| || |
Security Engineering - A Guide to Building Dependable Distributed Systems
by Bruce Schneier
(Respecting the intellectual property of others is utmost important to us, we make every effort to make sure we only link to legitimate sites, such as those sites owned by authors and publishers. If you have any questions about these links, please contact us.)
Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about.
Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall
Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.
"While many of the chapter topics may sound unexciting, Anderson has a wonderful writing style and at times reads almost like a Tom Clancy thriller with its details of military command and control systems and other similar topics. Anyone responsible for information security should read Security Engineering." (UnixReview.com, July 2001)
"an eminently readable yet comprehensive book" (Network News, 12 September 2001)
"the explanations of all concepts are excellent, with fascinating case studiesI found the entire book fascinatingI cannot recommend this book highly enough and in my opinion, every computer professional should have a copy on their bookshelfessential reading" (Cvu, October 2002)
UnixReview.com, July 2001
"...Anyone responsible for information security should read Security Engineering."
Network News, 12 September 2001
"an eminently readable yet comprehensive book"
The first quick reference guide to the do's and don'ts of creating high quality security systems.
Ross Anderson, widely recognized as one of the world's foremost authorities on security engineering, presents a comprehensive design tutorial that covers a wide range of applications. Designed for today's programmers who need to build systems that withstand malice as well as error (but have no time to go do a PhD in security), this book illustrates basic concepts through many real-world system design successes and failures. Topics range from firewalls, through phone phreaking and copyright protection, to frauds against e-businesses. Anderson's book shows how to use a wide range of tools, from cryptology through smartcards to applied psychology. As everything from burglar alarms through heart monitors to bus ticket dispensers starts talking IP, the techniques taught in this book will become vital to everyone who wants to build systems that are secure, dependable and manageable.
(Wiley Computer Publishing) A text offering an end-to-end look at modern computer security design and engineering. Offers the reader coverage of management and policy issues, biometrics, tamper resistance, copyright protection, cryptography, access controls to distributed systems, and much more. Softcover. DLC: Computer security.
From the Publisher
Security engineering is about building systems to remain dependable in the face of malice, error or mischance. It requires cross-disciplinary expertise, ranging from cryptography and computer security to a knowledge of applied psychology, management and the law. Although there are good books on many of these disciplines, this book is the first to bring them together into a comprehensive guide to building complete systems. Written for the working programmer or engineer who needs to learn the subject quickly but has no time to do a PhD in it, the book brings the subject to life with detailed descriptions of automatic teller machines, burglar alarms, copyright protection mechanisms, de-identified medical record databases, electronic warfare systems, and other critical applications. It also covers a lot of technology for which there isn't any good introductory text, such as biometrics, tamper-resistant electronics and the tricks used in phone fraud.
Over the next few years, the Internet will grow to include all sorts of things besides PCs. By 2003, there will be more mobile phones connected than computers, and within a few years we'll see many of the world's fridges, heart monitors, bus ticket dispensers and burglar alarms talking IP. Things will be further complicated by the spread of peer-to-peer models of networking. Securing real applications in this sort of environment is one of the biggest engineering challenges of the next ten years. This book will help you to meet the challenge.
From the Author
This is the book I wish had been around in the early 1980s when I started earning my living doing security engineering. Then, there were plenty books and research papers on theory, but little on the actual practice. Nowadays, the situation is still much the same. And just as bridge builders learn more from the one bridge that falls down than from the hundreds that don't, so security engineers can learn much more from studying how real systems have been built - and, especially, how they have failed. The real problems have to do with system-level concepts; they lie in understanding what your application's protection requirements really are, and how you can combine the available mechanisms intelligently to meet them.
This book distills the system know-how I've learnt in years as a banker, in more years as a security consultant, and in still more years as an academic. Putting it together has been fun. It's also been a valuable research exercise: there's no better way of finding out what you don't know than trying to write down what you do. With luck, this book will serve as a snapshot of what we know - and of what we don't - at the beginning of the twenty-first century.
I hope you have as much fun reading it as I had writing it!
From the Inside Flap
`Many people are anxious about Internet security', says leading expert Ross Anderson, `and that's with just PCs and servers attached. But over the next few years a huge range of devices is going to come online. By 2003 there may well be more mobile phones on the net than PCs, and they will be followed by everything from fridges through burglar alarms to heart monitors. How will we manage the risks?'
Dense with anecdotes and war stories, readable, up to date and full of pointers to recent research, this book will be invaluable to you if you have to design systems to be resilient in the face of malice as well as error. Anderson provides the tools and techniques you'll need, discusses what's gone wrong in the past, and shows you how to get your design right the first time around.
You don't need to be a security expert to understand Anderson's truly accessible discussion of:
* Security engineering basics, from protocols, cryptography and access controls to the nuts and bolts of distributed systems
* The lowdown on biometrics, tamper resistance, security seals, copyright marking and many other protection technologies - for many of them, this is the first detailed information in an accessible textbook
* What sort of attacks are done on a wide range of systems, from banking and medical records through buglar alarms and smartcards to mobile phones and e-commerce - and how to stop them
* Management and policy issues - how computer security interacts with the law and with corporate culture
From the Back Cover
"If youre even thinking of doing any security engineering, you need to read this book. Its the first, and only, end-to-end modern security design and engineering book ever written."Bruce Schneier
"Many people are anxious about Internet security for PCs and servers," says leading expert Ross Anderson, "as if thats all there is when in reality security problems have just begun. By 2003, there may be more mobile phones on the Net than PCs, and they will be quickly followed by network-connected devices from refrigerators to burglar alarms to heart monitors. How will we manage the risks?"
Dense with anecdotes and war stories, readable, up-to-date and full of pointers to recent research, this book will be invaluable to you if you have to design systems to be resilient in the face of malice as well as error. Anderson provides the tools and techniques youll need, discusses whats gone wrong in the past, and shows you how to get your design right the first time around.
You dont need to be a security expert to understand Andersons truly accessible discussion of:
- Security engineering basics, from protocols, cryptography, and access controls to the nuts and bolts of distributed systems
- The lowdown on biometrics, tamper resistance, security seals, copyright marking, and many other protection technologiesfor many of them, this is the first detailed information in an accessible textbook
- What sort of attacks are done on a wide range of systemsfrom banking and medical records through burglar alarms and smart cards to mobile phones and e-commerceand how to stop them
- Management and policy issueshow computer security interacts with the law and with corporate culture
About the Author
ROSS ANDERSON teaches and directs research in computer security at Cambridge University, England. Widely recognized as one of the worlds foremost authorities on security engineering, he has published extensive studies on how real security systems failon bank card fraud, phone phreaking, pay-TV hacking, ways to cheat metering systems and breaches of medical privacy.
Related Free eBooks
- A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems
- The Information Systems Security Officers Guide
- A Guide To Writing The Security Features User's Guide For Trusted Systems
- Communication Systems Engineering, Spring 2003
- Environmental Engineering Applications of Geographic Information Systems, Fall 2004
- Guide to Building an OpenBSD PPPoE Gateway
- IBM System i Security Guide for IBM i5/OS Version 5 Release 4
- IBM System Storage Tape Library Guide for Open Systems
- IBM Workplace Forms: Guide to Building and Integrating a Sample Workplace Forms Application
- Linux Administrator's Security Guide
- Linux Admins Security Guide
- Engineering Systems Doctoral Seminar, Fall 2002
- Elliptic Curve Cryptography, Future Resiliency and High Security Systems
- Distributed Computer Systems, Fall 2002
- A Guide to Understanding Object Reuse in Trusted Systems
- Aircraft Systems Engineering, Fall 2004
- Aircraft Systems Engineering, Fall 2005
- Beginner's Guide to Building J2ME Apps
- Building Expert Systems in Prolog
- Building Technologies II: Building Structural Systems I, Spring 2003
- Building Technologies III: Building Structural Systems II, Fall 2002
- Building Technology III: Building Structural Systems, Fall 2004
- Cisco Security Specialist Guide to PIX
- Linux Security Quick Reference Guide
- Redhat Enterprise Linux Security Guide
- Active Defense A Comprehensive Guide to Network Security
- Building Embedded Linux Systems
- Building Reliable Component based Software Systems
- Linux on HP Integrity Servers A System Administrators Guide Jul 2004
- Media Sun Certified Security Administrator for Solaris 9 and 10 Study Guide
- Open Source Security Tools Practical Guide to Security Applications Jul 2004
- PHP Architects Guide to PHP Security
- SANS Institute Securing Linux A Survival Guide for Linux Security Version 1 0
- Slamming Spam A Guide for System Administrators Dec 2004
- Windows Server 2003 Security Guide