File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Book Reviews and the fly likes Secrets & Lies - Digital Security in a Networked World Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Books » Book Reviews
Bookmark "Secrets & Lies - Digital Security in a Networked World" Watch "Secrets & Lies - Digital Security in a Networked World" New topic
Author

Secrets & Lies - Digital Security in a Networked World

Book Review Team
Bartender

Joined: Feb 15, 2002
Posts: 933
Author/s : Bruce Schneier
Publisher : John Wiley & Sons
Category : Other
Review by : Ulf Dittmer
Rating : 8 horseshoes

Although several years old by now, this book about computer and network security is still as relevant today as it was when it was first published. Bruce Schneier is one of the best-known computer security experts, and he imparts his expertise in a very readable and highly informative way.

The core message is that "security is a process, not a product or technology", and it must be designed into any system from the start, instead of trying to bolt it on as an afterthought. The other important point is that defense against an attack should consist of prevention, detection and response; neither of these is likely to work perfectly, so only a combination can make a system secure. And lastly, security is in interactive process between attacker and defender - advances on one side will lead to advances one the other, thus creating an eternal cat and mouse game.

After surveying in depth the various technologies available to secure systems, and analyzing their respective strengths and weaknesses, as well as how they might be circumvented by a different attack, Schneier presents strategies for dealing with them. This involves thread modeling (determining ALL the ways in which a system might be attacked), defining a security policy that defends against those threats, and putting in place the prevention/detection/response mechanisms that implement that policy. This approach can be used for every system (and for non-computer systems as well).

Throughout the book, many examples are used to illustrate the points which help the reader think about security (not just of the computer kind) in a wholly new way. It thus holds applicable lessons that go way beyond the immediate audience of the book.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Secrets & Lies - Digital Security in a Networked World
 
Similar Threads
Addison-Wesley Book Announcement
how to prevent sql injection
How to create a secure login system?
Criptography
What is Web Service?