Security Engineering: A Guide to Building Dependable Distributed Systems | 
 enlarge | Author: Ross J. Anderson
Publisher: Wiley
Category: Book
List Price: $70.00
Buy New: $54.36
You Save: $15.64 (22%)
New (27) from $54.36
Avg. Customer Rating:  27 reviews
Sales Rank: 25452
Media: Hardcover
Edition: 2
Number Of Items: 1
Pages: 1080
Shipping Weight (lbs): 3.8
Dimensions (in): 9.4 x 7.7 x 2.6
ISBN: 0470068523
Dewey Decimal Number: 005.1
EAN: 9780470068526
ASIN: 0470068523
Publication Date: April 14, 2008
Availability: Usually ships in 1-2 business days
Shipping: International shipping available
Condition: Brand New, Perfect Condition, Please allow 4-14 business days for delivery. 100% Money Back Guarantee, Over 1,000,000 customers served.
|
| Also Available In:
|
| Similar Items:
|
| Editorial Reviews:
Amazon.com
Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about. Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.
Product Description
"Security engineering is different from any other kind of programming. . . . if you're even thinking of doing any security engineering, you need to read this book."
— Bruce Schneier "This is the best book on computer security. Buy it, but more importantly, read it and apply it in your work."
— Gary McGraw This book created the discipline of security engineering The world has changed radically since the first edition was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy — and as they specialize, they get better. New applications, from search to social networks to electronic voting machines, provide new targets. And terrorism has changed the world. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here's straight talk about - Technical engineering basics — cryptography, protocols, access controls, and distributed systems
-
Types of attack — phishing, Web exploits, card fraud, hardware hacks, and electronic warfare -
Specialized protection mechanisms — what biometrics, seals, smartcards, alarms, and DRM do, and how they fail -
Security economics — why companies build insecure systems, why it's tough to manage security projects, and how to cope -
Security psychology — the privacy dilemma, what makes security too hard to use, and why deception will keep increasing -
Policy — why governments waste money on security, why societies are vulnerable to terrorism, and what to do about it
|
| Customer Reviews: Read 22 more reviews...
 Should read if ... June 15, 2008
1 out of 1 found this review helpful
Nutshell review - You should read this book if you have anything to do with information security. Chapters are topic specific and can be easily used as a reference. Well written, easy to follow, great book.
Very Good Book for Starters and Experienced Professionals October 18, 2007
0 out of 1 found this review helpful
I found the book very interesting to read as a textbook becasue it draws many examples from everyday applications. The style of writing is good and it covers broadly all areas of IT security. For those requiring more detailed discussions in specific areas of security, this may not be sufficient.
 Unique in its genre July 5, 2007
The title is maybe misleading. It is not really a guide that will show you a procedure step by step 'how to do' to build secure systems as most engineering books do. It is rather a survey of the different security protocols used in various fields. Of course, you can learn from the success and errors described in the book and use this knowledge for developing a new system but you will have to connect the dots yourself.
The book is very dense in information and at first, its format was making it tedious for me to read. It did take around 3 chapters before I get accustomed to the format. Once, this aspect was out of the way, this book became amazingly interesting. It describes systems used in banking, by diplomats, military, for nuclear weapons, police, set-up box TV decoders smart cards and anti tampering devices in general, spies, biometric authentication, etc.. and focus on the security protocols used by these systems and then highlights the weaknesses of the systems and how people have figured out how to workaround these protocols.
The best quality of the book is that it will help you to better understand the mindset of a secure system designer and a system hacker.
Textbook for class. March 18, 2007
1 out of 1 found this review helpful
The book is interesting but it's starting to show signs of it's age. I think the last revision of it was 2001, so the examples are good, yet aged. It would be great if they updated it. Still a useful and good book though.
 More high-level concepts and less hands-on guidance March 29, 2006
5 out of 9 found this review helpful
This is certainly a good book for getting introduced to most high-level architectural concepts related to Network security, cryptography, mandatory/multi-level access control etc. From a application development perspective, this book falls short on how to build architecure, design and implement them into your business applications which ultimately meets the end-user. The author justifies the high-level concepts well enough from a generalist perspective, but the industry-standards from OASIS leans towards standards-based application security protocols..which pushes a developer/architect like me to take those suggestions first and how to apply them in real world. The book also does'nt address on how-to build security for emerging application architectures based on Service-oriented architecture (SOA), Identity Management, Net-centric Federated applications. As a developer/architect using Java or Microsoft .NET or open-source based distributed applications, I need guidance on how to implement the recommended concepts (in the book) for example using biometrics or smartcards for building multi-factor access control at my application-level...unfortunately I don't find any answers for real-world implementation.
|
|
|
