• Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Book Review - Secrets & Lies

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   This topic is locked: you cannot edit posts or make replies.   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles

View previous topic :: View next topic  
Author Message
SF Boss
SF Boss

Joined: 04 Mar 2003
Posts: 16777079


PostPosted: Wed Feb 25, 2004 3:36 pm    Post subject: Book Review - Secrets & Lies Reply with quote

Secrets & Lies

Author(s): Bruce Schneier
Publisher: Wiley
Book Specifications: Soft-Cover, 414 pages
Category: Computer Security Miscellaneous
User Level: Beginner
Suggested Publisher Price: $17.95 USA/ $25.99 CAN/ £14.09 Net UK (inc of VAT)
ISBN: 0-471-45380-3
Amazon.co.uk: Secrets & Lies UK
Amazon.com: Secrets & Lies US

Info from Back: "Viruses. Identity theft. Corporate espionage. National secrets compromised. Can anyone promise security in our digital world? The man who introduced cryptography to the boardroom says no. But in this fascinating read, he shows us how to come closer by developing security measures in terms of context, tools, and strategy. Security is a process, not a product Ė one that system administrators and corporate executives alike must understand to survive.Ē


To a large segment of the public it must seem as if the cyber sky is falling on a daily basis with all of the viruses, and worms floating around the web today. These e-borne threats then get reported in the news, and print media with juicy headlines. In addition to all the problems that malware are creating for networks world wide is the doom and gloom coming from many commentators about the state of the internets security, or more pointedly lack thereof.

If all this hype, and sometimes hysteria were to be believed one would be best to disconnect their computer, and revert to snail mail. One disservice that all this media hype has created is the belief that it is no longer safe to use a computer. This goes for everyday email to online shopping. Quite the opposite is true of course. As is the case with most things education is the key to dispelling myths, and misinformation. When it comes to the internet the aforementioned two have a stranglehold on many.

In this book the author attempts to convey to the reader the reality of the web today, and how it can be tamed as it were. Provided over the books pages is a general feel for things and how to correct some of them. A newcomer to the computer world would be well advised to read this book. Though it is just that a book for beginners, as any seasoned computer user will already be aware of much of this books contents.

Content & Overview

In the first part of the book the author details very briefly some of the more well known problems out there today on the web. Things such as denial of service attacks, identity theft, database hacks, among others are covered quickly. Following this is the introduction of the shady crew that may want a piece of your computer assets. Detailed by the author is a rogues gallery ranging from the stock malicious hacker, to spies such as Aldrich Ames, and onwards to terrorist groups. All of these various threat types may have different motivations, but all realize where the information is actually stored ie: the computer. This is in addition to the corporate spy as well which the author includes. After all why spends billions in research and development if a simple million or two will do the trick in obtaining the schematics or formula.

Next in the book is a part on the technologies out there today and how they impact computer security. This ranges from the authors area of expertise ie: cryptology to authentication/identification schemes such, as pgp, access tokens, and various others. Detailed are some of the problems facing network security as well like the ever present mobile code problems like worms, and viruses. Presented as a balance are some ways of mitigating this threat as well, and their overall effectiveness. Covered also is the use of PKI, and digital certificates. Rounding out this part of the book is one of the most pernicious threats to computer security, the human interface. Computers themselves are largely safe the danger often comes from the user themselves interacting with it in an improper fashion.

Wrapping up the book are ways in which to try and mitigate many of the problems today experienced by computer networks by dealing with them at a strategic level. Vulnerabilities, threat modeling and risk assessment, security policies, and others areas are discussed here. This is a high level approach shown by the author as a way of stemming the tide as it were.

Style and Detail

The information covered in this book is relayed to the reader in a nice informal fashion. Topics that are covered in this book can be confusing, or overwhelming at times to someone who is not used to the material. Through the explanation of everyday subject matter like ATMís, pgp, and other technologies the reader is able to grasp easily what the author is explaining. Seen as the topics detailed relate to everyday life for most of us it is a relatively simple, and informative read.

Quality of the physical book itself is quite nice as well. The overall dimensions of the book are good, as it is not too big to lug around on the bus. Paper quality of the pages is nice and meaty which is a welcome change from the razor thin stuff of some books. My one annoyance at the style of this book though comes directly from the author himself. On one hand the author attempts to dispel some internet myths with fact, but then turns around and enforces other ones. To whit, the old tired stereotype of the hacker being surrounded by empty pizza boxes, and cans of Jolt cola. I canít say I know of anyone personally that is surrounded by the aforementioned while hacking. Note here as well that by hacking I mean learning, and not the media induced definition of hacking.


As an overall treatment of computer security, and its implications this book does a good job. I would venture though that this book is best aimed at the novice or beginner to computers. Having said that there is bound to be material in here that those with computer experience are not aware of as well. It rates as recommended reading.

This book gets an SFDC 7/10 from me

Keywords for this post: Secrets & Lies

This review is copyright 2004 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   This topic is locked: you cannot edit posts or make replies.   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles All times are GMT + 2 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register