Secrets and Lies: Digital Security in a Networked World (Review)
“That is a good book to give to your boss so that his boss will see him reading it and think that he’s getting a clue,” said the geek beside me at the coffee shop where we were both working wirelessly.
”But to me, this book is just the right thing,” I answered. ”Look, Schneier not only covers all the bases, but he’s a very clear writer and he‘s witty to boot.”
“No code, no real book,” grumbled the geek.
”It is exactly his sticking to concepts that makes the book work for such a variety of readers. Look, you could give this book to someone who thinks that setting up a home firewall has made his cable-modem connected PC secure or to someone interested in being on top of security issues or even to someone who only surfs the net but wonders what dangers lurk there. None of them would be ill served. And all of them would be enlightened.
”But the book is not just vague concepts either. Schneier uses real world experiences, narratives, and examples to get his points across without losing anyone in jargon. Since he talks about real cases, you can tell that his book is not just aiming to scare you into an awareness of computer and network security. He instructs and explains. What more could you want?
“If it‘s code that you’re after, you want Schneier‘s Applied Cryptography: Protocols, Algorithms, and Source Code in C (John Wiley & Sons, 1995). That’s the definitive text on cryptography and in nearly 800 pages, it covers cryptography so completely that a hard-core coder should be delighted for many years.
“This book is much broader and more concise. He’s got much more to talk about than cryptography now. In fact, Schneier tells us in his introduction that cryptography and firewalls are not security in and of themselves, but that they are parts of what should be a systematic approach to security that also includes monitoring, detection, and response. I mean, he tries to put it all together in a way that makes sense, not just say: ’Point here. Click there. Install this code.’ Not that Applied Cryptography was that kind of book either, but you know what kind of book I mean.”
“But those are the books I like,” said the geek with more than a little irony in his voice. “Books like Protect Your Macintosh (Peachpit, 1994) or E-Mail Security (John Wiley & Sons, 1995). Books that tell you how to think or better how to act without thinking.”
“Schneier is beyond those books now. Not that they were bad at the time. He’s still not bombastic and sensationalistic, still direct and still funny at the oddest times. I love the example of the various ways to get free pancakes, which is exhaustive and hilarious and informative. Schneier is the master of explaining the most effective techniques of theft and security breaches-social engineering or, combining jargon slightly, peer-to-peer confidence gaming.
”But I’ll agree that there is one real problem for me with this book, in a small way at the beginning and end, this book pitches Schneier‘s own company a bit too blatantly to suit me. Not that I don’t think that Counterpane Internet Security, Inc., the first Managed Security Monitoring services firm, isn’t a good idea or that it doesn’t provide a good service to its customers. I just feel like such obvious pitches weaken Schneier’s strong points by tainting his book with the scent of infomercial-and the book is much better than that.“
With that we both went back to work- or at least I did. I was banging on my keyboard and trying to get the encryption for my 802.11b wireless signals working. The geek was playing some loud repetitive music, and he seemed to be editing the music as it played.