Security Engineering: A Guide to Building Dependable Distributed Systems |
 |
 click here for more details, find new or used items |
Ross J. Anderson
|
|
Pages: 1080 (Hardcover)
ISBN: 0470068523
Pub: John Wiley & Sons
Pub date: 2008-04-11
Amazon.co.uk Sales Rank: 44906
Editorial Review:
Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorised use and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading, and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions upon.
Be aware: this is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenuous ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the Cold War brought on a decline in defences against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say) and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity and always use common sense in defending valuables. It is a terrific read for security professionals and general readers alike. --David Wall
Topics covered: how some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the US Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology and legal matters.
Reader Reviews:
A Darned Good Read! (4/4 people found this helpful)
The best general Information Security introduction I�ve read. Very readable, with lots of references, Ross combines a wealth of practical experience with his academic prowess. Note that whilst he explains much of the technology in detail, it is not technology-specific in the way of, say, Hacking Exposed. This is not really a �how to do IS in 10 easy steps� book - it is more reflective, and questions many traditional assumptions. It also takes a critical look at many of the issues involved with physical security, though does not cover Disaster Recovery/ Business Continuity Planning.
Thanks Ross for a much needed book (2/2 people found this helpful)
Security Engineering combined with Ross's website is a great service to Computer Security professionals and Security researchers.
I used to spend countess hours searching for information on banking security and other topics, since I got this book, my time is better spent analysing information rather than searching. The book has excellent references and resources. I am amazed at the amount of information this book contains.
Security Engineering is a great text book for my Security Courses.
I sincerely hope that Ross will write some more books soon.
The best possible introduction to security. (3/4 people found this helpful)
Should be added to the list of required reading for CEO's and CIO's of all companies that work with "systems" of any type.
The book has been written in a manner that both groups of people could understand. There are masses of references for those who want to go deeper.
Best Book on This Topic I've Ever Seen (22/23 people found this helpful)
Think you are an expert on computer security? Yes? Well, no matter if you can do triple-DES in your head, by carefully reading this book (and learning its lessons) you will find many holes in any security system you have ever designed. Guess what? They don't need to crack your 1024 bit key to thwart your procedures -- there's at least a hundred ways to go around encryption.
Ross Anderson surveys the entire spectrum of contemporary techno-security, from nuclear weapons to the electric meters used in South Africa, and tells you the nuts-n-bolts of how they are architected, and where things fall apart. What becomes clear is that perfect security doesn't exist in the real world, so you need to create "security in depth", where you secure all aspects of your enterprise. Attacks can come from the CEO, your customer, the janitor, the designer, or a passing crack head. In fact, the biggest threat is time itself -- a procedure secure today will become vulnerable in a couple of years if you don't treat security as a living, growing, changing, high-priority part of your enterprise.
Early in the book he opened my eyes -- I know a thing or two about security, yet his example of a military IFF system blew me away. If I had been asked, I would have swore it was a perfect system. Yet, with a simple little trick, the enemy not only defeated it but used it as a weapon. There's a hundred head-slapping moments in this book where you mutter "holy crap!" when you see how vulnerable some things have been.
Look, just buy the damn book, ok? If you have any responsibility for security, you need it. End of story..
Quite simply, amazing. (4/5 people found this helpful)
This book is for anyone who wonders how security mechanisms function. What separates this book from every other book on security is that this book is not limited to computer or network security, it gets into the nitty gritty of digital security.
The author is nothing short of brilliant. He covers a great variety of security issues, from smart cards, power monitoring, cryptography, passwords, access control, EMF emission monitoring [Tempest], biometrics, banking security, the history of all the previous topics, etc., etc., etc..
The other impressive qualities of this book are its clear and amusing writing style, excellent references, and tieing all this together in a fashion that provides a cohesive strategy for implementing truly secure systems.
While this book purports not to be for hackers, they will doubtlessly find this book of immense interest as well, as it covers information that I have not seen addressed in any other book that I have come across. You will learn more from reading this book than reading three years worth of 2600 Magazine.
All in all, great reading, intensely valuable information, and more fun than a barrel of monkeys.
Similar Products
Secrets and Lies: Digital Security in a Networked World
Beyond Fear: Thinking Sensibly About Security in an Uncertain World
Digital Evidence and Computer Crime
The New School of Information Security
The Art of Deception: Controlling the Human Element of Security
Categories
Amazon.co.uk places this book into the following categories:
Books -> Subjects -> Computing & Internet -> Networking & Security -> Security -> General AAS
Books -> Subjects -> Computing & Internet -> Networking & Security -> Network Topics -> Distributed Computing
Books -> Subjects -> Computing & Internet -> Networking & Security -> Network Topics -> General AAS
Books -> Subjects -> Computing & Internet -> Networking & Security -> General AAS
Books -> Subjects -> Computing & Internet -> General
Books -> Subjects -> Computing & Internet -> Digital Lifestyle -> Online Shopping -> Amazon
Books -> Subjects -> Computing & Internet -> General AAS
Books -> Subjects -> Computing & Internet -> Programming -> Algorithms -> General AAS
Books -> Special Features -> Regular Stores -> New Releases
Books -> Special Features -> Search Inside!
Books -> Refinements -> Language (feature_browse-bin) -> English
Books -> Refinements -> Age (feature_two_browse-bin)
Books -> Refinements -> Format (binding_browse-bin) -> Hardcover
Books -> Refinements -> Condition (condition-type)