Secrets and Lies: Digital Security in a Networked World / Edition 1

Secrets and Lies: Digital Security in a Networked World / Edition 1

by Bruce Schneier
ISBN-10:
1119092434
ISBN-13:
9781119092438
Pub. Date:
03/23/2015
Publisher:
Wiley
ISBN-10:
1119092434
ISBN-13:
9781119092438
Pub. Date:
03/23/2015
Publisher:
Wiley
Secrets and Lies: Digital Security in a Networked World / Edition 1

Secrets and Lies: Digital Security in a Networked World / Edition 1

by Bruce Schneier
$32.0 Current price is , Original price is $32.0. You
$32.00 
  • SHIP THIS ITEM
    Qualifies for Free Shipping
  • PICK UP IN STORE
    Check Availability at Nearby Stores
  • SHIP THIS ITEM

    Temporarily Out of Stock Online

    Please check back later for updated availability.


Overview

This anniversary edition which has stood the test of time as a runaway best-seller provides a practical, straight-forward guide to achieving security throughout computer networks. No theory, no math, no fiction of what should be working but isn't, just the facts. Known as the master of cryptography, Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. A much-touted section: Schneier's tutorial on just what cryptography (a subset of computer security) can and cannot do for them, has received far-reaching praise from both the technical and business community.

Praise for Secrets and Lies

"This is a business issue, not a technical one, and executives can no longer leave such decisions to techies. That's why Secrets and Lies belongs in every manager's library."-Business Week

"Startlingly lively....a jewel box of little surprises you can actually use."-Fortune

"Secrets is a comprehensive, well-written work on a topic few business leaders can afford to neglect."-Business 2.0

"Instead of talking algorithms to geeky programmers, [Schneier] offers a primer in practical computer security aimed at those shopping, communicating or doing business online-almost everyone, in other words."-The Economist

"Schneier...peppers the book with lively anecdotes and aphorisms, making it unusually accessible."-Los Angeles Times

With a new and compelling Introduction by the author, this premium edition will become a keepsake for security enthusiasts of every stripe.


Product Details

ISBN-13: 9781119092438
Publisher: Wiley
Publication date: 03/23/2015
Edition description: 15th Anniversary Edition
Pages: 448
Product dimensions: 6.30(w) x 8.90(h) x 1.50(d)

About the Author

Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of twelve books—including his seminal work, Applied Cryptography: Protocols, Algorithms, and Source Code in C, and Secrets & Lies: Digital Security in a Networked World as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and blog "Schneier on Security" are read by over 250,000 people. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, and an Advisory Board member of the Electronic Privacy Information Center. He is also the Chief Technology Officer of Resilient Systems, Inc. You can read his blog, essays, and academic papers at www.schneier.com. He tweets at @schneierblog.

Read an Excerpt

Click to read or download

Table of Contents

Foreword to 2015

15th Anniversary Edition ix

Introduction From the Paperback Edition xiii

Preface xxiii

About the Author xxvii

1. Introduction 1

Part 1: The Landscape 11

2. Digital Threats 14

3. Attacks 23

4. Adversaries 42

5. Security Needs 59

Part 2: Technologies 83

6. Cryptography 85

7. Cryptography in Context 102

8. Computer Security 120

9. Identification and Authentication 135

10. Networked-Computer Security 151

11. Network Security 176

12. Network Defenses 188

13. Software Reliability 202

14. Secure Hardware 212

15. Certificates and Credentials 225

16. Security Tricks 240

17. The Human Factor 255

Part 3: Strategies 271

18. Vulnerabilities and the Vulnerability Landscape 274

19. Threat Modeling and Risk Assessment 288

20. Security Policies and Countermeasures 307

21. Attack Trees 318

22. Product Testing and Verification 334

23. The Future of Products 353

24. Security Processes 367

25. Conclusion 389

Afterword 396

Resources 399

Acknowledgments 401

Index 403

What People are Saying About This

From the Publisher

"...this book is of value to anyone whose business depends on safe use of email, the Web, or other networked communications" and "belongs in every manager's library." —Business Week

"Schneier...peppers the book with lively anecdotes and aphorisms, making it unusually accessible." —Los Angeles Times

Schneier "offers a primer in practical computer security aimed at those shopping, communicating or doing business online—almost everyone, in other words." —The Economist

Schneier is "one of the foremost experts on computer security" and his 1995 Wiley book Applied Cryptography is "the landmark text on the security hazards of the Internet." —Time Out New York

Schneier "gives the state of the art on corporate security." —thestandard.com

Schneier "wrote the book on applied cryptography" —Information Security

Secrets & Lies is "a written, well researched exploration of digital security as a system." —slashdot.com

"Although Schneier's style is lively and spiced with unusual vocabulary (try looking up banausic and flagitious in your Funk and Wagnalls), no one is going to pick up this book for the sake of a a good read. They want the information contained therein." —eWEEK.com

"In Secrets and Lies the things that actually go wrong are explained by lots of concrete examples, some stunning." —New Scientist

"Schneier's book is an excellent read.... He understands the issues and the issues behind the issues." —Bill Machrone

Review Anne Fisher calls Secrets and Lies "a jewel box of little surprises you can actually use" and refers to the book as "a startlingly lively treatise." —Fortune, November 27, 2000, p. 304

"Secrets and Lies should begin to dispel the fog of deception and special pleading around security, and it's fun.." —New Scientist, 2nd September 2000

Preface

I have written this book partly to correct a mistake.

Seven years ago I wrote another book: Applied Cryptography. In it, I described a mathematical utopia: algorithms that would keep your deepest secrets safe for millennia, protocols that could perform the most fantastical electronic interactions-unregulated gambling, undetectable authentication, anonymous cash-safely and securely. In my vision cryptography was the great technological equalizer; anyone with a cheap (and getting cheaper every year) computer could have the same security as the largest government. In the second edition of the same book, written two years later, I went so far as to write: "It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics."

It's just not true. Cryptography can't do any of that.

It's not that cryptography has gotten weaker since 1994, or that the things I described in that book are no longer true; it's that cryptography doesn't exist in a vacuum.

Cryptography is a branch of mathematics. And like all mathematics, it involves numbers, equations, and logic. Security, palpable security that you or I might find useful in our lives, involves people: things people know, relationships between people, people and how they relate to machines. Digital security involves computers: complex, unstable, buggy computers.

Mathematics is perfect; reality is subjective. Mathematics is defined; computers are ornery. Mathematics is logical; people are erratic, capricious, and barely comprehensible.

The error of Applied Cryptography is that I didn't talk at all about the context. I talked about cryptography as if it were The Answer. I was pretty naive.

Theresult wasn't pretty. Readers believed that cryptography was a kind of magic security dust that they could sprinkle over their software and make it secure. That they could invoke magic spells like "128-bit key" and "public-key infrastructure." A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography.

Since writing the book, I have made a living as a cryptography consultant: designing and analyzing security systems. To my initial surprise, I found that the weak points had nothing to do with the mathematics. They were in the hardware, the software, the networks, and the people. Beautiful pieces of mathematics were made irrelevant through bad programming, a lousy operating system, or someone's bad password choice. I learned to look beyond the cryptography, at the entire system, to find weaknesses. I started repeating a couple of sentiments you'll find throughout this book: "Security is a chain; it's only as secure as the weakest link." "Security is a process, not a product."

Any real-world system is a complicated series of interconnections. Security must permeate the system: its components and connections. And in this book I argue that modern systems have so many components and connections-some of them not even known by the systems' designers, implementers, or users-that insecurities always remain. No system is perfect; no technology is The Answer.

This is obvious to anyone involved in real-world security. In the real world, security involves processes. It involves preventative technologies, but also detection and reaction processes, and an entire forensics system to hunt down and prosecute the guilty. Security is not a product; it itself is a process. And if we're ever going to make our digital systems secure, we're going to have to start building processes.

A few years ago I heard a quotation, and I am going to modify it here: If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.

This book is about those security problems, the limitations of technology, and the solutions.

Read this book in order, from beginning to end.

No, really. Many technical books are meant to skim, bounce around in, and use as a reference. This book isn't. This book has a plot; it tells a story. And like any good story, it makes less sense telling it out of order. The chapters build on each other, and you won't buy the ending if you haven't come along on the journey.

Actually, I want you to read the book through once, and then read it through a second time. This book argues that in order to understand the security of a system, you need to look at the entire system-and not at any particular technologies. Security itself is an interconnected system, and it helps to have cursory knowledge of everything before learning more about anything. But two readings is probably too much to ask; forget I mentioned it.

This book has three parts. Part 1 is "The Landscape," and gives context to the rest of the book: who the attackers are, what they want, and what we need to deal with the threats. Part 2 is "Technologies," basically a bunch of chapters describing different security technologies and their limitations. Part 3 is "Strategies": Given the requirements of the landscape and the limitations of the technologies, what do we do now?

I think digital security is about the coolest thing you can work on today, and this book reflects that feeling. It's serious, but fun, too. Enjoy the read.

From the B&N Reads Blog

Customer Reviews