book

Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition

Name: Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition
Author: Bruce Schneier
ISBN: 9781119092438

by Bruce Schneier

March 2015

Intermediate to advanced

448 pages

12h 13m

English

Wiley

Read now

Unlock full access

Cover Page
Title Page
Copyright
Dedication
Contents
Foreword to 2015 15 th Anniversary Edition
Introduction from the Paperback Edition
Preface
About the Author
CHAPTER 1: Introduction
STEP ONE: ENFORCE LIABILITIESSTEP TWO: ALLOW PARTIES TO TRANSFER LIABILITIESSTEP THREE: PROVIDE MECHANISMS TO REDUCE RISKADDITIONAL BOOKSFURTHER READING

PART 1: THE LANDSCAPE
CHAPTER 2: Digital Threats
THE UNCHANGING NATURE OF ATTACKSTHE CHANGING NATURE OF ATTACKSPROACTION VS. REACTION
CHAPTER 3: Attacks
CRIMINAL ATTACKSPRIVACY VIOLATIONSPUBLICITY ATTACKSLEGAL ATTACKS
CHAPTER 4: Adversaries
HACKERSLONE CRIMINALSMALICIOUS INSIDERSINDUSTRIAL ESPIONAGEPRESSORGANIZED CRIMEPOLICETERRORISTSNATIONAL INTELLIGENCE ORGANIZATIONSINFOWARRIORS
CHAPTER 5: Security Needs
PRIVACYMULTILEVEL SECURITYANONYMITYPRIVACY AND THE GOVERNMENTAUTHENTICATIONINTEGRITYAUDITELECTRONIC CURRENCYPROACTIVE SOLUTIONS
PART 2: TECHNOLOGIES
CHAPTER 6: Cryptography
SYMMETRIC ENCRYPTIONTYPES OF CRYPTOGRAPHIC ATTACKSRECOGNIZING PLAINTEXTMESSAGE AUTHENTICATION CODESONE-WAY HASH FUNCTIONSPUBLIC-KEY ENCRYPTIONDIGITAL SIGNATURE SCHEMESRANDOM NUMBER GENERATORSKEY LENGTH
CHAPTER 7: Cryptography in Context
KEY LENGTH AND SECURITYONE-TIME PADSPROTOCOLSINTERNET CRYPTOGRAPHIC PROTOCOLSTYPES OF PROTOCOL ATTACKSCHOOSING AN ALGORITHM OR PROTOCOL
CHAPTER 8: Computer Security
DEFINITIONSACCESS CONTROLSECURITY MODELSSECURITY KERNELS AND TRUSTED COMPUTING BASESCOVERT CHANNELSEVALUATION CRITERIAFUTURE OF SECURE COMPUTERS
CHAPTER 9: Identification and Authentication
PASSWORDSBIOMETRICSACCESS TOKENSAUTHENTICATION PROTOCOLSSINGLE SIGN-ON
CHAPTER 10: Networked-Computer Security
MALICIOUS SOFTWAREMODULAR CODEMOBILE CODEWEB SECURITY
CHAPTER 11: Network Security
HOW NETWORKS WORKIP SECURITYDNS SECURITYDENIAL-OF-SERVICE ATTACKSDISTRIBUTED DENIAL-OF-SERVICE ATTACKSTHE FUTURE OF NETWORK SECURITY
CHAPTER 12: Network Defenses
FIREWALLSDEMILITARIZED ZONESVIRTUAL PRIVATE NETWORKSINTRUSION DETECTION SYSTEMSHONEY POTS AND BURGLAR ALARMSVULNERABILITY SCANNERSE-MAIL SECURITYENCRYPTION AND NETWORK DEFENSES
CHAPTER 13: Software Reliability
FAULTY CODEATTACKS ON FAULTY CODEBUFFER OVERFLOWSTHE UBIQUITY OF FAULTY CODE
CHAPTER 14: Secure Hardware
TAMPER RESISTANCESIDE-CHANNEL ATTACKSATTACKS AGAINST SMART CARDS
CHAPTER 15: Certificates and Credentials
TRUSTED THIRD PARTIESCREDENTIALSCERTIFICATESPROBLEMS WITH TRADITIONAL PKISPKIS ON THE INTERNET
CHAPTER 16: Security Tricks
GOVERNMENT ACCESS TO KEYSDATABASE SECURITYSTEGANOGRAPHYSUBLIMINAL CHANNELSDIGITAL WATERMARKINGCOPY PROTECTIONERASING DIGITAL INFORMATION
CHAPTER 17: The Human Factor
RISKEXCEPTION HANDLINGHUMAN–COMPUTER INTERFACEHUMAN–COMPUTER TRANSFERENCEMALICIOUS INSIDERSSOCIAL ENGINEERING
PART 3: STRATEGIES
CHAPTER 18: Vulnerabilities and the Vulnerability Landscape
ATTACK METHODOLOGYCOUNTERMEASURESTHE VULNERABILITY LANDSCAPERATIONALLY APPLYING COUNTERMEASURES
CHAPTER 19: Threat Modeling and Risk Assessment
FAIR ELECTIONSSECURE TELEPHONESSECURE E - MAILSTORED-VALUE SMART CARDSRISK ASSESSMENTTHE POINT OF THREAT MODELINGGETTING THE THREAT WRONG
CHAPTER 20: Security Policies and Countermeasures
SECURITY POLICIESTRUSTED CLIENT SOFTWAREAUTOMATIC TELLER MACHINESCOMPUTERIZED LOTTERY TERMINALSSMART CARDS VS. MEMORY CARDSRATIONAL COUNTERMEASURES
CHAPTER 21: Attack Trees
BASIC ATTACK TREESPGP ATTACK TREECREATING AND USING ATTACK TREES
CHAPTER 22: Product Testing and Verification
THE FAILURE OF TESTINGDISCOVERING SECURITY FLAWS AFTER THE FACTOPEN STANDARDS AND OPEN SOURCE SOLUTIONSREVERSE ENGINEERING AND THE LAWCRACKING AND HACKING CONTESTSEVALUATING AND CHOOSING SECURITY PRODUCTS
CHAPTER 23: The Future of Products
SOFTWARE COMPLEXITY AND SECURITYTECHNOLOGIES TO WATCHWILL WE EVER LEARN?
CHAPTER 24: Security Processes
PRINCIPLESDETECTION AND RESPONSECOUNTERATTACKMANAGE RISKOUTSOURCING SECURITY PROCESSES
CHAPTER 25: Conclusion
Afterword
Resources
Acknowledgments
Index

Content preview from Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition

14 Secure Hardware

This is an ancient idea. It began when the first person drew a line across his cave entrance, proclaimed that what was on one side of the line was his, and then proceeded to defend his cave against all who disagreed with him. The notion covers a lot of different things: computer rooms behind locked doors and armed guards, tamper-resistant set-top boxes for pay-TV, secure tokens for access control, smart card chips for electronic commerce applications, and a bomb that blows up if you try to defuse it. The physical instantiation of the secure perimeter is different in each of these cases, but the fundamental benefit of the idea is the same: “It's a whole lot easier to design a computer security system if we can leverage the innate physical security of a device, and assume that parts of the system cannot be accessed by large classes of people.”

And that's true. It's easier to design a secure pay-for-parking system if you assume that crooks can't empty the parking meters into their pockets. It's easier to design a secure library if you assume that people can't sneak books out of the building inside their overcoats. And it's easier to design an electronic wallet if you assume that people can't arbitrarily modify the amount of money they have.

Here's a perfect cashless monetary system: Everyone carries around a piece of paper with a number on it representing the number of ducats in his wallet. When someone spends money, he crosses out the number and writes the lower ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition

Publisher Resources

ISBN: 9781119092438Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition

by Bruce Schneier

14

Secure Hardware

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.