It
is instructive to view this book in light of another
recent
publication. Marcus Ranum, in "The Myth of Homeland
Security" (cf.
BKMYHLSC.RVW) complains that the DHS (Department of Homeland
Security)
is making mistakes, but provides only tentative and unlikely
solutions. Schneier shows how security should work, and
does work,
presenting basic concepts in lay terms with crystal clarity.
Schneier
does not tell you how to prepare a security system as
such, but does
illustrate what goes on in the decision-making process.
Part
one looks at sensible security. Chapter one points
out that all
security involves a balancing act between what you want
and how badly
you want it. An important distinction is also made between
safety and
security, and the material signals the danger of ignoring
the
commonplace in order to protect against the sensational
but rare.
Fundamental security concepts are outlined as well as
risk analysis.
Chapter two examines the effect (usually negative) that
bias and
subjective perceptions have on our inherent judgment
of risks.
Security policy is based on the agenda of the major players,
and
chapter three notes that we should evaluate security
systems in that
light.
Part
two reviews how security works. Chapter four introduces
systems
and how they fail. "Know the enemy," in chapter
five, is not just a
platitude: Schneier shows how an understanding of motivations
allows
you to assess the likelihood of different types of attack.
Chapter
six is less focused than those prior: it notes that attackers
reuse
old attacks with new technologies, but it is difficult
to find a
central thread as the text meanders into different topics.
Finding a
theme in chapter seven is also difficult: yes, technology
creates
imbalances in existing power structures, and, yes, complexity
and
common mechanisms do tend to weaken security positions,
but the
relationships between those facts is not as lucidly presented
as in
earlier material. The point of chapter eight, that you
always have to
be aware of the weakest link in the security chain, even
when it
changes, is more straightforward, but the relevance of
the
illustrations surrounding it is not always obvious. Resilience
in
security systems is important, but it is not clear why
this needs to
be addressed in a separate chapter nine when it could
have been
discussed in eight with defence in depth (or "class
breaks" and
single-points-of-failure in seven). The hurried ending
is also very
likely to confuse naive readers in regard to "fail-safe" and "fail-
secure": Schneier does not sufficiently stress the
fact that the two
concepts are not only different, but frequently in conflict.
Chapter
ten notes that people are both the strongest and weakest
part of
security: adaptable and resilient but terrible at detail;
frequently
surprisingly intuitive but often randomly foolish.
At
this point the book is not only repetitive, but loses
some of its
earlier focus and structure. Detection and prevention
are examined,
in chapter eleven, not as part of the classic matrix
of controls, but
as yet another example or aspect of resilience. Most
of the rest of
the types of controls in the preventive/detective axis
are listed in
chapter twelve, lumped together as response. Chapter
thirteen looks
at identification, authentication, and authorization
(but not
accountability, which was seen, in the form of audit,
in chapter
eleven). Various types of countermeasures are described
in chapter
fourteen. Countermeasures with respect to terrorism are
examined, in
chapter fifteen, both in general terms and in light of
the events of
9/11. What works is discussed, as well as what does not,
and there is
an interesting look at the different roles of the media
in the US as
contrasted with the UK.
Part
three, entitled "The Game of Security," is
not clear as to
purpose. Chapter sixteen starts off by pointing out that
the five
step assessment process is constant and never-ending--which
begs the
question of how to determine when diminishing returns
start to set in
on assessment itself. However, there is good material
in regard to
the actions you can take to influence decisions about
security. A
concluding editorial, in chapter seventeen, encourages
the reader to
move beyond fear and think realistically about security
and the
tradeoffs you are willing to make.
Some
of the terms Schneier uses or invents may be controversial.
His
use of "active" and "passive" failures
for the concepts more commonly
known respectively as false rejection (false positive)
or false
acceptance (false negative) is probably much clearer,
initially, to
the naive reader. The concept is an important one, and
so the
presentation of it in this way could be a good thing.
On the other
hand, does "active failure" completely map
to what is meant by "false
acceptance," and, if not, how much of a problem
is created by the use
of the new term? Similarly, "class break" does
indicate the
importance of new forms of attack, but the concept seems
to partake
aspects of defence in depth, single point of failure,
and least common
mechanism, all important constructs in their own right.
Schneier's
invention of "default to insecure" is not really
any more
understandable than the more conventional terms of fail-safe
or fail-
open.
I
recommend this book. Unlike Ranum's, "Beyond
Fear" has a more
significant chance of informing and educating the public
on vital
issues of security. Security educators will find a treasure
trove of
ideas and examples that they can use to explain security
concepts, to
a variety of audiences. Security professionals are unlikely
to find
anything new in this material, but Schneier's writing
is always worth
reading, and this work is refreshingly free of the grating
of
erroneous ideas.
copyright Robert M. Slade, 2004 BKBYNDFR.RVW 20031219
|