At the moment, it seems that hardly a day passes without fresh news of some glaring Internet security breach; online banks, of all things, seem to be particularly vulnerable at the moment. All of which will come as no great surprise to network security cum cryptography guru, Bruce Schnier. His latest book, Secrets and Lies, paints a very gloomy overview of the true state of network security. Schnier, founder of Counterpane Internet Security, has some harsh words to say about the state of network security, though, to be fair, his criticisms are directed far and wide; not one scapegoat, (not even Microsoft) is singled out for special attention. Depressingly, the words "fundamentally flawed" crop up time and time again in this absorbing book.
Secrets and Lies is a thorough backgrounder in all aspects of network security, an extremely wide remit that stretches from passwords to encryption, passing through authentication and attack trees along the way. The book is divided in to three broad categories, The Landscape, which covers attacks, adversaries and the need for security; Technologies, which discusses cryptography, authentication, network security, secure hardware and security tricks; and concludes with Strategies, which looks at vulnerabilities, risk assessment, security policies and the future of security. Mercifully there's a dim light at the end of this tunnel and Schnier ultimately remains upbeat about maintaining computer security and details a way forward in his conclusion.
Although working in a necessarily techie environment, Schnier's book is surprisingly jargon-free and easy to understand, even if you're not au fait with the inner workings of TCP/IP--it's common-sense, practical style makes a potentially dense and arcane subject accessible by just about anybody. It's also bang up to date, which makes for a pleasant change. Secrets and Lies is never less than thought-provoking and should be essential reading for every network administrator in the land. Be afraid, be very afraid! --Roger Gann [via]