Beautiful Security: Leading Security Experts Explain How They Think
302Beautiful Security: Leading Security Experts Explain How They Think
302eBook
Related collections and offers
Overview
Although most people don't give security much attention until their personal or business systems are attacked, this thought-provoking anthology demonstrates that digital security is not only worth thinking about, it's also a fascinating topic. Criminals succeed by exercising enormous creativity, and those defending against them must do the same.
Beautiful Security explores this challenging subject with insightful essays and analysis on topics that include:
- The underground economy for personal information: how it works, the relationships among criminals, and some of the new ways they pounce on their prey
- How social networking, cloud computing, and other popular trends help or hurt our online security
- How metrics, requirements gathering, design, and law can take security to a higher level
- The real, little-publicized history of PGP
This book includes contributions from:
- Peiter "Mudge" Zatko
- Jim Stickley
- Elizabeth Nichols
- Chenxi Wang
- Ed Bellis
- Ben Edelman
- Phil Zimmermann and Jon Callas
- Kathy Wang
- Mark Curphey
- John McManus
- James Routh
- Randy V. Sabett
- Anton Chuvakin
- Grant Geyer and Brian Dunphy
- Peter Wayner
- Michael Wood and Fernando Francisco
All royalties will be donated to the Internet Engineering Task Force (IETF).
Product Details
ISBN-13: | 9780596555542 |
---|---|
Publisher: | O'Reilly Media, Incorporated |
Publication date: | 04/17/2009 |
Sold by: | Barnes & Noble |
Format: | eBook |
Pages: | 302 |
File size: | 3 MB |
About the Author
John is CTO of the SaaS Business Unit at McAfee, his second stint at McAfee. Previously, he was their Chief Security Architect, after which he founded and served as CEO of Stonewall Software, which focused on making anti-virus technology faster, better and cheaper. John was also the founder of Secure Software (now part of Fortify).
John is author of many security books, including Building Secure Software (Addison-Wesley), Network Security with OpenSSL (O'Reilly), and the forthcoming Myths of Security (O'Reilly). He is responsible for numerous software security tools and is the original author of Mailman, the GNU mailing list manager. He has done extensive standards work in the IEEE and IETF and co-invented GCM, a cryptographic algorithm that NIST has standardized. John is also an active advisor to several security companies, including Fortify and Bit9. He holds a MS and BA from the Universityof Virginia.
Table of Contents
Preface xi
1 Psychological Security Traps Peiter "Mudge" Zatko 1
Learned Helplessness and Naïet;veté 2
Confirmation Traps 10
Functional Fixation 14
Summary 20
2 Wireless Networking: Fertile Ground for Social Engineering Jim Stickley 21
Easy Money 22
Wireless Gone Wild 28
Still, Wireless is the Future 31
3 Beautiful Security Metrics Elizabeth A. Nichols 33
Security Metrics by Analogy: Health 34
Security Metrics by Example 38
Summary 60
4 The Underground Economy of Security Breaches Chenxi Wang 63
The Makeup and Infrastructure of the Cyber Underground 64
The Payoff 66
How Can We Combat This Growing Underground Economy? 71
Summary 72
5 Beautiful Trade: Rethinking E-Commerce Security Ed Bellis 73
Deconstructing Commerce 74
Weak Amelioration Attempts 76
E-Commerce Redone: A New Security Model 83
The New Model 86
6 Securing Online Advertising: Rustlers and sheriffs in The New Wild West Benjamin Edelman 89
Attacks on Users 89
Advertisers As Victims 98
Creating Accountability in Online Advertising 105
7 The Evolution of PGP's Web of Trust Phil Zimmermann Jon Callas 107
PGP and OpenPGP 108
Trust, Validity, and Authority 108
PGP and Crypto History 116
Enhancements to the Original Web of Trust Model 120
Interesting Areas for Further Research 128
References 129
8 Open Source Honeyclient: Proactive Detection of Client-Side Exploits Kathy Wang 131
Enter Honeyclients 133
Introducing the World's First Open Source Honeyclient 133
Second-Generation Honeyclients 135
Honeyclient Operational Results 139
Analysis of Exploits 141
Limitations of the Current Honeyclient Implementation 143
RelatedWork 144
The Future of Honeyclients 146
9 Tomorrow's Security Cogs and Levers Mark Curphey 147
Cloud Computing and Web Services: The Single Machine Is Here 150
Connecting People, Process, and Technology: The Potential for Business Process Management 154
Social Networking: When People Start Communicating, Big Things Change 158
Information Security Economics: Supercrunching and the New Rules of the Grid 162
Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All 165
Conclusion 168
Acknowledgments 169
10 Security By Design John McManus 171
Metrics with No Meaning 172
Time to Market or Time to Quality? 174
How a Disciplined System Development Lifecycle Can Help 178
Conclusion: Beautiful Security Is an Attribute of Beautiful Systems 181
11 Forcing Firms to Focus: Is Secure Software in Your Future? Jim Routh 183
Implicit Requirements Can Still Be Powerful 184
How One Firm Came to Demand Secure Software 185
Enforcing Security in Off-the-Shelf Software 190
Analysis: How to Make the World's Software More Secure 193
12 Oh No, Here Come The Infosecurity Lawyers! Randy V. Sabett 199
Culture 200
Balance 202
Communication 207
Doing the Right Thing 211
13 Beautiful Log Handling Anton Chuvakin 213
Logs in Security Laws and Standards 213
Focus on Logs 214
When Logs Are Invaluable 215
Challenges with Logs 216
Case Study: Behind a Trashed Server 218
Future Logging 221
Conclusions 223
14 Incident Detection: Finding The Other 68% Grant Geyer Brian Dunphy 225
A Common Starting Point 226
Improving Detection with Context 228
Improving Perspective with Host Logging 232
Summary 237
15 Doing Real Work Without Real Data Peter Wayner 239
How Data Translucency Works 240
A Real-Life Example 243
Personal Data Stored As a Convenience 244
Trade-offs 244
Going Deeper 245
References 246
16 Casting Spells: PC Security Theater Michael Wood Fernando Francisco 247
Growing Attacks, Defenses in Retreat 248
The Illusion Revealed 252
Better Practices for Desktop Security 257
Conclusion 258
Contributors 259
Index 269