 | Level: Introductory Bill Higgins, Systems Engineering and Architecture, IBM Global Services
15 Mar 2005 from The Rational Edge: This review looks at a primer on the complex security issues that challenge software development teams working in today's networked environment.
by Bruce Schneier
Wiley, 2000
ISBN: 0471453803
Cover price: US$17.95
448 pages
Secrets and Lies is a broad primer on securing information technology-based systems. In the introduction, Bruce Schneier states that his goal is to convince readers of two fundamental principles about digital security:
- Security is a chain; it's only as secure as the weakest link.
- Security is a process, not a product.
He is passionate about these two points because many people think ensuring security requires simply buying a certain product or using a certain technology. This false belief, he claims, leads to insecure systems, successful attacks, and fearful users.
He divides the book into three parts: Landscape, Technologies, and Strategies.
Part I: Landscape
In the first part, Schneier establishes a context for the topic of digital security by discussing threats, types of attacks, adversaries (i.e., "bad guys"), and the needs for true security.
The "Threats" chapter points out that many digital security issues are the same security issues that humans have had to deal with long before computers existed. However, he notes, the power of software networks and the low cost of using them makes the potential damage far greater and much easier to accomplish quickly.
Schneier categorizes types of attacks based on motivation:
- For criminal attacks, the motivation is to gain money illegally.
- The motivation for privacy violations is that one party wants to access a second party's private data, which may or may not lead to financial gain. Sometimes privacy attackers do not seek access to underlying information. For instance, Schneier notes that in the hours preceding the US bombing of Iraq in 1991, pizza deliveries to the Pentagon increased one hundred fold; if you saw that pattern, even if you didn't know what exactly was going on, you would know it was something major.
- The motivation for publicity attacks is that the attackers want to make a name for themselves.
- Legal attacks involve using the legal system to persuade a judge and jury to rule in the attacker's favor by convincing them that there could be a fault in a technology, whether or not this possibility is reasonable.
The "Adversaries" chapter discusses not only the usual suspects, such as hackers and terrorists, but also groups not usually mentioned in security discussions -- such as the media and the police. An adversary is anyone who might attempt an attack against another party. For each group, Schneier lists motivations, skills, resources, and types of attacks.
Part II: Technologies
This part of the book includes a broad discussion of the types of technologies you can use to achieve more secure computer systems. Topics include: cryptography, computer security, identification and authentication, network-computer security, network security, network defenses, software reliability, secure hardware, certificates and credentials, as well as human factors. Schneier makes the point that these technologies are not isolated from each other, but rather "layered like an onion." The outer layers (people) depend on middle layers (computers and networks), which in turn rely on the innermost layers (cryptography and protocols). Schneier discusses these layers from the inside out.
This part's chapters contain a massive amount of information, reflecting the many aspects of digital security, and discussing the history as well as popular misconceptions for each technology. To help us understand these technologies, Schneier uses real-world analogies. For instance, to describe a buffer overflow attack, he asks us to imagine an office worker who follows the instructions listed in a manual without questioning them. In this scenario, a dishonest delivery boy surreptitiously delivers new instructions for the office workers' manual that instruct personnel to hand over all the office's money when he requests it.
Chapter 12 on network defenses exemplifies Schneier's progressive thinking. He begins his discussion on firewalls by disposing of the term as an outmoded analogy. At one time firewalls prevented bad software in one part of a network from taking down the rest of the network, but in today's more complex environment, a better analogy is a castle wall, says Schneier. It is necessary not only to keep the bad guys out, but also to let in the good guys and other resources.
"The Human Factor," treated in Chapter 17, is a critical aspect of truly secure systems that is often ignored in breathless discussions about new security technology. Returning to his introductory principle that a system is only as strong as its weakest link, Schneier describes problems and solutions to address the most unreliable -- and sometimes most illogical -- part of a total system: the emotional, inconsistent humans who run it.
After reading these first two parts, you might feel mildly depressed. Schneier provides compelling evidence that there is no such thing as a completely secure system. Instead, systems vary from "wide open" to "extremely secure," depending on how much time and how many resources you are willing to expend.
Part III: Strategies
This part discusses how you can intelligently reduce the odds of a successful attack, as well as how to respond if you do experience a successful attack. It presents techniques for making intelligent security-related decisions, and for discovering and eliminating weak links in the security chain that could allow an attacker to circumvent an otherwise robust security system.
The chapter on threat modeling and risk assessment is particularly important. If there is no such thing as absolute security, it is vital that we have the ability to identify likely types of attacks and make intelligent investment decisions, based on implementation cost vs. potential loss assessments.
Chapter 24, "Security Processes," ties together the book's elements: threats, adversaries, attack types, and technologies by providing a set of best practices that your organization should adopt to establish a holistic security process. Schneier reminds the reader that throughout the book, he's demonstrated that each security technology has not only strengths, but also weaknesses, and each security technology only serves as a piece of the puzzle. This chapter reviews essential practices not only to decrease the odds of a successful attack, but also to respond quickly when an attack inevitably succeeds. Drawing upon the large body of knowledge provided in the remainder of the book, this chapter provides the wisdom to apply it intelligently.
Useful for every team member
Though this book discusses a very complex and technical topic, Schneier has made it easy to read with his good writing, conversational tone, and real-world analogies to clarify abstract ideas.
It introduces a broad array of security-related topics without going into a great deal of detail on any one. Schneier's goal is to portray security as a complex ecosystem of threats, attackers, technologies, and defense techniques, and not as a single product or technology that serves as a panacea against all evils.
IT architects and lead developers should read this book so they can intelligently discuss security-cost trade-offs with management and apply its techniques to produce more secure systems. Managers responsible for IT systems can use it to assess current system security and prioritize requirements related to security improvement. Those managers responsible for an IT portfolio will learn how to establish a strong and effective governance model that ensures a consistent level of security across the portfolio.
Because the book is a broad primer on digital security and does not cover implementation of particular technologies, practitioners who need to design or apply a particular technology should look for more specific books, such as those listed as resources at the end of this book. But specialists should also remember that whatever technology they integrate and/or implement is part of a broader security ecosystem; it may be wise to read Schneier's book to ensure that your piece of the puzzle fits well with all others.
Even if you already know quite a deal about security, I'd recommend reading this book, because it ties together a very broad set of topics in a coherent and systematic way that will deepen your understanding of the total security picture.
About the author | 
| | Bill Higgins, an architect with IBM Global Services, works on collaborative development technologies with IBM's On Demand Workplace and Rational organizations. Currently, he is researching portal-based solutions to assist software development teams. His technical interests include the IBM® Rational Team Unifying Platform,® IBM Lotus Workplace,® IBM WebSphere Portal Server,® mapping business processes to IT, and recording his activities and insights in his IBM developerWorks bog. He holds a BS in computer science from Penn State University.
|
Rate this page
| |
