 |
Should read if ...
Nutshell review - You should read this book if you have anything to do with information security. Chapters are topic specific and can be easily used as a reference. Well written, easy to follow, great book.Very Good Book for Starters and Experienced Professionals
I found the book very interesting to read as a textbook becasue it draws many examples from everyday applications. The style of writing is good and it covers broadly all areas of IT security. For those requiring more detailed discussions in specific areas of security, this may not be sufficient.Unique in its genre
The title is maybe misleading. It is not really a guide that will show you a procedure step by step 'how to do' to build secure systems as most engineering books do. It is rather a survey of the different security protocols used in various fields. Of course, you can learn from the success and errors described in the book and use this knowledge for developing a new system but you will have to connect the dots yourself. The book is very dense in information and at first, its format was making it tedious for me to read. It did take around 3 chapters before I get accustomed to the format. Once, this aspect was out of the way, this book became amazingly interesting. It describes systems used in banking, by diplomats, military, for nuclear weapons, police, set-up box TV decoders smart cards and anti tampering devices in general, spies, biometric authentication, etc.. and focus on the security protocols used by these systems and then highlights the weaknesses of the systems and how people have figured out how to workaround these protocols. The best quality of the book is that it will help you to better understand the mindset of a secure system designer and a system hacker.Textbook for class.
The book is interesting but it's starting to show signs of it's age. I think the last revision of it was 2001, so the examples are good, yet aged. It would be great if they updated it. Still a useful and good book though.More high-level concepts and less hands-on guidance
This is certainly a good book for getting introduced to most high-level architectural concepts related to Network security, cryptography, mandatory/multi-level access control etc. From a application development perspective, this book falls short on how to build architecure, design and implement them into your business applications which ultimately meets the end-user. The author justifies the high-level concepts well enough from a generalist perspective, but the industry-standards from OASIS leans towards standards-based application security protocols..which pushes a developer/architect like me to take those suggestions first and how to apply them in real world. The book also does'nt address on how-to build security for emerging application architectures based on Service-oriented architecture (SOA), Identity Management, Net-centric Federated applications. As a developer/architect using Java or Microsoft .NET or open-source based distributed applications, I need guidance on how to implement the recommended concepts (in the book) for example using biometrics or smartcards for building multi-factor access control at my application-level...unfortunately I don't find any answers for real-world implementation.Keyword : engineering
No comments:
Post a Comment