Andy Oram

Beautiful Security (eBook, ePUB)

Leading Security Experts Explain How They Think

• Format: ePub

Produktbeschreibung

Although most people don't give security much attention until their personal or business systems are attacked, this thought-provoking anthology demonstrates that digital security is not only worth thinking about, it's also a fascinating topic. Criminals succeed by exercising enormous creativity, and those defending against them must do the same. Beautiful Security explores this challenging subject with insightful essays and analysis on topics that include:The underground economy for personal information: how it works, the relationships among criminals, and some of the new ways they pounce on their preyHow social networking, cloud computing, and other popular trends help or hurt our online securityHow metrics, requirements gathering, design, and law can take security to a higher levelThe real, little-publicized history of PGPThis book includes contributions from:Peiter "e;Mudge"e; ZatkoJim StickleyElizabeth NicholsChenxi WangEd BellisBen EdelmanPhil Zimmermann and Jon CallasKathy WangMark CurpheyJohn McManusJames RouthRandy V. SabettAnton ChuvakinGrant Geyer and Brian DunphyPeter WaynerMichael Wood and Fernando FranciscoAll royalties will be donated to the Internet Engineering Task Force (IETF).

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.

Produktdetails

• Verlag: O'Reilly Media
• Seitenzahl: 302
• Erscheinungstermin: 17. April 2009
• Englisch
• ISBN-13: 9780596555542
• Artikelnr.: 53043728

Autorenporträt

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in free software and open source technologies. His work for O'Reilly includes the first books ever published commercially in the United States on Linux, and the 2001 title Peer-to-Peer. His modest programming and system administration skills are mostly self-taught. John is CTO of the SaaS Business Unit at McAfee, his second stint at McAfee. Previously, he was their Chief Security Architect, after which he founded and served as CEO of Stonewall Software, which focused on making anti-virus technology faster, better and cheaper. John was also the founder of Secure Software (now part of Fortify). John is author of many security books, including Building Secure Software (Addison-Wesley), Network Security with OpenSSL (O'Reilly), and the forthcoming Myths of Security (O'Reilly). He is responsible for numerous software security tools and is the original author of Mailman, the GNU mailing list manager. He has done extensive standards work in the IEEE and IETF and co-invented GCM, a cryptographic algorithm that NIST has standardized. John is also an active advisor to several security companies, including Fortify and Bit9. He holds a MS and BA from the University of Virginia.

Inhaltsangabe

Preface
Why Security Is Beautiful
Audience for This Book
Donation
Organization of the Material
Conventions Used in This Book
Using Code Examples
Safari® Books Online
How to Contact Us
Chapter 1: Psychological Security Traps
1.1 Learned Helplessness and Naïveté
1.2 Confirmation Traps
1.3 Functional Fixation
1.4 Summary
Chapter 2: Wireless Networking: Fertile Ground for Social Engineering
2.1 Easy Money
2.2 Wireless Gone Wild
2.3 Still, Wireless Is the Future
Chapter 3: Beautiful Security Metrics
3.1 Security Metrics by Analogy: Health
3.2 Security Metrics by Example
3.3 Summary
Chapter 4: The Underground Economy of Security Breaches
4.1 The Makeup and Infrastructure of the Cyber Underground
4.2 The Payoff
4.3 How Can We Combat This Growing Underground Economy?
4.4 Summary
Chapter 5: Beautiful Trade: Rethinking E-Commerce Security
5.1 Deconstructing Commerce
5.2 Weak Amelioration Attempts
5.3 E-Commerce Redone: A New Security Model
5.4 The New Model
Chapter 6: Securing Online Advertising: Rustlers and Sheriffs in the New Wild West
6.1 Attacks on Users
6.2 Advertisers As Victims
6.3 Creating Accountability in Online Advertising
Chapter 7: The Evolution of PGP's Web of Trust
7.1 PGP and OpenPGP
7.2 Trust, Validity, and Authority
7.3 PGP and Crypto History
7.4 Enhancements to the Original Web of Trust Model
7.5 Interesting Areas for Further Research
7.6 References
Chapter 8: Open Source Honeyclient: Proactive Detection of Client-Side Exploits
8.1 Enter Honeyclients
8.2 Introducing the World's First Open Source Honeyclient
8.3 Second-Generation Honeyclients
8.4 Honeyclient Operational Results
8.5 Analysis of Exploits
8.6 Limitations of the Current Honeyclient Implementation
8.7 Related Work
8.8 The Future of Honeyclients
Chapter 9: Tomorrow's Security Cogs and Levers
9.1 Cloud Computing and Web Services: The Single Machine Is Here
9.2 Connecting People, Process, and Technology: The Potential for Business Process Management
9.3 Social Networking: When People Start Communicating, Big Things Change
9.4 Information Security Economics: Supercrunching and the New Rules of the Grid
9.5 Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All
9.6 Conclusion
9.7 Acknowledgments
Chapter 10: Security by Design
10.1 Metrics with No Meaning
10.2 Time to Market or Time to Quality?
10.3 How a Disciplined System Development Lifecycle Can Help
10.4 Conclusion: Beautiful Security Is an Attribute of Beautiful Systems
Chapter 11: Forcing Firms to Focus: Is Secure Software in Your Future?
11.1 Implicit Requirements Can Still Be Powerful
11.2 How One Firm Came to Demand Secure Software
11.3 Enforcing Security in Off-the-Shelf Software
11.4 Analysis: How to Make the World's Software More Secure
Chapter 12: Oh No, Here Come the Infosecurity Lawyers!
12.1 Culture
12.2 Balance
12.3 Communication
12.4 Doing the Right Thing
Chapter 13: Beautiful Log Handling
13.1 Logs in Security Laws and Standards
13.2 Focus on Logs
13.3 When Logs Are Invaluable
13.4 Challenges with Logs
13.5 Case Study: Behind a Trashed Server
13.6 Future Logging
13.7 Conclusions
Chapter 14: Incident Detection: Finding the Other 68%
14.1 A Common Starting Point
14.2 Improving Detection with Context
14.3 Improving Perspective with Host Logging
14.4 Summary
Chapter 15: Doing Real Work Without Real Data
15.1 How Data Translucency Works
15.2 A Real-Life Example
15.3 Personal Data Stored As a Convenience
15.4 Trade-offs
15.5 Going Deeper
15.6 References
Chapter 16: Casting Spells: PC Security Theater
16.1 Growing Attacks, Defenses in Retreat
16.2 The Illusion Revealed
16.3 Better Practices for Desktop Security
16.4 Conclusion
Contributors
Colophon