A Guide to Building Dependable Distributed Systems
By Ross J. Anderson
Final Release Date: September 2010
"Security engineering is different from any other kind ofprogramming. . . . if you're even thinking of doing any securityengineering, you need to read this book." — Bruce Schneier
"This is the best book on computer security. Buy it, but moreimportantly, read it and apply it in your work." — Gary McGraw
This book created the discipline of securityengineering
The world has changed radically since the first edition waspublished in 2001. Spammers, virus writers, phishermen, moneylaunderers, and spies now trade busily with each other in a livelyonline criminal economy — and as they specialize, they getbetter. New applications, from search to social networks toelectronic voting machines, provide new targets. And terrorism haschanged the world. In this indispensable, fully updated guide, RossAnderson reveals how to build systems that stay dependable whetherfaced with error or malice.
Here's straight talk about
Technical engineering basics — cryptography,protocols, access controls, and distributed systems
Types of attack — phishing, Web exploits, cardfraud, hardware hacks, and electronic warfare
Specialized protection mechanisms — whatbiometrics, seals, smartcards, alarms, and DRM do, and how theyfail
Security economics — why companies build insecuresystems, why it's tough to manage security projects, and how tocope
Security psychology — the privacy dilemma, whatmakes security too hard to use, and why deception will keepincreasing
Policy — why governments waste money on security,why societies are vulnerable to terrorism, and what to do aboutit
Comments about oreilly Security Engineering, 2nd Edition:
This was the assigned textbook for my security module at university. I had signed up for it out of a sense of duty, and expected it to be quite dry, but it turned out to be one of the most fascinating modules of the whole course, in no small part thanks to this book.
It's quite light on pure crypto, but it's absolutely full of the joy of hacking, of the particular mindset it takes to think about how systems can be used in unintended ways. Lots of interesting discussions of unexpected topics like lock-picking, forging bank notes, inkjet printer cartridge economics, and spoofing South African Air Force jets with replay attacks.
It's a huge tome, about three inches thick, and I promise you it's an absolute page-turner.
Bottom Line Yes, I would recommend this to a friend