Sunday, May 31, 2009

Book Review “Beautiful Security”

As I mentioned before, I just had to celebrate the release of this awesome security book “Beautiful Security” from O’Reilly, which I just finished reading.

image_thumb

Now, I will probably have a high opinion of my own chapter (“Beautiful Log Handling”) since it took some work (eh… and one complete rewrite :-)) to create (this why people LOVE O’Reilly books!!) However, I am just about as excited about the rest of the chapters in the book.

Namely:

  1. Psychological Security Traps  by Mudge: awesome chapter with some fun ideas. Must read.

  2. Wireless Networking: Fertile Ground for Social Engineering

  3. Beautiful Security Metrics by Betsy Nichols: if you are “a metrician”, there won’t be anything new (apart from here interesting medical research analogy); otherwise, a MUST read!

  4. The Underground Economy of Security Breaches: not a bad, even if a bit dated, review of underground economics.

  5. Beautiful Trade: Rethinking E-Commerce Security  by Ed Bellis: this is one of the 2 chapters  that I like more than my own (and that is coming from a fairly egotistic person ;-)); this has lots of visionary ideas on payment security.

  6. Securing Online Advertising: Rustlers and Sheriffs in the New Wild West by Ben Edelman: this one is a fascinating read about attacks by and on online advertizing. Definitely both enjoyable and insightful.

  7. The Evolution of PGP’s Web of Trust

  8. Open Source Honeyclient: Proactive Detection of Client-Side Exploits: a good read for those not familiar with “client honeypots” or “honeyclients”

  9. Tomorrow’s Security Cogs and Levers  by Mark Curphey: this chapter exudes pure awesomeness and is the best in the book; read it three times already and plan to read a few more. A quick preview of what is in the chapter is here on Mark’s blog. Sorry that it sounds cliché, but this chapter definitely stimulates new, beautiful ways of “thinking security”!!

  10. Security by Design by John McManus: a very good chapter that mixes NASA, security and software design. Read it and learn from it.

  11. Forcing Firms to Focus: Is Secure Software in Your Future? by Jim Routh: great chapter that describes one company’s battle for securing software (first, its own and then 3rd party)

  12. Oh No, Here Come the Infosecurity Lawyers: way too much ROI and ROSI to my taste; also has ALE horror. Killed all the fun for me.

  13. Beautiful Log Handling  by Anton Chuvakin: eh…make your own opinion here :-)

  14. Incident Detection: Finding the Other 68%  by Grant Geyer: good old data correlation of IDS alerts, logs and other information is covered in this well-written chapter.

  15. Doing Real Work Without Real Data

  16. Casting Spells: PC Security Theater: this chapter was sad as it was the last. It was a sad piece of misdirected marketing that should have no place in O’Reilly books, IMHO.

Overall, this was BY FAR the most insightful and enjoyable security book that I’ve read in a long time!

BTW, authors of this book are not getting paid, but feel free to grab your own copy at Amazon or elsewhere.

Possibly related posts:

Dr Anton Chuvakin