Skip to main content

Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition

Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition

Bruce Schneier

ISBN: 978-1-119-09243-8 April 2015 448 Pages


In Stock




This anniversary edition which has stood the test of time as a runaway best-seller provides a practical, straight-forward guide to achieving security throughout computer networks. No theory, no math, no fiction of what should be working but isn't, just the facts. Known as the master of cryptography, Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. A much-touted section: Schneier's tutorial on just what cryptography (a subset of computer security) can and cannot do for them, has received far-reaching praise from both the technical and business community.

Praise for Secrets and Lies

""This is a business issue, not a technical one, and executives can no longer leave such decisions to techies. That's why Secrets and Lies belongs in every manager's library.""-Business Week

""Startlingly lively....a jewel box of little surprises you can actually use.""-Fortune

""Secrets is a comprehensive, well-written work on a topic few business leaders can afford to neglect.""-Business 2.0

""Instead of talking algorithms to geeky programmers, [Schneier] offers a primer in practical computer security aimed at those shopping, communicating or doing business online-almost everyone, in other words.""-The Economist

""Schneier...peppers the book with lively anecdotes and aphorisms, making it unusually accessible.""-Los Angeles Times

With a new and compelling Introduction by the author, this premium edition will become a keepsake for security enthusiasts of every stripe.

Foreword to 2015

15th  Anniversary Edition ix

introduction from the paperback edition x i i i

preface xxiii

About the Author xxvii

1 introduction 1

Part 1: The Landscape 11

2 digital Threats 1 4

3 attacks 23

4 adversaries 42

5 security needs 59

Part 2: technologies 83

6 cryptography 85

7 cryptography in context 102

8 computer security 120

9 i d e n t if i cat i o n and authentication 135

10 networked-computer security 151

11 network security 176

12 network defenses 188

13 software reliability 2 0 2

14 secure hardware 212

15 certificates and credentials 225

16 security tricks 240

17 the human factor 255

Part 3: strategies 271

18 vulnerabilities and the vulnerability landscape 274

19 threat modeling and risk assessment 288

20 security policies and countermeasures 307

21 attack trees 318

22 product testing and verification 334

23 the future of products 353

24 security processes 367

25 conclusion 389

afterword 396

resources 399

Acknowledgments 401

index 403