book

Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition

Name: Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition
Author: Bruce Schneier
ISBN: 9781119092438

by Bruce Schneier

March 2015

Intermediate to advanced

448 pages

12h 13m

English

Wiley

Read now

Unlock full access

Cover Page
Title Page
Copyright
Dedication
Contents
Foreword to 2015 15 th Anniversary Edition
Introduction from the Paperback Edition
Preface
About the Author
CHAPTER 1: Introduction
STEP ONE: ENFORCE LIABILITIESSTEP TWO: ALLOW PARTIES TO TRANSFER LIABILITIESSTEP THREE: PROVIDE MECHANISMS TO REDUCE RISKADDITIONAL BOOKSFURTHER READING

PART 1: THE LANDSCAPE
CHAPTER 2: Digital Threats
THE UNCHANGING NATURE OF ATTACKSTHE CHANGING NATURE OF ATTACKSPROACTION VS. REACTION
CHAPTER 3: Attacks
CRIMINAL ATTACKSPRIVACY VIOLATIONSPUBLICITY ATTACKSLEGAL ATTACKS
CHAPTER 4: Adversaries
HACKERSLONE CRIMINALSMALICIOUS INSIDERSINDUSTRIAL ESPIONAGEPRESSORGANIZED CRIMEPOLICETERRORISTSNATIONAL INTELLIGENCE ORGANIZATIONSINFOWARRIORS
CHAPTER 5: Security Needs
PRIVACYMULTILEVEL SECURITYANONYMITYPRIVACY AND THE GOVERNMENTAUTHENTICATIONINTEGRITYAUDITELECTRONIC CURRENCYPROACTIVE SOLUTIONS
PART 2: TECHNOLOGIES
CHAPTER 6: Cryptography
SYMMETRIC ENCRYPTIONTYPES OF CRYPTOGRAPHIC ATTACKSRECOGNIZING PLAINTEXTMESSAGE AUTHENTICATION CODESONE-WAY HASH FUNCTIONSPUBLIC-KEY ENCRYPTIONDIGITAL SIGNATURE SCHEMESRANDOM NUMBER GENERATORSKEY LENGTH
CHAPTER 7: Cryptography in Context
KEY LENGTH AND SECURITYONE-TIME PADSPROTOCOLSINTERNET CRYPTOGRAPHIC PROTOCOLSTYPES OF PROTOCOL ATTACKSCHOOSING AN ALGORITHM OR PROTOCOL
CHAPTER 8: Computer Security
DEFINITIONSACCESS CONTROLSECURITY MODELSSECURITY KERNELS AND TRUSTED COMPUTING BASESCOVERT CHANNELSEVALUATION CRITERIAFUTURE OF SECURE COMPUTERS
CHAPTER 9: Identification and Authentication
PASSWORDSBIOMETRICSACCESS TOKENSAUTHENTICATION PROTOCOLSSINGLE SIGN-ON
CHAPTER 10: Networked-Computer Security
MALICIOUS SOFTWAREMODULAR CODEMOBILE CODEWEB SECURITY
CHAPTER 11: Network Security
HOW NETWORKS WORKIP SECURITYDNS SECURITYDENIAL-OF-SERVICE ATTACKSDISTRIBUTED DENIAL-OF-SERVICE ATTACKSTHE FUTURE OF NETWORK SECURITY
CHAPTER 12: Network Defenses
FIREWALLSDEMILITARIZED ZONESVIRTUAL PRIVATE NETWORKSINTRUSION DETECTION SYSTEMSHONEY POTS AND BURGLAR ALARMSVULNERABILITY SCANNERSE-MAIL SECURITYENCRYPTION AND NETWORK DEFENSES
CHAPTER 13: Software Reliability
FAULTY CODEATTACKS ON FAULTY CODEBUFFER OVERFLOWSTHE UBIQUITY OF FAULTY CODE
CHAPTER 14: Secure Hardware
TAMPER RESISTANCESIDE-CHANNEL ATTACKSATTACKS AGAINST SMART CARDS
CHAPTER 15: Certificates and Credentials
TRUSTED THIRD PARTIESCREDENTIALSCERTIFICATESPROBLEMS WITH TRADITIONAL PKISPKIS ON THE INTERNET
CHAPTER 16: Security Tricks
GOVERNMENT ACCESS TO KEYSDATABASE SECURITYSTEGANOGRAPHYSUBLIMINAL CHANNELSDIGITAL WATERMARKINGCOPY PROTECTIONERASING DIGITAL INFORMATION
CHAPTER 17: The Human Factor
RISKEXCEPTION HANDLINGHUMAN–COMPUTER INTERFACEHUMAN–COMPUTER TRANSFERENCEMALICIOUS INSIDERSSOCIAL ENGINEERING
PART 3: STRATEGIES
CHAPTER 18: Vulnerabilities and the Vulnerability Landscape
ATTACK METHODOLOGYCOUNTERMEASURESTHE VULNERABILITY LANDSCAPERATIONALLY APPLYING COUNTERMEASURES
CHAPTER 19: Threat Modeling and Risk Assessment
FAIR ELECTIONSSECURE TELEPHONESSECURE E - MAILSTORED-VALUE SMART CARDSRISK ASSESSMENTTHE POINT OF THREAT MODELINGGETTING THE THREAT WRONG
CHAPTER 20: Security Policies and Countermeasures
SECURITY POLICIESTRUSTED CLIENT SOFTWAREAUTOMATIC TELLER MACHINESCOMPUTERIZED LOTTERY TERMINALSSMART CARDS VS. MEMORY CARDSRATIONAL COUNTERMEASURES
CHAPTER 21: Attack Trees
BASIC ATTACK TREESPGP ATTACK TREECREATING AND USING ATTACK TREES
CHAPTER 22: Product Testing and Verification
THE FAILURE OF TESTINGDISCOVERING SECURITY FLAWS AFTER THE FACTOPEN STANDARDS AND OPEN SOURCE SOLUTIONSREVERSE ENGINEERING AND THE LAWCRACKING AND HACKING CONTESTSEVALUATING AND CHOOSING SECURITY PRODUCTS
CHAPTER 23: The Future of Products
SOFTWARE COMPLEXITY AND SECURITYTECHNOLOGIES TO WATCHWILL WE EVER LEARN?
CHAPTER 24: Security Processes
PRINCIPLESDETECTION AND RESPONSECOUNTERATTACKMANAGE RISKOUTSOURCING SECURITY PROCESSES
CHAPTER 25: Conclusion
Afterword
Resources
Acknowledgments
Index

Overview

This anniversary edition which has stood the test of time as a runaway best-seller provides a practical, straight-forward guide to achieving security throughout computer networks. No theory, no math, no fiction of what should be working but isn't, just the facts. Known as the master of cryptography, Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. A much-touted section: Schneier's tutorial on just what cryptography (a subset of computer security) can and cannot do for them, has received far-reaching praise from both the technical and business community.

Praise for Secrets and Lies

"This is a business issue, not a technical one, and executives can no longer leave such decisions to techies. That's why Secrets and Lies belongs in every manager's library."-Business Week

"Startlingly lively....a jewel box of little surprises you can actually use."-Fortune

"Secrets is a comprehensive, well-written work on a topic few business leaders can afford to neglect."-Business 2.0

"Instead of talking algorithms to geeky programmers, [Schneier] offers a primer in practical computer security aimed at those shopping, communicating or doing business online-almost everyone, in other words."-The Economist

"Schneier...peppers the book with lively anecdotes and aphorisms, making it unusually accessible."-Los Angeles Times

With a new and compelling Introduction by the author, this premium edition will become a keepsake for security enthusiasts of every stripe.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition

Publisher Resources

ISBN: 9781119092438Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills