Foreword to 2015

15^th Anniversary Edition ix

Introduction From the Paperback Edition xiii

Preface xxiii

About the Author xxvii

1. Introduction 1

Part 1: The Landscape 11

2. Digital Threats 14

3. Attacks 23

4. Adversaries 42

5. Security Needs 59

Part 2: Technologies 83

6. Cryptography 85

7. Cryptography in Context 102

8. Computer Security 120

9. Identification and Authentication 135

10. Networked-Computer Security 151

11. Network Security 176

12. Network Defenses 188

13. Software Reliability 202

14. Secure Hardware 212

15. Certificates and Credentials 225

16. Security Tricks 240

17. The Human Factor 255

Part 3: Strategies 271

18. Vulnerabilities and the Vulnerability Landscape 274

19. Threat Modeling and Risk Assessment 288

20. Security Policies and Countermeasures 307

21. Attack Trees 318

22. Product Testing and Verification 334

23. The Future of Products 353

24. Security Processes 367

25. Conclusion 389

Afterword 396

Resources 399

Acknowledgments 401

Index 403

Secrets and Lies remains as relevant, if not more relevant today than when first published in 2000. This special 15th anniversary edition celebrates a decade and a half of smart, straight-forward advice on achieving security throughout computer networks from the leading authority on security. Inside you will find a compelling introduction by author Bruce Schneier written specifically for this keepsake edition, one that security enthusiasts everywhere will enjoy.

This timeless bestseller explains what everyone in business needs to know about security in order to survive and be competitive. Pragmatic, interesting, and humorous, Schneier exposes the digital world and the realities of our networked society. He examines the entire system, from the reasons for technical insecurities to the minds behind malicious attacks. You'll be guided through the security war zone and learn how to understand and arm yourself against the threats of our connected world.

There are no quick fixes for digital security. And with the number of security vulnerabilities, breaches, and digital disasters increasing over time, it's vital that you learn how to manage the vulnerabilities and protect your data in this networked world. You need to understand who the attackers are, what they want, and how to deal with the threats they represent. In Secrets and Lies, you'll learn about security technologies and product capabilities, as well as their limitations. And you'll find out how to respond given the landscape of your system and the limitations of your business.

With its accessible style, this practical guide covers:

• Digital threats and attacks that you must understand
• Security products and processes
• Limitations of technology
• Steps involved in product testing to discover security flaws
• Risk assessment in your company
• Implementation of security policies and countermeasures

Secrets and Lies offers the expert guidance you'll need to make the right choices about securing your digital self.

Secrets and Lies remains as relevant, if not more relevant today than when first published in 2000. This special 15th anniversary edition celebrates a decade and a half of smart, straight-forward advice on achieving security throughout computer networks from the leading authority on security. Inside you will find a compelling introduction by author Bruce Schneier written specifically for this keepsake edition, one that security enthusiasts everywhere will enjoy.

This timeless bestseller explains what everyone in business needs to know about security in order to survive and be competitive. Pragmatic, interesting , and humorous, Schneier exposes the digital world and the realities of our networked society. He examines the entire system, from the reasons for technical insecurities to the minds behind malicious attacks. You'll be guided through the security war zone and learn how to understand and arm yourself against the threats of our connected world.

There are no quick fixes for digital security. And with the number of security vulnerabilities, breaches, and digital disasters increasing over time, it's vital that you learn how to manage the vulnerabilities and protect your data in this networked world. You need to understand who the attackers are, what they want, and how to deal with the threats they represent. In Secrets and Lies, you'll learn about security technologies and product capabilities, as well as their limitations. And you'll find out how to respond given the landscape of your system and the limitations of your business.

With its accessible style, this practical guide covers:

• Digital threats and attacks that you must understand
• Security products and processes
• Limitations of technology
• Steps involved in product testing to discover security flaws
• Risk assessment in your company
• Implementation of security policies and countermeasures

Secrets and Lies offers the expert guidance you'll need to make the right choices about securing your digital self.