Security Engineering: A Guide to Building Dependable Distributed Systems

Be aware: this is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenuous ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the Cold War brought on a decline in defences against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say) and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity and always use common sense in defending valuables. It is a terrific read for security professionals and general readers alike. --David Wall

Topics covered: how some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the US Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology and legal matters.

Amazon.com
Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about.

Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall

Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.

Genau das ist nötig, um sicherere Software zu entwerfen: Wissen, was andere schon vor einem falsch gemacht haben. Das Buch vermittelt dieses Wissen und gibt dem Leser hoffentlich ein Gefühl dafür, auf was für Ideen der Gegner noch alles kommen könnte. Es bedarf viel Erfahrung, dieses Gefühl zu entwickeln, und wer diese Erfahrung nicht hat, ist gut beraten, von den Erfahrungen anderer zu profitieren. (Und wer genug Erfahrung hat, weiss eh den Rat von Ross Anderson zu schätzen und hat das Buch schon :)

Es vermittelt ausserdem alle wichtigen Sicherheitskonzepte ohne Kenntnisse vorauszusetzen und ist somit auch Einsteigern zu empfehlen.


Ausgezeichnete Sammlung von Beispielen   November 14, 2001
5 aus 5 fanden die folgende Rezension hilfreich

Das Buch ist eines der ersten Bücher, die unter Sicherheit nicht nur Kryptographie und Protokolle verstehen. Es ist sehr praxisnahe und gut lesbar. In meinen Augen das beste Buch das erklärt wie man Systeme heute designen soll, um eine angepasste Sicherheit zu bekommen.