Schneier on Security

“That is a good book to give to your boss so that his boss will see him reading it and think that he’s getting a clue,” said the geek beside me at the coffee shop where we were both working wirelessly.

”But to me, this book is just the right thing,” I answered. ”Look, Schneier not only covers all the bases, but he’s a very clear writer and he‘s witty to boot.”

“No code, no real book,” grumbled the geek.

”It is exactly his sticking to concepts that makes the book work for such a variety of readers. Look, you could give this book to someone who thinks that setting up a home firewall has made his cable-modem connected PC secure or to someone interested in being on top of security issues or even to someone who only surfs the net but wonders what dangers lurk there. None of them would be ill served. And all of them would be enlightened…

If you think technology can solve your security problems, then you don’t understand the problems and you don ‘t understand the technology.

So sayeth Bruce Schneier, the guru in security systems circles. His statements are often blunt but he certainly backs them up with the right credentials. He authored one of the classic texts on cryptography (Applied Cryptography) and BLOWFISH , one of the most frequently used encryption algorithms used in business systems today. BLOWFISH is the algorithm used in the PRIMAR Security System. Although Schneier’s first book, …

There are a lot of misconceptions about computer security, and a lot of unrealistic expectations about what is and is not possible. The truth is that completely reliable computer systems are impossible to achieve, and secure computer and networking systems are equally impossible. When this is understood, one is, at last, in a position to recognize risk and manage it.

Secrets and Lies gives the clearest explanation we have yet seen as to the fundamental problems faced when dealing with technology. If you are responsible, directly or indirectly, for data security, you need to understand that it is impossible to make a program that is error-free. In addition, as programs become larger, more complex, and more connected with other programs on other machines, they become even more prone to errors and to errors caused by interactions among systems…

The internet is growing up and, like a small child becoming an adolescent, it’s having growing pains. Fortunately, we have Bruce Schneier to act as our technological Dr. Spock.

The internet has moved from a Defense Department initiative to a toy for geeks to a powerful research and communications tool and is now a major economic force. Up until recently, the net was pretty much left alone. With the advent of the World Wide Web and faster connections speeds, commerce came to the net. Now, it takes big money just to start a net company. We need to treat the net like an young adult, even though the technology is still in its infancy…

Let’s assume for a moment that you are not a techie or a hacker. You’re browsing in a bookstore and happen to pick up a copy of Secrets and Lies: Digital Security in a Networked World (John Wiley & Sons, $29.99). As you idly flip through it, all you see are dense paragraphs on arcana: the role of symmetric algorithms in encryption systems, the relative merits of code signing and access control at the interfaces, and what a one-way hash function does. Whoa! This is way over your head, you think, as you sheepishly put the book down and look for the latest Grisham thriller…