安全之美(英文影印版)
点击看大图基本信息
- 作者: Andy Oram John Viega
- 丛书名: 南京东南大学出版社O'Reilly系列
- 出版社:东南大学出版社
- ISBN:9787564122713
- 上架时间:2010-9-15
- 出版日期:2010 年6月
- 开本:16开
- 页码:281
- 版次:1-1
- 所属分类:
计算机 > 安全 > 综合
编辑推荐
·个人信息的秘密机制:它如何工作,罪犯之间的关系,以及一些他们针对被掠食对象发起突袭肘所使用的新方法
·社交网络、云计算和其他流行趋势如何帮助和伤害我们的在线安全
·衡量标准、需求收集、设计和法律如何能够把安全提升到一个更高的高度
·pgp真实又少为人知的历史
内容简介回到顶部↑
目录回到顶部↑
preface
1 psychological security traps
by peiter“mudge”zatko
learned helplessness and natvet6
confirmation traps
functionai fixation
summary
2 wireless networking:fertile ground for social engineering
byjim stickle),
easy money
wi reless gone wild
still.wireless is the future
3 beautiful security metrics
byelizabeth a.nichols
security metrics by analogy:health
security metrics by example
summary
4 the underground economy of security breaches
by chenxi wang
the makeup and infrastructure ofthe cyber underground
1 psychological security traps
by peiter“mudge”zatko
learned helplessness and natvet6
confirmation traps
functionai fixation
summary
2 wireless networking:fertile ground for social engineering
byjim stickle),
easy money
wi reless gone wild
still.wireless is the future
3 beautiful security metrics
byelizabeth a.nichols
security metrics by analogy:health
security metrics by example
summary
4 the underground economy of security breaches
by chenxi wang
the makeup and infrastructure ofthe cyber underground
前言回到顶部↑
IF ONE BELIEVES THAT NEWS HEADLINES REVEAL TRENDS, THE,SE ARE INTERESTING times for computer security buffs. As Beauti~u] Securit?went to press, I read that a piece of software capable of turning on microphones and cameras and stealing data has been discovered on more than 1,200 computers in 103 countries, particularly in embassies and other sensitive government sites. On another front, a court upheld the right of U.S. investigators to look at phone and Internet records without a warrant (so long as one end of the conversation is outside the U.S.). And this week's routine vulnerabilities include a buffer overflow in Adobe Acrobat and Adobe Reader--with known current exploits--that lets attackers execute arbitrary code on your system using your privileges after you open their PDF.
Headlines are actually not good indicators of trends, because in the long run history is driven by subtle evolutionary changes noticed only by a few--such as the leading security experts who contributed to this book. The current directions taken by security threats as well as responses can be discovered in these pages.
All the alarming news items I mentioned in the first paragraph are just business as usual in the security field. Yes, they are part of trends that should worry all of us, but we also need to look at newer and less dramatic vulnerabilities. The contributors to this book have, for decades,been on the forefront of discovering weaknesses in our working habits and suggesting unconventional ways to deal with them.
Why Security Is Beautiful
I asked security expert John Viega to help find the authors for this book out of frustration concerning the way ordinary computer users view security. Apart from the lurid descriptions of break-ins and thefts they read about in the press, average folks think of security as boring.
Security, to many, is represented by nagging reminders from system administrators to create backup folders, and by seemingly endless dialog boxes demanding passwords before a web page is displayed. Office workers roll their eyes and curse as they read the password off the notepad next to their desk (lying on top of the budget printout that an office administrator told them should be in a locked drawer). If this is security, who would want to make a career of it? Or buy a book from O'Reilly about it? Or think about it for more than 30 seconds at a time?
To people tasked with creating secure systems, the effort seems hopeless. Nobody at their site cooperates with their procedures, and the business managers refuse to allocate more than a pittance to security. Jaded from the endless instances of zero-day exploits and unpatched vulnerabilities in the tools and languages they have to work with, programmers and system administrators become lax.
This is why books on security sell poorly (although in the last year or two, sales have picked up a bit). Books on hacking into systems sell much better than books about how to protect systems, a trend that really scares me.
Well, this book should change that. It will show that security is about the most exciting career you can have. It is not tedious, not bureaucratic, and not constraining. In fact, it exercises the imagination like nothing else in technology.
Most of the programming books I've edited over the years offer a chapter on security. These chapters are certainly useful, because they allow the author to teach some general principles along with good habits, but I've been bothered by the convention because it draws a line around the topic of security. It feeds the all-too-common view of security as an add-on and an afterthought. Beauti~u] Security demolishes that conceit.
John chose for this book a range of authors who have demonstrated insight over and over in the field and who had something new to say. Some have designed systems that thousands rely on; some have taken high-level jobs in major corporations; some have testified on and worked for government bodies. All of them are looking for the problems and solutions that the rest of us know nothing about--but will be talking about a lot a few years from now.
The authors show that effective security keeps you on your toes all the time. It breaks across boundaries in technology, in cognition, and in organizational structures. The black hats in security succeed by exquisitely exercising creativity; therefore, those defending against them must do the same.
With the world's infosecurity resting on their shoulders, the authors could be chastised for taking time off to write these chapters. And indeed, many of them experienced stress trying to balance their demanding careers with the work on this book. But the time spent was worth it,because this book can advance their larger goals. If more people become intrigued with the field of security, resolve to investigate it further, and give their attention and their support to people trying to carry out organizational change in the interest of better protection, the book will have been well worth the effort.
On March 19, 2009, the Senate Committee on Commerce, Science, and Transportation held a hearing on the dearth of experts in information technology and how that hurts the country's cybersecurity. There's an urgent need to interest students and professionals in security issues;this book represents a step toward that goal.
Audience for This Book
This book is meant for people interested in computer technology who want to experience a bit of life at the cutting edge. The audience includes students exploring career possibilities, people with a bit of programming background, and those who have a modest to advanced understanding of computing.
The authors explain technology at a level where a relatively novice reader can get a sense of the workings of attacks and defenses. The expert reader can enjoy the discussions even more,as they will lend depth to his or her knowledge of security tenets and provide guidance for further research.
Donation
The authors are donating the royalties from this book to the Internet Engineering Task Force (IETF), an organization critical to the development of the Internet and a fascinating model of enlightened, self-organized governance. The Internet would not be imaginable without the scientific debates, supple standard-making, and wise compromises made by dedicated members of the IETF, described on their web page as a "large open international community of network designers, operators, vendors, and researchers." O'Reilly will send royalties to the Internet Society (ISOC), the longtime source of funding and organizational support for the IETF.
Organization of the Material
Headlines are actually not good indicators of trends, because in the long run history is driven by subtle evolutionary changes noticed only by a few--such as the leading security experts who contributed to this book. The current directions taken by security threats as well as responses can be discovered in these pages.
All the alarming news items I mentioned in the first paragraph are just business as usual in the security field. Yes, they are part of trends that should worry all of us, but we also need to look at newer and less dramatic vulnerabilities. The contributors to this book have, for decades,been on the forefront of discovering weaknesses in our working habits and suggesting unconventional ways to deal with them.
Why Security Is Beautiful
I asked security expert John Viega to help find the authors for this book out of frustration concerning the way ordinary computer users view security. Apart from the lurid descriptions of break-ins and thefts they read about in the press, average folks think of security as boring.
Security, to many, is represented by nagging reminders from system administrators to create backup folders, and by seemingly endless dialog boxes demanding passwords before a web page is displayed. Office workers roll their eyes and curse as they read the password off the notepad next to their desk (lying on top of the budget printout that an office administrator told them should be in a locked drawer). If this is security, who would want to make a career of it? Or buy a book from O'Reilly about it? Or think about it for more than 30 seconds at a time?
To people tasked with creating secure systems, the effort seems hopeless. Nobody at their site cooperates with their procedures, and the business managers refuse to allocate more than a pittance to security. Jaded from the endless instances of zero-day exploits and unpatched vulnerabilities in the tools and languages they have to work with, programmers and system administrators become lax.
This is why books on security sell poorly (although in the last year or two, sales have picked up a bit). Books on hacking into systems sell much better than books about how to protect systems, a trend that really scares me.
Well, this book should change that. It will show that security is about the most exciting career you can have. It is not tedious, not bureaucratic, and not constraining. In fact, it exercises the imagination like nothing else in technology.
Most of the programming books I've edited over the years offer a chapter on security. These chapters are certainly useful, because they allow the author to teach some general principles along with good habits, but I've been bothered by the convention because it draws a line around the topic of security. It feeds the all-too-common view of security as an add-on and an afterthought. Beauti~u] Security demolishes that conceit.
John chose for this book a range of authors who have demonstrated insight over and over in the field and who had something new to say. Some have designed systems that thousands rely on; some have taken high-level jobs in major corporations; some have testified on and worked for government bodies. All of them are looking for the problems and solutions that the rest of us know nothing about--but will be talking about a lot a few years from now.
The authors show that effective security keeps you on your toes all the time. It breaks across boundaries in technology, in cognition, and in organizational structures. The black hats in security succeed by exquisitely exercising creativity; therefore, those defending against them must do the same.
With the world's infosecurity resting on their shoulders, the authors could be chastised for taking time off to write these chapters. And indeed, many of them experienced stress trying to balance their demanding careers with the work on this book. But the time spent was worth it,because this book can advance their larger goals. If more people become intrigued with the field of security, resolve to investigate it further, and give their attention and their support to people trying to carry out organizational change in the interest of better protection, the book will have been well worth the effort.
On March 19, 2009, the Senate Committee on Commerce, Science, and Transportation held a hearing on the dearth of experts in information technology and how that hurts the country's cybersecurity. There's an urgent need to interest students and professionals in security issues;this book represents a step toward that goal.
Audience for This Book
This book is meant for people interested in computer technology who want to experience a bit of life at the cutting edge. The audience includes students exploring career possibilities, people with a bit of programming background, and those who have a modest to advanced understanding of computing.
The authors explain technology at a level where a relatively novice reader can get a sense of the workings of attacks and defenses. The expert reader can enjoy the discussions even more,as they will lend depth to his or her knowledge of security tenets and provide guidance for further research.
Donation
The authors are donating the royalties from this book to the Internet Engineering Task Force (IETF), an organization critical to the development of the Internet and a fascinating model of enlightened, self-organized governance. The Internet would not be imaginable without the scientific debates, supple standard-making, and wise compromises made by dedicated members of the IETF, described on their web page as a "large open international community of network designers, operators, vendors, and researchers." O'Reilly will send royalties to the Internet Society (ISOC), the longtime source of funding and organizational support for the IETF.
Organization of the Material
媒体评论回到顶部↑
“这一系列富有思想性的文章使读者可以超越对于耀眼的安全技术的恐惧、不确定和怀疑,从而能够感受到那些需要立即处理的安全问题的更多微妙之美。《安全之美》展示了安全的阴阳两面,以及壮观的破坏力和灿烂的创造力之间基础性的张力。”
——Gary McGraw,Cigital的CTO,《Software Security》和其他九本书的作者
——Gary McGraw,Cigital的CTO,《Software Security》和其他九本书的作者
)
加载中...
