You Believe In Computer Security? Then There's A Bridge In Brooklyn You Should Buy. - Review - book review

Computer Technology Review, Sept, 2000 by Dave Trowbridge

You have to respect an author who begins a book by confessing that he wrote it "partly to correct a mistake," especially when that author is one of the most respected authorities in a highly technical field. That's exactly bow Bruce Schneier begins his new book on computer security, Secrets and Lies: Digital Security in a Networked World (John Wiley & Sons, Inc. New York. 2000). What he is actually confessing is a kind of native shared by, altogether, too many people regarding computer security: that technology is the answer. That was the implied thesis of his earlier book on applied cryptography, still an excellent guide to the guts of cryptographic systems.

Today, several years more experienced and wiser, Schneier has penned a magisterial book on computer security grounded in his work as a security consultant and the first thing he tells readers is that "security is a process, not a product." That deserves to be graven in stone somewhere; perhaps on the tombstones of failed security companies and of the companies that relied on them.

Secrets and Lies is not a highly technical book; that is, you won't find detailed descriptions of the innards of security technology. The information it supplies is far more useful than that: a detailed look at the landscape, technologies, and strategies of computer security. Although a review can, of course, do no more than suggest the richness of the book, a brief look at the topics covered, and some of the author's conclusions, if it motivates you to buy the book, it will have served its purpose. Schneier organizes the book into three pans: the security landscape, the technologies of security, and strategies for coping with security attacks and vulnerabilities.

In the first part, The Landscape, the author establishes a context for talking about computer security, a task usually overlooked by security product vendors. What does it mean to be secure? Against what kind of attack? For instance, as Schneier points out, a secure operating system is probably not a proof against a hand grenade dropped on the computer or against a video camera pointed at the screen and keyboard. The design assumptions and decisions that go into making a secure system have as much or more to do with its security than its technology: What kinds of attacks does the system designer consider likely and which unlikely? If these assumptions are not the same as yours, you may be disappointed.

In this first section, the author reviews the kinds of attacks that a secured system is likely to encounter, making the point that they are all analogs of criminal behavior in the non-virtual world: fraud, scams, destructive attacks, types of theft (intellectual property, identity, and brand), and various kinds of privacy infringements. He also characterizes a variety of attackers from hackers and lone criminals to industrial spies, national security agencies, and infowarriors.

This first section ends with a look at what kinds of security are needed to counter the threats and attackers discussed--not in the sense of technologies, but in conceptual terms. This is an excellent review of topics such as privacy, multilevel security, anonymity, authentication, integrity, audit, and so forth. Throughout, Schneier uses homely examples from everyday life (authenticating oneself to the deli man to buy a bratwurst) to bring these concepts into focus.

In part two, Technologies, having set the stage, the author discusses the technologies of security. This is, perhaps, the meatiest pan of the book. Each technology is discussed using the context established in pan one, so its capabilities and, more important, its limitations, are immediately apparent. Among the topics covered are cryptography--where we learn that key length is actually a minor pan of the strength of a given cryptographic scheme, access control, various kinds of identification technologies (biometrics, access tokens, etc.), networked security and defenses, secure hardware, and much more.

There are some surprises in this section. For instance, Scheier points out that the true security in e-commerce arises not from digital certificates, but from the fundamental transactional protocol of credit cards: the simple fact that you're not liable for more than $50 in fraudulent claims. In fact, he states baldly that "Digital certificates provide no actual security; it's a complete sham." There are several sit-up-and-take-notice statements like this scattered throughout the book, all of them backed up by solid explication and example.

This section concludes with an excellent discussion of the human factors that, all too often, compromise computer security. He points out that people don't understand risk and don't know how to estimate it. (A good example is that people fear airplane travel more than car travel, even though the chances of accidental death in a car are much higher than in a commercial airliner.) His summation of the problem with computer security is, as he himself admits, quite cynical: "... the mathematics are impeccable, the computers are vincible, the networks are lousy, and the people are abysmal."