Secrets and Lies: Digital Security in a Networked World

Article excerpt

Secrets and Lies: Digital Security in a Networked World. Bruce Schneier. New York: Wiley Computer Publishing, 2000. 432 pp. $29.99 hbk.

"That is a good book to give to your boss so that his boss will see him reading it and think that he's getting a clue," said the geek beside me at the coffee shop where we were both working wirelessly.

"But to me, this book is just the right thing," I answered. "Look, Schneier not only covers all the bases, but he's a very clear writer and he's witty to boot."

"No code, no real book," grumbled the geek.

"It is exactly his sticking to concepts that makes the book work for such a variety of readers. Look, you could give this book to someone who thinks that setting up a home firewall has made his cable-modem connected PC secure or to someone interested in being on top of security issues or even to someone who only surfs the net but wonders what dangers lurk there. None of them would be ill served. And all of them would be enlightened.

"But the book is not just vague concepts either. Schneier uses real world experiences, narratives, and examples to get his points across without losing anyone in jargon. Since he talks about real cases, you can tell that his book is not just aiming to scare you into an awareness of computer and network security. He instructs and explains. What more could you want?

"If it's code that you're after, you want Schneier's Applied Cryptography: Protocols, Algorithms, and Source Code in C (John Wiley & Sons, 1995). That's the definitive text on cryptography and in nearly 800 pages, it covers cryptography so completely that a hard-core coder should be delighted for many years.

"This book is much broader and more concise. He's got much more to talk about than cryptography now. In fact, Schneier tells us in his introduction that cryptography and firewalls are not security in and of themselves, but that they are parts of what should be a systematic approach to security that also includes monitoring, detection, and response. …