Secrets and Lies

Bestselling author Bruce Schneier offers his expert guidance on achieving security on a network
Internationally recognized computer security expert Bruce Schneier offers a practical, straightforward guide to achieving security throughout computer networks. Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. This practical guide provides readers with a better understanding of why protecting information is harder in the digital world, what they need to know to protect digital information, how to assess business and corporate security needs, and much more.
* Walks the reader through the real choices they have now for digital security and how to pick and choose the right one to meet their business needs
* Explains what cryptography can and can't do in achieving digital securityDie jüngsten Schlagzeilen über Angriffe von Hackern auf die großen E-Commerce Web Sites machen nur allzu deutlich, daß die Beherrschung der notwendigen Technologie zum Aufbau sicherer Systeme heute wichtiger ist denn je. Bruce Schneier, internationaler Experte in Sachen Computersicherheit, gibt in diesem praktischen Leitfaden genaue Anleitungen, wie man Computernetzwerke gegen unbefugten Zugriff absichert. Hier erfahren Sie, warum Datenschutz im digitalen Zeitalter so schwierig ist, wie man digitale Information schützen kann, wie man die Sicherheitsanforderungen von Unternehmen ermittelt usw., usw.. Ein separates Kapitel widmet sich dem "Love Bug", dessen "I love you" im Mai alle Computernutzer in Angst und Schrecken versetzte.

Preface xi

1. Introduction 1

Part 1: The Landscape 11

2. Digital Threats 14

3. Attacks 23

4. Adversaries 42

5. Security Needs 59

Part 2: Technologies 83

6. Cryptography 85

7. Cryptography in Context 102

8. Computer Security 120

9. Identification and Authentication 135

10. Networked-computer Security 151

11. Network Security 176

12. Network Defenses 188

13. Software Reliability 202

14. Secure Hardware 212

15. Certificates and Credentials 225

16. Security Tricks 240

17. The Human Factor 255

Part 3: Strategies 271

18. Vulnerabilities and the Vulnerability Landscape 274

19. Threat Modeling and Risk Assessment 288

20. Security Policies and Countermeasures 307

21. Attack Trees 318

22. Product Testing and Verification 334

23. The Future of Products 353

24. Security Processes 367

25. Conclusion 389

Afterword 396

Resources 399

Acknowledgments 401

Index 403

“…The security technologies available are described in a user-friendly way without going into depth...” (Computer Bulletin, January 2005)

“…peppered with lively anecdotes and aphorisms, making it a really accessible read...” (The ISSG Magazine, Autumn, 2004)

“…fascinating read…peppered with lively anecdotes…” (The ISSG Magazine, October 2004)

"...make yourself better informed. Read this book." (CVu, The Journal of the ACCU, Vol 16(3), June 2004)

Bruce Schneier is the founder and CTO of Counterpane Internet Security, Inc., the recognized leader in network security services. The bestselling author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World and Applied Cryptography, he is an internationally respected security expert. "A primer in practical computer security aimed at those shopping, communicating, or doing business online – almost everyone, in other words."
–The Economist

Viruses. Identity theft. Corporate espionage. National secrets compromised. Can anyone promise security in our digital world?

The man who introduced cryptography to the boardroom says no. But in this fascinating read, he shows us how to come closer by developing security measures in terms of context, tools, and strategy. Security is a process, not a product – one that system administrators and corporate executives alike must understand to survive.

"This book is of value to anyone whose business depends on safe use of e-mail, the Web, or other networked communications. If that’s not yet everybody, it soon will be."
–Stephen H. Wildstrom, BusinessWeek

"It’s not often that a truly outstanding book is written for both technical users and management. Fortunately, Secrets and Lies pulls off this feat rather well."
–Dustin Puryear, Linux.com

"Schneier . . . peppers the book with lively anecdotes and aphorisms, making it unusually accessible."
–Los Angeles Times