The Craft of System Security
Authors: Sean Smith, John Marchesini
Publisher: Addison-Wesley Professional
Computer security is an immense topic and there are thousands of books available that cover every possible technology and tool on the market. What makes this book different from the majority is the content which does not deal with one specific area but instead fixes on offering a hard-rock starting point for anyone dealing with this complex subject. The idea is that you learn the basics about a variety of topics which makes it easier to focus on specific areas as you decide what to specialize in. How does it perform? Read on to find out.
About the authors
Professor Sean Smith has been working in information security since before there was a Web. His current work, as PI of the DartmouthPKI/Trust Lab, investigates how to build trustworthy systems in the real world.
Dr. John Marchesini worked in BindView’s RAZOR security research group. He conducted numerous application penetration tests and worked closely with architects and developers to design and build secure systems. John is now the Principal Security Architect at EminentWare.
Inside the book
As I expected, the book kicks off with a trip down memory lane where we learn about the history of computer security. The mention of the Orange Book in particular should give old timers and movie buffs that still remember the movie Hackers something to think about. Plenty of indispensable facts that make for a proper introduction.
An entire chapter is dedicated to OS security, truly a tremendously important topic. You’ll discover the base elements of an OS, what common attack strategies and methods are, and more. It’s not nearly as comprehensive as one might expect, but we’re dealing with a book that offers an overview of everything, not specific details. What caught my eye is a brief debate on Windows vs. Linux vs. Mac security that is very superficial and should have been either expanded to include solid arguments or left out of the book.
Naturally, network security is covered as well and the essentials are present – the protocols, attacks, defenses, wireless, etc.
When analyzing what makes secure systems, the authors dwell deep into explaining cryptography, authentication and PKI. This is an area where newcomers will have to be quite attentive as the text gets into particularly technical territory.
Next you learn about security on the web by reading about Cross Site Scripting (XSS), Secure Sockets Layer (SSL), privacy issues, anonymous browsing, etc. The authors bring forth aspects on office security, property protection as well as hardware-based security, a topic that tends to get neglected or portrayed with hardly any importance.
Since computer security is a fast-paced environment where technologies come and go as well as evolve quickly because of numerous threats, titles dealing with specific topics can become outdated in just a year or two. The Craft of System Security will stand the test of time as it succeeds in providing a foundation for students that want to acquire skills in computer security.
What’s very important to emphasize that this is not a book filled with practical information. Don’t expect to get hands-on experience regarding XSS or hardening your Linux server. However, if you haven’t touched computer security yet, this book will provide you with principles based on which you’ll get the general idea on what your future interests might be.