Beautiful Security
Although most people don't give security much attention until their personal or business systems are attacked, this thought-provoking anthology demonstrates that digital security is not only worth thinking about, it's also a fascinating topic. Criminals succeed by exercising enormous creativity, and those defending against them must do the same.\ Beautiful Security explores this challenging subject with insightful essays and analysis on topics that include:\ \ The underground economy for...
Search in google:
The luminaries and pioneers of network security take readers beyond the headlines, hype, and hearsay to provide insight into why new measures are being undertaken and how they work.
Preface xi1 Psychological Security Traps Peiter "Mudge" Zatko 1Learned Helplessness and Naïet;veté 2Confirmation Traps 10Functional Fixation 14Summary 202 Wireless Networking: Fertile Ground for Social Engineering Jim Stickley 21Easy Money 22Wireless Gone Wild 28Still, Wireless is the Future 313 Beautiful Security Metrics Elizabeth A. Nichols 33Security Metrics by Analogy: Health 34Security Metrics by Example 38Summary 604 The Underground Economy of Security Breaches Chenxi Wang 63The Makeup and Infrastructure of the Cyber Underground 64The Payoff 66How Can We Combat This Growing Underground Economy? 71Summary 725 Beautiful Trade: Rethinking E-Commerce Security Ed Bellis 73Deconstructing Commerce 74Weak Amelioration Attempts 76E-Commerce Redone: A New Security Model 83The New Model 866 Securing Online Advertising: Rustlers and sheriffs in The New Wild West Benjamin Edelman 89Attacks on Users 89Advertisers As Victims 98Creating Accountability in Online Advertising 1057 The Evolution of PGP's Web of Trust Phil Zimmermann Jon Callas 107PGP and OpenPGP 108Trust, Validity, and Authority 108PGP and Crypto History 116Enhancements to the Original Web of Trust Model 120Interesting Areas for Further Research 128References 1298 Open Source Honeyclient: Proactive Detection of Client-Side Exploits Kathy Wang 131Enter Honeyclients 133Introducing the World's First Open Source Honeyclient 133Second-Generation Honeyclients 135Honeyclient Operational Results 139Analysis of Exploits 141Limitations of the Current Honeyclient Implementation 143RelatedWork 144The Future of Honeyclients 1469 Tomorrow's Security Cogs and Levers Mark Curphey 147Cloud Computing and Web Services: The Single Machine Is Here 150Connecting People, Process, and Technology: The Potential for Business Process Management 154Social Networking: When People Start Communicating, Big Things Change 158Information Security Economics: Supercrunching and the New Rules of the Grid 162Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All 165Conclusion 168Acknowledgments 16910 Security By Design John McManus 171Metrics with No Meaning 172Time to Market or Time to Quality? 174How a Disciplined System Development Lifecycle Can Help 178Conclusion: Beautiful Security Is an Attribute of Beautiful Systems 18111 Forcing Firms to Focus: Is Secure Software in Your Future? Jim Routh 183Implicit Requirements Can Still Be Powerful 184How One Firm Came to Demand Secure Software 185Enforcing Security in Off-the-Shelf Software 190Analysis: How to Make the World's Software More Secure 19312 Oh No, Here Come The Infosecurity Lawyers! Randy V. Sabett 199Culture 200Balance 202Communication 207Doing the Right Thing 21113 Beautiful Log Handling Anton Chuvakin 213Logs in Security Laws and Standards 213Focus on Logs 214When Logs Are Invaluable 215Challenges with Logs 216Case Study: Behind a Trashed Server 218Future Logging 221Conclusions 22314 Incident Detection: Finding The Other 68% Grant Geyer Brian Dunphy 225A Common Starting Point 226Improving Detection with Context 228Improving Perspective with Host Logging 232Summary 23715 Doing Real Work Without Real Data Peter Wayner 239How Data Translucency Works 240A Real-Life Example 243Personal Data Stored As a Convenience 244Trade-offs 244Going Deeper 245References 24616 Casting Spells: PC Security Theater Michael Wood Fernando Francisco 247Growing Attacks, Defenses in Retreat 248The Illusion Revealed 252Better Practices for Desktop Security 257Conclusion 258Contributors 259Index 269
