The title is maybe misleading. It is not really a guide that will show you a procedure step by step 'how to do' to build secure systems as most engineering books do. It is rather a survey of the different security protocols used in various fields. Of course, you can learn from the success and errors described in the book and use this knowledge for developing a new system but you will have to connect the dots yourself.
The book is very dense in information and at first, its format was making it tedious for me to read. It did take around 3 chapters before I get accustomed to the format. Once, this aspect was out of the way, this book became amazingly interesting. It describes systems used in banking, by diplomats, military, for nuclear weapons, police, set-up box TV decoders smart cards and anti tampering devices in general, spies, biometric authentication, etc.. and focus on the security protocols used by these systems and then highlights the weaknesses of the systems and how people have figured out how to workaround these protocols.
The best quality of the book is that it will help you to better understand the mindset of a secure system designer and a system hacker.
The content of this book slightly overlap the content of the author previous book (Secrets and Lies: Digital Security in a Networked World) but presents the material with a different angle. An angle with the perspective of a security expert that witness security measures taken by governments in reaction of the 9/11 terrorism attack and wants people to understand the absurdity of some of these measures.
It is not technical at all and does not necessitate any particular background to understand and enjoy. The author explains clearly how to make a risk assessment of something that you want to make more secure and then evaluate the cost of the security measures. Only when you have that data, you can evaluate if the added security is worth it.
These explanations are backed up with concrete examples such as evaluating the risk to make purchase with a credit card over the internet. Other examples include the absurdity of securing a lunch in a company refrigerator because the potential loss if having a lunch stolen does not justify securing it. The author also explains that even with technologies that looks very accurate such as facial recognition with an error rate of, let’s say, 0.0001 % are totally ineffective when they have to control a huge number of persons like a stadium crowd because even with this accuracy, they would create an unmanageable amount of false positive alerts.
The author also elaborate about why you should question the motivation of a security provider when it is a third party and link this with how people fears can be exploited to introduce invasive, excessively expensive and inefficient security measures. I think that the goal of the author was to make people more critics about security questions and my opinion is that his goal has been successfully achieved.
This book is not very technical but it is very interesting to read and is very good to convey the basic principles of security. This book will teach you why security is more important than ever with the advent of computers and internetworking. It will present you potential attackers, their motivations and their resources. It shows how to add security to a system by doing some analysis of how the system could be attacked. After reading this book, you will have a better understanding of what it means to make a digital system secure.
This book is extremely complete. It briefly covers the history of cryptography. It describes the political implications of cryptography and finally it shows how cryptography can be used in applications and presents the different cryptographic algorithms.
The algorithm section starts with a number theory primer.Honestly, I have found it a little bit too thin to learn all the needed background to fully understand the algorithms but on the other side, you cannot expect a simple 600 pages book to provide that background in the latest mathematical research number theories. It has at least the merit that it did stimulate my curiosity about number theory when I have read the first edition of this book.
Another point that makes this book interesting is that at the end of each chapter presenting the various algorithms in a given category, you will get Bruce Schneier opinion on which algorithm is the best. Of course, this type of information usually become outdated real fast but it is interesting to follow his thought process and test his predictions as the book grow older.
So, if you are looking for your first cryptography book, it should be this one.
Beside Bruce Schneier books, this is the second software security book that I am reading. The first being Building Secure Software: How to Avoid Security Problems the Right Way and I have prefered this one because it provides more concrete examples. The book consists of over 20 chapters covering different security areas. As a software developer, some chapters appeared less relevent and less interesting to me and I guess that it is because these chapters are geared principally toward testers.
However, at least 2 chapters should be extremely interesting and valuable to developers like myself. It is the chapters that demonstrate with step by step tutorials how a hacker would do to exploit buffer overflow and format string problems. I was already familiar with buffer overflows and I had read a similar chapter about them in Building Secure Software: How to Avoid Security Problems the Right Way but the format string exploits were new to me.
As expected since the book is published by Microsoft Press, the book has a strong bias torward Microsoft products (ie.: .NET and ActiveX controls security) but the presented topics are general enough to make this book very valuable even for users of other OSes and/or development tools.
I want you to find in this blog informations about C++ programming that I had a hard time to find in the first place on the web.
|<< <||> >>|