Secrets and Lies Digital Security in a Networked World

This anniversary edition which has stood the test of time as a runaway best-seller provides a practical, straight-forward guide to achieving security throughout computer networks. No theory, no math, no fiction of what should be working but isn't, just the facts. Known as the master of cryptography, Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. A much-touted section: Schneier's tutorial on just what cryptography (a subset of computer security) can and cannot do for them, has received far-reaching praise from both the technical and business community.

Praise for Secrets and Lies

"This is a business issue, not a technical one, and executives can no longer leave such decisions to techies. That's why Secrets and Lies belongs in every manager's library."-Business Week

"Startlingly lively....a jewel box of little surprises you can actually use."-Fortune

"Secrets is a comprehensive, well-written work on a topic few business leaders can afford to neglect."-Business 2.0

"Instead of talking algorithms to geeky programmers, [Schneier] offers a primer in practical computer security aimed at those shopping, communicating or doing business online-almost everyone, in other words."-The Economist

"Schneier...peppers the book with lively anecdotes and aphorisms, making it unusually accessible."-Los Angeles Times

With a new and compelling Introduction by the author, this premium edition will become a keepsake for security enthusiasts of every stripe.

Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of twelve books—including his seminal work, Applied Cryptography: Protocols, Algorithms, and Source Code in C, and Secrets & Lies: Digital Security in a Networked World as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and blog "Schneier on Security" are read by over 250,000 people. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, and an Advisory Board member of the Electronic Privacy Information Center. He is also the Chief Technology Officer of Resilient Systems, Inc. You can read his blog, essays, and academic papers at www.schneier.com. He tweets at @schneierblog.

Foreword to 2015

15^th Anniversary Edition ix

Introduction From the Paperback Edition xiii

Preface xxiii

About the Author xxvii

1. Introduction 1

Part 1: The Landscape 11

2. Digital Threats 14

3. Attacks 23

4. Adversaries 42

5. Security Needs 59

Part 2: Technologies 83

6. Cryptography 85

7. Cryptography in Context 102

8. Computer Security 120

9. Identification and Authentication 135

10. Networked-Computer Security 151

11. Network Security 176

12. Network Defenses 188

13. Software Reliability 202

14. Secure Hardware 212

15. Certificates and Credentials 225

16. Security Tricks 240

17. The Human Factor 255

Part 3: Strategies 271

18. Vulnerabilities and the Vulnerability Landscape 274

19. Threat Modeling and Risk Assessment 288

20. Security Policies and Countermeasures 307

21. Attack Trees 318

22. Product Testing and Verification 334

23. The Future of Products 353

24. Security Processes 367

25. Conclusion 389

Afterword 396

Resources 399

Acknowledgments 401

Index 403

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.