples' eyes.
11 internautes sur 13 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Fantastic book - highly recommended reading on security 21 juin 2001
Par Ross Anderson - Publié sur Amazon.com
Format:Broché
This book does so much more than guiding the reader through the design of distributed systems. It is the most comprehensive and general definition and illustration of information security that I have ever seen in one place. This is a book that can teach you to look at the world through security glasses so to speak and that of course is a prerequisite for security engineering. It is also a good thing to be able to do if you need to evaluate security measures for quality and appropriateness.
The way Ross Anderson goes about this task is systematic and pedagogical. He has obviously been lecturing for many years and is both an excellent presenter and a person demonstrating a good understanding of learning curves. Both the book as a whole and the individual chapters have been constructed in such a way that the reader can give up at various points of complexity without losing the plot altogether and simply start at the beginning of the following chapter for a less deep education than if he read and understood everything but nevertheless gaining a comprehensive feel for the nature of security and how to tackle its implementation. This design also enables the book to be used either as a textbook or as a reference work. Very smart - many technical authors could learn something from observing how Ross goes about it.
I also like that each chapter ends with a discussion of possible research projects, literature recommendations and of course a summary. The only irritating thing is that there are too many stupid typos such as missing words, things which another read-through by the editor should have caught. An example: `...using the key in Figure 5.7, it enciphers to TB while rf enciphers to OB...' should be `...using the key in Figure 5.7, rd enciphers to TB while rf enciphers to OB...' It is fine to use typographic tricks for illustrative purposes but you must make sure they make it into print if you do. I'm certain many readers will find the chapter on cryptography difficult enough without errors. Well, next edition...
The book consists of three parts. The first is a quite basic intro to security concepts, protocols, human-to-computer interfaces, access control, cryptography and distributed systems. I think that perhaps Ross gets a little bit carried away in Chapter 5 on crypt - I mean, why is a proof for Fermat's little theorem included? There are no other mathematical proofs anywhere. I also think that parts of this chapter could benefit from added verbosity or perhaps a few more illustrations. Whereas in this context it is not so important how crypt primitives function internally it is of course very important how they behave as system components. Just a suggestion - no real criticism.
In the second part of the book the author ingeniously uses a whole range of well-known systems incorporating security to illustrate both analytical methods and security engineering fundamentals. Using this pedagogical method, moving from the concrete and well-known to the abstract and general is good engineering practice. Almost every main section contains a subsection called What Goes Wrong in which the author analyses and presents architectural and design weaknesses in everything from ATMs to nuclear systems. I find this approach incredibly valuable, not only because it teaches good engineering methodology but also because it gives the author an opportunity to present a huge number of security problems at the implementation level in a context, from which they can be lifted, cross-referenced and placed in different contexts. This method, combined with the informed and intelligent analysis is what makes this book such a brilliant generator of understanding of security, the broad and full concept.
Also in this part of the book there is a clear line which is not only technological but which serves to place security concepts in organisational frameworks, another very strong point in favour of this work. This leads to the third part of the book, which in the words of the author deals with politics, management and assurance. Very good entertainment as well. The book ends with one of the best bibliographies that I have ever seen in the field.
Kudos to Ross Anderson for writing such a fantastic book - highly recommended reading!
Ces commentaires ont-ils été utiles ?   Dites-le-nous
Rechercher des commentaires
Rechercher uniquement parmi les commentaires portant sur ce produit

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Thème:
Première publication:
Aller s'identifier
 

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon
   


Rechercher des articles similaires par rubrique