Secrets and Lies

Computer security is a complex issue for which there are no simple answers, and this book does an excellent job of explaining just how complex it is. Bruce Schneier is well known for another industry bestseller, Applied Cryptography, and he kicks off this book by saying he got it all wrong in the earlier book.

Secrets and Lies excels as a general introduction to system security, with the bulk of its 412 pages dedicated to explaining the inherent weaknesses of computer systems, illustrated with copious examples of how they have been attacked in the real world. Systems that are secure in theory can become vulnerable when they are linked to others as part of a more complex organisation, and more vulnerable still when human fallibility enters the picture.

Schneier demonstrates in clear, easy to understand language exactly why it's so difficult to secure a computer or network against hostile intruders, and his habit of throwing in obscure words from time to time will expand the reader's vocabulary without detracting from the message. Security is not a product but a process, he explains, and then details that process.

The author's thorough and methodical demolition of security myths may leave the reader feeling a bit depressed about the vulnerability of the systems on which so much of our society depend. He admits to having stopped writing the book for a year, because he felt he could offer no hope. However, there is much to be learned here, and in the end a thorough understanding of the problems holds out more hope than a wishful denial that they exist.