Great Book!
This is a great Information Security book.
I also sugges Ira Winkler's "Spies Among Us".
Theory of Security
I bought this title as a bundle with "Applied Cryptography" and "Practical Cryptography". I still need to read those 2 titles, but I have read "Secrets and Lies" (SL) cover to cover. My approach to reading this was that SL was that I would read the theory behind the security to start my studies on security, hacking, and cryptography. And this is just what this book is: an description of security. It is sort of like reading a book on math that describes the beauty of math, but does not list the math or have any problems for the reader to do. The reader learns the history, types of math, and interesting facts on how math can solve problems, but for further study is going to have to get a book with math problems. So the reader shouldn't expect this book to be a tech manual.
I really like this book because it shows how to think about security. The whole book is on this subject, but an example would be when he describes security in layers. He states that prevention attacks will fail, because you can't defend against every attack. So you need an instant alert that tells when you are under an attack. The sooner you know about the attack the faster you can respond. So that is prevention, detection, and response.
A weakness in prevention is people pick wrong passwords, freely give information, and don't understand the security measures. So no matter how strong you security is it is only as strong as the weakest link. Strong encryption may do well against brut force attacks, but attackers cheat. They find ways of getting around the encryption.
An example is an encrypted telephone. It would take a lot of knowledge, but if a Denial of Service attack was done on the encrypted line so the phone didn't work the "people" are going to use a regular line which can be eavesdropped on.
The book has thousands of ideas. Many much profound that is. Now that I read it, in the future I will reread sections to see what I have learned in my self-study.
Excellent Book
Excellent book. A must read for any IT professional. The first 1/3 of the book is a little slow to get going for those already familiar with security concept such as CIA.
A little old but still good
Unfortunately books on the topics of technology don't age as well as homer's masterpieces. I still found Secrets and Lies to be a good book, though it's technology is a bit out of date. S&L provides a very good review of network security in a non text book format that is enjoyable to read. The examples and stories told in the book make it very clear to the reader the need for a tight network security policy in this day and age.
A little dated but still essential reading
More people should read this book - it would greatly help to make computers and physical property more secure! A comprehensive approach and easy to understand; I immediately started changing things based on the read.
(125 reviews)
