Review – Secrets and Lies: Digital Security in a Networked World

[UNIX]

[align=center:bf2e7j99][/align:bf2e7j99]

Secrets and Lies: Digital Security in a Networked World is divided into three chapters. The first one gives a good overview on threats and systems. The next chapter is the biggest of the three and focuses on security technologies which can be used against digital threats. The third and last chapter covers methodologies which can be used in order to build a more secure environment.

In his former book, Applied Cryptography, Schneier wrote about mathematical solutions which seems to be the key to absolute security, at least in theory. In Secrets and Lies he revises his point of view and put it in a more realistic way by applying it to reality. A chain is only as strong as its weakest link it says, which is absolutely true and could be seen many times in past and probably will be seen many times in future. There are reams of threats one have to encounter – systems are connected to the internet, employees could be blackmailed, buildings can be intruded, hardware gets old and vendors could conceal vulnerabilities in their products. In order to know the weakest link one have first to know what the chain consists of. In this first part Schneier explains this and more, and gives some further suggestions, such as possible scenarios and reasons why an attacker might be motivated.

The second and biggest part of this book covers many topics which are important in order to protect against various threats. They are presented in several small parts and discuss their pros and cons and are backed up by samples.

Full review is available here.

Feedback is as always appreciated.

[MadmanTM]

this book is on my list 😛

i am glad you enjoyed it.

[SynJunkie]

THis is a really great book, as is his other book “Beyond Fear”.  Essential reading in my opinion.

If you enjoy Bruces books he has a monthly news letter here:

http://www.schneier.com/crypto-gram.html

If your limited on reading time you could cath the podcast version here:

http://crypto-gram.libsyn.com

Cheers

Syn

[rattis]

SynJunkie:
I found that the crypto-gram really is just a rehash of the stuff from his blog.

http://www.schneier.com/blog/

Beyond Fear and Schneier on Security are on my shelf at home, and will hopefully be read soon.

chrisj

[SynJunkie]

Chris

Sorry, I should have made that clearer.  That is what I meant when I said “if your short on time there is a podcast version”. Or words to that effect.

I don’t have time to read his blog but I do have a 3hr commute every day so the podcast is perfect for me.

Regards

Syn

[UNIX]

Beyond Fear is on my endless to-read list as well. I will probably read and work through some other books first, but looking forward to this one too. Too many books, too little time.

[dalepearson]

Seems its just me then, I have not had much luck reading his books.
Just seems to rub me up the wrong way some how and I cant get into them.

If the library had them I might have a read, but not going to risk a purchase.

[rattis]

@dalepearson wrote:

If the library had them I might have a read, but not going to risk a purchase.

My local library has Secrets and Lies, as well as Beyond Fear. So there’s a chance something around you might have it.

Another Option is to find someone local to you who has a copy and would be willing to loan it to you. If you were in the Metro-Detroit / Ann Arbor area, I’d be happy to loan you my copy.

[Author]

Posts