Secrets and Lies: Digital Security in a Networked World
Format: PDF / Kindle (mobi) / ePub
Bestselling author Bruce Schneier offers his expert guidance on achieving security on a network.
Internationally recognized computer security expert Bruce Schneier offers a practical, straightforward guide to achieving security throughout computer networks. Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. This practical guide provides readers with a better understanding of why protecting information is harder in the digital world, what they need to know to protect digital information, how to assess business and corporate security needs, and much more.
* Walks the reader through the real choices they have now for digital security and how to pick and choose the right one to meet their business needs
* Explains what cryptography can and can't do in achieving digital security
Uploader Release Notes:
PDF made of plain text, is OCR
the exceptions, though. The probability of stumbling on a security flaw randomly is very low, sometimes approaching zero. Explicitly checking for them is much more efficient. Unfortunately, there is no such thing as a comprehensive security checklist. Those of us who do this kind of thing frequently have developed our own security checklists: lists of attacks and potential vulnerabilities that we've either seen in commercial products, read about in academic papers, or thought of on our own.
"but that was three versions ago." But the products will be insecure nonetheless. DISCOVERING SECURITY FLAWS AFTER THE FACT Every day, new security flaws are discovered in shipping software products. They're discovered by customers, researchers (academics and hackers), and criminals. How frequently depends on the prominence of the product, the doggedness of the researchers, the complexity of the product, and the quality of the company's own internal security testing. In the case of a popular
claiming to be—is likely to sympathize. The other side of the coin can be just as damaging. The police can use experts to convince a jury that a decrypted conversation is damning even though it is not 100 percent accurate, or that the computer intrusion detection is infallible and therefore the defendant is guilty. When used to its fullest effect, the legal attack is potent. The attackers are likely to be extremely skilled—in high-profile cases, they can afford the best security researchers—and
involve the inner workings of the mathematics, the attack doesn't care what they are. Some algorithms may be faster than others, and hence the brute-force attacks might be faster; but this is more than overshadowed by the key length. It's easy to compare the key lengths of different algorithms, and to figure out which ones are more vulnerable to brute-force attacks. In 1996, a clutch of cryptographers (including me) researched the various technologies one could use to build brute-force
out is more important than occasionally denying access to a legitimate user. If the system initiates a launch sequence for nuclear missiles, both are dire. Biometrics are great because they are really hard to forge: It's hard to nut a false fingerprint on your finger, or make your retina look like someone else's. Some people can do others' voices (performers who do imitations, for example), and Hollywood can make people's faces look like someone else, but in general those biometrics are hard to