 |
|
|
| News. Information. Education. |
| Suggest a book |
|---|
|
PKIForum.com Books is where you can find news and reviews of the latest books of interest to the PKI community. Is there a book that you would like to see on PKIForum.com? Please send an e-mail message to books@pkiforum.com
|
| Subscribe |
|
You can subscribe to our low-volume mailing list for e-mail notices of site updates. To be notified of site updates, please send an email message to notify@pkiforum.com
|
| About PKIForum.com |
|
PKIForum.com is an independent news, information and education organization focused on public key infrastructure (PKI). We are developing more content to address the information and education needs of businesses and individuals interested in PKI. To contact PKIForum.com, please send an email message to info@pkiforum.com If you are interested in sponsorship opportunities at PKIForum.com, please send an email message to sponsor@pkiforum.com Thank you for visiting PKIForum.com! We hope to see you again soon.
|
| Secrets & Lies |
|---|
| BOOKS HOME REVIEW LINKS BUY |
|
REVIEW |
|
Respected cryptographer Bruce Schneier revisits his earlier thinking from Applied Cryptography and declares himself wrong. Then he tells you why.
He explains that the digital utopia he envisioned in his previous book cannot exist because cryptography is neither a panacea nor an alternative for security.
Security, he explains, is a process. And it is a system that encompasses hardware, software, networks, human beings and the interrelations and interfaces between them. Schneier proceeds to enumerate and illuminate the technologies and issues surrounding network security as he has encountered them in his consulting business.
The book is written in a conversational style so it is accessible to the layperson, and so Schneier's message reaches the widest possible audience, from the business executive to the average office clerk.
However, Schneier's writing has a tendency to shift between plain language and "geekspeak", leaving non-technical users at a loss. He also has an unfortunate tendency to lapse into using ridiculously academic language, which ultimately obscures the message he is trying to convey.
The impression that the reader is left with is that Schneier is trying to show how intelligent he is by using obscure words. The result is that the reader must stop reading the book to search a dictionary in order to understand Schneier's arguments.
In direct contrast to his lapses into academic writing, Schneier makes liberal use of references to American popular culture while illustrating his arguments. This seems to be an attempt to make difficult and otherwise serious subject matter accessible in an entertaining fashion. Who would guess that baseball personality Yogi Berra, Batman comic books, author Stephen King, and movies such as Star Wars and Raiders of the Lost Ark could be used as examples and metaphors to explain digital security?
A particularly annoying quirk of the book is Schneier's tendency to reference material from later chapters to explain a concept, then ask readers to ignore the reference until they have a chance to read and understand those later chapters.
Throughout the book, Schneier stresses the idea that security is a complex and dynamic set of interacting systems that intersect many aspects of technology, random events and human frailty.
Schneier explains threats and threat models, cryptographic primitives (which are the basic tools of cryptography), a multitude of attacks, product testing and security assessment and, of course, PKI and its associated problems. He also profiles the types of groups and individuals that may want to break your system security and how to mitigate that risk.
One of the strongest features of Secrets & Lies is Schneier's seemingly encyclopedic knowledge of cryptography, digital security and their shared history. The book is full of historical references such as the invention of the cryptographic key during the European Renaissance, descriptions of secret government agency activities through the years, tales of wartime code-breaking efforts and explanations of how and why various attacks succeeded or failed.
Because most people who read the book will not be spies, Schneier goes beyond the exotic world of espionage to examples of mundane security applications that we are likely to encounter in our daily lives. These range from the security surrounding your bank card when you use an automated teller machine, to how the public telephone network had to be re-engineered to prevent fraud.
Included in the book is a section on novel applications of security technology such as electronic voting. This section will be of special interest to Americans in light of the vote-counting controversy surrounding the recent Presidential elections.
The sense that Secrets & Lies is an effort to promote Counterpane's (Schneier's company) new focus on managed security services is somewhat disconcerting, especially given the author's popular status as a security superstar. Schneier dismisses these concerns by saying that both the book and the transformation of his company are based on his realization that security is about risk management. It is a weak argument.
The book closes with a set of recommended security processes and speculation about the direction that the security field is headed.
In spite of the flaws that could have been resolved by better editing, Secrets & Lies is well worth reading. It offers a view of digital security grounded in the practical experience and current thinking of its author while spinning a tale that reaches back into history and peers into the future.
|
|
LINKS |
|
|
Copyright © PKIForum.comTM 1999-2001. All Rights Reserved. The PKIForum.com logo and "PKIforum.com" are trademarks of PKIForum.com and its proprietors. |
| Buy this book |
|---|
|
Support PKIForum.com by buying this book through the link below. A small percentage of the proceeds go to PKIForum.com for referrals.
Secrets & Lies @Fatbrain
|
