World Famous Comics: Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
By: Ross J. Anderson Publisher: Wiley Average Rating: Binding: Hardcover Label: Wiley Number of Items: 1 Number of Pages: 1080 Publication Date: April 14, 2008
Product Description: The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Heres straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.
Amazon.com Review: Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about.
Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall
Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.
A profoundly influential work written by a world-class security expert For the typical busy security professional, reading a 900-page tome cover to cover represents an investment of time that may be difficult to justify. Frankly, security books that are worth the effort are few and far between. Security Engineering is one such book, for several reasons.
First, Ross Anderson's vast knowledge, experience and insight on the subject are well known, and his reputation as one of the top security experts in the world is well deserved. No doubt a reflection of this, his book covers a very broad range of security topics, the discussions ranging from high-level policy issues, all the way down to details of smartcard hacking and the mathematics of cryptography. The topics are well researched and described at a level of detail useful to the non-specialist. Concise summaries and occasional nuggets of insight indicate an in-depth understanding of the subject matter. The book is well written, easy to follow, and devoid of the vagueness and platitudes so typical of much of the security literature.
Second, the book exposes the sheer difficulty of engineering secure systems in the face of the many forces at play in a typical product development lifecycle. Through many case studies of success and failure, the author illustrates the numerous pitfalls that may befall even a well-intentioned design. Lessons learned from deploying products in the real world include the negative impact of perverse economic incentives, the importance of designing security features for maximum usability, and the need to look at a security problem from many different angles in a holistic manner. The book is a treasure trove of wisdom for the aspiring security engineer.
Lastly, the book brings together insight from many diverse areas of research. Disciplines ranging from economics, psychology, sociology, criminology, banking and bookkeeping, safety research, electronic warfare, to politics are all mined for ideas and results that could yield a better understanding of - and novel approaches to - difficult security problems. It is perhaps in this aspect that the book will prove to be most influential. Since the first edition was published in 2001, security economics, security usability, and security psychology have emerged as fertile areas of research.
Should read if ... Nutshell review - You should read this book if you have anything to do with information security. Chapters are topic specific and can be easily used as a reference. Well written, easy to follow, great book.
Very Good Book for Starters and Experienced Professionals I found the book very interesting to read as a textbook becasue it draws many examples from everyday applications. The style of writing is good and it covers broadly all areas of IT security. For those requiring more detailed discussions in specific areas of security, this may not be sufficient.
Unique in its genre The title is maybe misleading. It is not really a guide that will show you a procedure step by step 'how to do' to build secure systems as most engineering books do. It is rather a survey of the different security protocols used in various fields. Of course, you can learn from the success and errors described in the book and use this knowledge for developing a new system but you will have to connect the dots yourself.
The book is very dense in information and at first, its format was making it tedious for me to read. It did take around 3 chapters before I get accustomed to the format. Once, this aspect was out of the way, this book became amazingly interesting. It describes systems used in banking, by diplomats, military, for nuclear weapons, police, set-up box TV decoders smart cards and anti tampering devices in general, spies, biometric authentication, etc.. and focus on the security protocols used by these systems and then highlights the weaknesses of the systems and how people have figured out how to workaround these protocols.
The best quality of the book is that it will help you to better understand the mindset of a secure system designer and a system hacker.
Textbook for class. The book is interesting but it's starting to show signs of it's age. I think the last revision of it was 2001, so the examples are good, yet aged. It would be great if they updated it. Still a useful and good book though.
Anything Goes Trivia
Megaton Man
Tailipoe
Trevor
