Product Description

The first quick reference guide to the do′s and don′ts of creating high quality security systems.
Ross Anderson, widely recognized as one of the world′s foremost authorities on security engineering, presents a comprehensive design tutorial that covers a wide range of applications. Designed for today′s programmers who need to build systems that withstand malice as well as error (but have no time to go do a PhD in security), this book illustrates basic concepts through many real–world system design successes and failures. Topics range from firewalls, through phone phreaking and copyright protection, to frauds against e–businesses. Anderson′s book shows how to use a wide range of tools, from cryptology through smartcards to applied psychology. As everything from burglar alarms through heart monitors to bus ticket dispensers starts talking IP, the techniques taught in this book will become vital to everyone who wants to build systems that are secure, dependable and manageable.

Product Details

• Amazon Sales Rank: #130762 in Books
• Published on: 2001-04-09
• Number of items: 1
• Binding: Paperback
• 640 pages

Amazon.co.uk Review
Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorised use and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading, and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions upon.

Be aware: this is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenuous ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the Cold War brought on a decline in defences against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say) and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity and always use common sense in defending valuables. It is a terrific read for security professionals and general readers alike. --David Wall

Topics covered: how some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the US Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology and legal matters.

Review
"While many of the chapter topics may sound unexciting, Anderson has a wonderful writing style and at times reads almost like a Tom Clancy thriller with its details of military command and control systems and other similar topics. Anyone responsible for information security should read Security Engineering." (UnixReview.com, July 2001)

"an eminently readable yet comprehensive book" (Network News, 12 September 2001)

Review
"...Anyone responsible for information security should read Security Engineering." (UnixReview.com, July 2001)

"an eminently readable yet comprehensive book" (Network News, 12 September 2001)

Customer Reviews

A Darned Good Read!
The best general Information Security introduction I�ve read. Very readable, with lots of references, Ross combines a wealth of practical experience with his academic prowess. Note that whilst he explains much of the technology in detail, it is not technology-specific in the way of, say, Hacking Exposed. This is not really a �how to do IS in 10 easy steps� book - it is more reflective, and questions many traditional assumptions. It also takes a critical look at many of the issues involved with physical security, though does not cover Disaster Recovery/ Business Continuity Planning.

Thanks Ross for a much needed book
Security Engineering combined with Ross's website is a great service to Computer Security professionals and Security researchers.
I used to spend countess hours searching for information on banking security and other topics, since I got this book, my time is better spent analysing information rather than searching. The book has excellent references and resources. I am amazed at the amount of information this book contains.
Security Engineering is a great text book for my Security Courses.

I sincerely hope that Ross will write some more books soon.

The best possible introduction to security.
Should be added to the list of required reading for CEO's and CIO's of all companies that work with "systems" of any type.
The book has been written in a manner that both groups of people could understand. There are masses of references for those who want to go deeper.