安全之美(影印版)
安全之美(影印版)
Andy Oram, John Viega
出版时间:2010年07月
页数:281
“这一系列富有思想性的文章使读者可以超越对于耀眼的安全技术的恐惧、不确定和怀疑,从而能够感受到那些需要立即处理的安全问题的更多微妙之美。《安全之美》展示了安全的阴阳两面,以及壮观的破坏力和灿烂的创造力之间基础性的张力。”
—— Gary McGraw, Cigital的CTO, 《Software Security》和其他九本书的作者
尽管大多数人在他们个人或者公司的系统没有遭到攻击之前不会给予安全高度的重视,这本充满激辩的书籍依然表明了数字安全不仅仅是值得思考而已,它还是一个可以令人陶醉的话题。罪犯通过大量富有创造力的行为得以成功,防御方也需要付出同等的代价。
《安全之美》通过一些有着深刻见解的文章和分析探索了这样一个具有挑战性的主题,其内容包括:
· 个人信息的秘密机制:它如何工作,罪犯之间的关系,以及一些他们针对被掠食对象发起突袭时所使用的新方法
· 社交网络、云计算和其他流行趋势如何帮助和伤害我们的在线安全
· 衡量标准、需求收集、设计和法律如何能够把安全提升到一个更高的高度
· PGP真实又少为人知的历史

本书还获得了以下人员的帮助:
Peiter “Mudge” Zatko
Jim Stickley
Elizabeth A. Nichols
Chenxi Wang
Ed Bellis
Benjamin Edelman
Philip Zimmermann和Jon Callas
Kathy Wang
Mark Curphey
John McManus
Jim Routh
Randy V. Sabett
Anton Chuvakin
Grant Geyer和Brian Dunphy
Peter Wayner
Michael Wood和Fernando Francisco
  1. PREFACE
  2. 1 PSYCHOLOGICAL SECURITY TRAPS
  3. by Peiter “Mudge” Zatko
  4. Learned Helplessness and Na?veté
  5. Confirmation Traps
  6. Functional Fixation
  7. Summary
  8. 2 WIRELESS NETWORKING: FERTILE GROUND FOR SOCIAL ENGINEERING
  9. by Jim Stickley
  10. Easy Money
  11. Wireless Gone Wild
  12. Still, Wireless Is the Future
  13. 3 BEAUTIFUL SECURITY METRICS
  14. by Elizabeth A. Nichols
  15. Security Metrics by Analogy: Health
  16. Security Metrics by Example
  17. Summary
  18. 4 THE UNDERGROUND ECONOMY OF SECURITY BREACHES
  19. by Chenxi Wang
  20. The Makeup and Infrastructure of the Cyber Underground
  21. The Payoff
  22. How Can We Combat This Growing Underground Economy?
  23. Summary
  24. 5 BEAUTIFUL TRADE: RETHINKING E-COMMERCE SECURITY
  25. by Ed Bellis
  26. Deconstructing Commerce
  27. Weak Amelioration Attempts
  28. E-Commerce Redone: A New Security Model The New Model
  29. 6 SECURING ONLINE ADVERTISING: RUSTLERS AND SHERIFFS IN THE NEW WILD WEST
  30. by Benjamin Edelman
  31. Attacks on Users
  32. Advertisers As Victims
  33. Creating Accountability in Online Advertising
  34. 7 THE EVOLUTION OF PGP’S WEB OF TRUST
  35. by Phil Zimmermann and Jon Callas
  36. PGP and OpenPGP
  37. Trust, Validity, and Authority
  38. PGP and Crypto History
  39. Enhancements to the Original Web of Trust Model
  40. Interesting Areas for Further Research
  41. References
  42. 8 OPEN SOURCE HONEYCLIENT: PROACTIVE DETECTION OF CLIENT-SIDE EXPLOITS
  43. by Kathy Wang
  44. Enter Honeyclients
  45. Introducing the World’s First Open Source Honeyclient
  46. Second-Generation Honeyclients
  47. Honeyclient Operational Results
  48. Analysis of Exploits
  49. Limitations of the Current Honeyclient Implementation
  50. Related Work
  51. The Future of Honeyclients
  52. 9 TOMORROW’S SECURITY COGS AND LEVERS
  53. by Mark Curphey
  54. Cloud Computing and Web Services: The Single Machine Is Here
  55. Connecting People, Process, and Technology: The Potential for Business Process Management
  56. Social Networking: When People Start Communicating, Big Things Change
  57. Information Security Economics: Supercrunching and the New Rules of the Grid
  58. Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All
  59. Conclusion
  60. Acknowledgments
  61. 10 SECURITY BY DESIGN
  62. by John McManus
  63. Metrics with No Meaning
  64. Time to Market or Time to Quality?
  65. How a Disciplined System Development Lifecycle Can Help
  66. Conclusion: Beautiful Security Is an Attribute of Beautiful Systems
  67. 11 FORCING FIRMS TO FOCUS: IS SECURE SOFTWARE IN YOUR FUTURE?
  68. by Jim Routh
  69. Implicit Requirements Can Still Be Powerful
  70. How One Firm Came to Demand Secure Software
  71. Enforcing Security in Off-the-Shelf Software
  72. Analysis: How to Make the World’s Software More Secure
  73. 12 OH NO, HERE COME THE INFOSECURITY LAWYERS!
  74. by Randy V. Sabett
  75. Culture
  76. Balance
  77. Communication
  78. Doing the Right Thing
  79. 13 BEAUTIFUL LOG HANDLING
  80. by Anton Chuvakin
  81. Logs in Security Laws and Standards
  82. Focus on Logs
  83. When Logs Are Invaluable
  84. Challenges with Logs
  85. Case Study: Behind a Trashed Server
  86. Future Logging
  87. Conclusions
  88. 14 INCIDENT DETECTION: FINDING THE OTHER 68%
  89. by Grant Geyer and Brian Dunphy
  90. A Common Starting Point
  91. Improving Detection with Context
  92. Improving Perspective with Host Logging
  93. Summary
  94. 15 DOING REAL WORK WITHOUT REAL DATA
  95. by Peter Wayner
  96. How Data Translucency Works
  97. A Real-Life Example
  98. Personal Data Stored As a Convenience
  99. Trade-offs
  100. Going Deeper
  101. References
  102. 16 CASTING SPELLS: PC SECURITY THEATER
  103. by Michael Wood and Fernando Francisco
  104. Growing Attacks, Defenses in Retreat
  105. The Illusion Revealed
  106. Better Practices for Desktop Security
  107. Conclusion
  108. CONTRIBUTORS
  109. INDEX
书名:安全之美(影印版)
作者:Andy Oram, John Viega
国内出版社:东南大学出版社
出版时间:2010年07月
页数:281
书号:978-7-5641-2271-3
原版书出版商:O'Reilly Media
Andy Oram
 
Andy Oram是O'Reilly Media的编辑。他从1992年开始就在这家公司工作,Andy目前主要关注自由软件和开源技术。他在O'Reilly的工作成果包括第一批Linux系列丛书以及2001年的P2P系列丛书。他的编程技术和系统管理技术大多都是自学的。Andy还是Computer Professionals for Social Responsibility协会的成员并且经常在O'Reilly Network(http://oreillynet.com)和其他一些刊物上撰写文章,这些文章的主题包括互联网上的政策问题,以及影响技术创新的潮流及其对社会的影响。他的网址为http://www.praxagora.com/andyo。
 
 
John Viega
 
John Viega是迈克菲软件即服务(SaaS)事业部的首席技术官,之前曾任该公司的首席安全架构师。他也是几家安全公司的活跃顾问,包括Fortify和Bit9。他是数本安全专著的作者,包括《安全之美(Beautiful Security)》《Network Security with OpenSSL 》(都由O’Reilly出版)和《Building Secure Software》 (Addison-Wesley)。
 
 
The cover image is a cactus from Photos.com.