Secrets and Lies : Digital Security in a Networked World

Now my next book is Practical Cryptography!!!

Rating:
Summary: A new Age in Information Security
Review: It is nice to see a new era of Information Security books. I am happy to see book like "Secrets and Lies" which shows security beyond the computer and other books like "Inside the Security Mind" that teach us there is more to security than just our Firewall. Good reads!!!

Rating:
Summary: Highly Informative (Not)
Review: When I first picked this book up, I was of the feeble mindset that internet secruity was some vague, distant new frontier I had no chance of grasping. What I found out, was that internet security is just like real world security. I mean, wow! For every one paragraph of actual networking security info, there are ten more about how much a given attack is "just like the real world."

For the slow, this book drove me INSANE. It's not without it's useful points, hence the two stars. I did learn a few interesting points about human engineering and security in general. However, this information could have been compressed into a 3 page leaflet. The rest of the book is boring trash. A hacker wants to break into a secured network? Why, that's just like trying to break into a safe, ha ha! As if the comparison wasn't bad enough, he goes on for pages and pages about how a thief might break into a safe, comparing each step with it's networked counterpart. What is the POINT? Sheeze, people.

Some of his "information" is so brain-dead obvious - for example, his list of "the steps to executing an attack": (explained in no less than 30 pages)

(paraphrased)
1. Find out about the system
2. Gain access to the system
3. Get ready to attack
4. Attack
5. Finish Attacking

Wow, with this newfound knowledge I can foil the attacks of the most nefarious of hackers! The book was not a COMPLETE waste of time, just about 95% so.

Rating:
Summary: For those who want to go beyond the mere technology...
Review: Bare technology has never been enough to solve any business, let alone social, problem. The same holds true for security technologies that often create a false sense comfort in today's complex world. This book ruthlessly shatters such notions by exposing the limitations of technology as well as products hyped up by vendors. It portrays what an apocalyptic world we live in, when it comes to digital security. This book does not teach you the technical aspects of security. But it does a superb job of providing you with deep insights about the issues -- mostly non-technical -- surrounding security. Of course, sometimes Mr. Schneier seems to get a bit carried away with anecdotes in explaining certain issues; but such diversions can help stimulate the reader's mind.

Rating:
Summary: Step back and realize the vast scope of information security
Review: Bruce Schneier's book is unique as an easy read for the layman, hoping to get a glimpse at a contemporary conundrum, as well as the IT professional, as a primer in information security. Don't expect to find specific solutions or product recommendations here. The real value of this book rests in its ability to make you step back and see the forest, recognizing that a winning record in information security begins with assessing and managing risk as well as accepting the human element as nearly always the weakest link.

The book paints a landscape of this fascinating field as a specialty in and of itself, aside from the every day work of the information technologist. When read by an IT professional with designs on entering this field, it provides a virtual working outline for study and the application of sound principles in the practice of information security.

Bruce is best known for his work in cryptography. It's the subject of about 36 pages in this book. But the entire book is premised on Bruce's "epiphanies" as he does an about face from an almost complete trust in this world of arcane mathematics and is compelled to seek a much broader understanding of the holistic realities of infosec. The reader travels along as he develops a new, pragmatic line of reasoning that naturally enlightens the reader. He is prescient in these pre-9/11 remarks (as we are coming to learn): "There are no technical solutions for social problems"....."technologies... like the x-ray machines and metal detectors at airports.....do nothing to stop professionals, but they keep all the amateurs from hijacking planes."

If you're interested in a brilliant piece of writing on the subject of security, you need go no further. This one is destined to become a classic in its realm.

Rating:
Summary: The complement!
Review: A formidable literature.
It is the ideal complement to the book Applied Cryptography.
In the personal thing, the chapter three consider it excellent, it is direct without a lot of hesitation, and it is essential to understand the reality that surrounds us.
The chapters six seven the description of Bruce Schneier shares it in almost its entirety.
The chapters ten, twelve, fourteen and fifteen particularly enable me to understand concepts that technically is difficult to explain with humanistic character; I mention this for the technical formation that I acquired in my country.
In summary a very good book and the perfect complement for any technical book in applied cryptography.

Rating:
Summary: An excellent book on security
Review: Wow, few books come filled with so much insight as this one did. I read the whole book in 3 sittings, I just couldn't put it down once I picked it up.

There are many concepts that Bruce brilliantly explains: 'Security is not a product; it's a process', essential knowledge if you are involved in security of computer systems.

There is a fair bit of repetition in the text but I think helped to emphasize the important points.

Rating:
Summary: Understanding both network security and daily life better.
Review: This is my first-ever book review and I decided to write it simply because I appreciate this book so much. The author always gives easy-to-understand daily examples before talking about the techincal details. I found myself in the easiest process of reading a book, whose techical content is among the toughest topics. Besides, I understand the daily life better, an experience usually not possible from reading a techinical book.

A must-read book.

Rating:
Summary: A necessary book
Review: This book ought to be read by *everyone* in the IT field since everyone in the field contributes (or fails to contribute) to a secure computing environment. Contrary to some reviews, I don't think Schneier overly bashes Microsoft; he uses examples from Sun and Cisco as well. Nor do I think he uses out-of-this-world or impossible examples; the vast majority of his examples have already happened or are easily imaginable. There is a lot of humor in this book that some may find inappropriate, but it livens up what could be a dry, dull, read.

Rating:
Summary: Okay, but a bit over the top
Review: It's a good book with a strong point, but the message grows tiresome. Practically everything is a potential security weakness to this guy. If you lock the doors, he warns about the windows. If you encase your house in concrete, I'm sure he could find some concrete eating bacterium from the jungle. It grows a bit tiresome.

I'm a bit surprised that he's actually in the security business. How can he hold such views and actually make recommendations to clients? Does he say, "Gosh this solution is terribly dangerous, but it's not as dangerous as the other solutions?"

Plus, he's obviously a bit out of touch. He says that steganography can't work because no one ever sends him a picture. Heck, I get pictures from my family members all of the time. What's wrong with him?

It's not a bad book, but it's a bit too much.