Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Beyond Fear", Bruce Schneier

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKBYNDFR.RVW 20031219 Beyond Fear , Bruce Schneier, 2003, 0-387-02620-7, U$25.00/C$38.95 %A Bruce Schneier schneier@counterpane.com %C 115 Fifth Ave.,
    Message 1 of 1 , May 25, 2004
    • 0 Attachment
      BKBYNDFR.RVW 20031219

      "Beyond Fear", Bruce Schneier, 2003, 0-387-02620-7, U$25.00/C$38.95
      %A Bruce Schneier schneier@...
      %C 115 Fifth Ave., New York, NY 10003
      %D 2003
      %G 0-387-02620-7
      %I Copernicus/Springer-Verlag
      %O U$25.00/C$38.95 800-842-3636 212-254-3232 fax: 212-254-9499
      %O http://www.amazon.com/exec/obidos/ASIN/0387026207/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0387026207/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0387026207/robsladesin03-20
      %P 295 p.
      %T "Beyond Fear"

      It is instructive to view this book in light of another recent
      publication. Marcus Ranum, in "The Myth of Homeland Security" (cf.
      BKMYHLSC.RVW) complains that the DHS (Department of Homeland Security)
      is making mistakes, but provides only tentative and unlikely
      solutions. Schneier shows how security should work, and does work,
      presenting basic concepts in lay terms with crystal clarity. Schneier
      does not tell you how to prepare a security system as such, but does
      illustrate what goes on in the decision-making process.

      Part one looks at sensible security. Chapter one points out that all
      security involves a balancing act between what you want and how badly
      you want it. An important distinction is also made between safety and
      security, and the material signals the danger of ignoring the
      commonplace in order to protect against the sensational but rare.
      Fundamental security concepts are outlined as well as risk analysis.
      Chapter two examines the effect (usually negative) that bias and
      subjective perceptions have on our inherent judgment of risks.
      Security policy is based on the agenda of the major players, and
      chapter three notes that we should evaluate security systems in that
      light.

      Part two reviews how security works. Chapter four introduces systems
      and how they fail. "Know the enemy," in chapter five, is not just a
      platitude: Schneier shows how an understanding of motivations allows
      you to assess the likelihood of different types of attack. Chapter
      six is less focused than those prior: it notes that attackers reuse
      old attacks with new technologies, but it is difficult to find a
      central thread as the text meanders into different topics. Finding a
      theme in chapter seven is also difficult: yes, technology creates
      imbalances in existing power structures, and, yes, complexity and
      common mechanisms do tend to weaken security positions, but the
      relationships between those facts is not as lucidly presented as in
      earlier material. The point of chapter eight, that you always have to
      be aware of the weakest link in the security chain, even when it
      changes, is more straightforward, but the relevance of the
      illustrations surrounding it is not always obvious. Resilience in
      security systems is important, but it is not clear why this needs to
      be addressed in a separate chapter nine when it could have been
      discussed in eight with defence in depth (or "class breaks" and
      single-points-of-failure in seven). The hurried ending is also very
      likely to confuse naive readers in regard to "fail-safe" and "fail-
      secure": Schneier does not sufficiently stress the fact that the two
      concepts are not only different, but frequently in conflict. Chapter
      ten notes that people are both the strongest and weakest part of
      security: adaptable and resilient but terrible at detail; frequently
      surprisingly intuitive but often randomly foolish.

      At this point the book is not only repetitive, but loses some of its
      earlier focus and structure. Detection and prevention are examined,
      in chapter eleven, not as part of the classic matrix of controls, but
      as yet another example or aspect of resilience. Most of the rest of
      the types of controls in the preventive/detective axis are listed in
      chapter twelve, lumped together as response. Chapter thirteen looks
      at identification, authentication, and authorization (but not
      accountability, which was seen, in the form of audit, in chapter
      eleven). Various types of countermeasures are described in chapter
      fourteen. Countermeasures with respect to terrorism are examined, in
      chapter fifteen, both in general terms and in light of the events of
      9/11. What works is discussed, as well as what does not, and there is
      an interesting look at the different roles of the media in the US as
      contrasted with the UK.

      Part three, entitled "The Game of Security," is not clear as to
      purpose. Chapter sixteen starts off by pointing out that the five
      step assessment process is constant and never-ending--which begs the
      question of how to determine when diminishing returns start to set in
      on assessment itself. However, there is good material in regard to
      the actions you can take to influence decisions about security. A
      concluding editorial, in chapter seventeen, encourages the reader to
      move beyond fear and think realistically about security and the
      tradeoffs you are willing to make.

      Some of the terms Schneier uses or invents may be controversial. His
      use of "active" and "passive" failures for the concepts more commonly
      known respectively as false rejection (false positive) or false
      acceptance (false negative) is probably much clearer, initially, to
      the naive reader. The concept is an important one, and so the
      presentation of it in this way could be a good thing. On the other
      hand, does "active failure" completely map to what is meant by "false
      acceptance," and, if not, how much of a problem is created by the use
      of the new term? Similarly, "class break" does indicate the
      importance of new forms of attack, but the concept seems to partake
      aspects of defence in depth, single point of failure, and least common
      mechanism, all important constructs in their own right. Schneier's
      invention of "default to insecure" is not really any more
      understandable than the more conventional terms of fail-safe or fail-
      open.

      I recommend this book. Unlike Ranum's, "Beyond Fear" has a more
      significant chance of informing and educating the public on vital
      issues of security. Security educators will find a treasure trove of
      ideas and examples that they can use to explain security concepts, to
      a variety of audiences. Security professionals are unlikely to find
      anything new in this material, but Schneier's writing is always worth
      reading, and this work is refreshingly free of the grating of
      erroneous ideas.

      copyright Robert M. Slade, 2004 BKBYNDFR.RVW 20031219


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      .^. .^. .^. .^. .^. .^.
      _|\ /|_ _|\ /|_ _|\ /|_ _|\ /|_ _|\ /|_ _|\ /|_
      > C < > a < > n < > a < > d < > a <
      >_/|\_< >_/|\_< >_/|\_< >_/|\_< >_/|\_< >_/|\_<
      Modified from JD Small <ai369@...>
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.