The myths of security - The ultimate insider's guide to network security

Read more

If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue.

Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells you:
Why it's easier for bad guys to "own" your computer than you think
Why anti-virus software doesn't work well -- and one simple way to fix it
Whether Apple OS X is more secure than Windows
What Windows needs to do better
How to make strong authentication pervasive
Why patch management is so bad
Whether there's anything you can do about identity theft
Five easy steps for fixing application security, and more

Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.

List of contents

Foreword;
Preface;
Why Myths of Security?;
Acknowledgments;
How to Contact Us;
Safari® Books Online;
Chapter 1: The Security Industry Is Broken;
Chapter 2: Security: Nobody Cares!;
Chapter 3: It's Easier to Get "0wned" Than You Think;
Chapter 4: It's Good to Be Bad;
Chapter 5: Test of a Good Security Product: Would I Use It?;
Chapter 6: Why Microsoft's Free AV Won't Matter;
Chapter 7: Google Is Evil;
Chapter 8: Why Most AV Doesn't Work (Well);
Chapter 9: Why AV Is Often Slow;
Chapter 10: Four Minutes to Infection?;
Chapter 11: Personal Firewall Problems;
Chapter 12: Call It "Antivirus";
Chapter 13: Why Most People Shouldn't Run Intrusion Prevention Systems;
Chapter 14: Problems with Host Intrusion Prevention;
Chapter 15: Plenty of Phish in the Sea;
Chapter 16: The Cult of Schneier;
Chapter 17: Helping Others Stay Safe on the Internet;
Chapter 18: Snake Oil: Legitimate Vendors Sell It, Too;
Chapter 19: Living in Fear?;
Chapter 20: Is Apple Really More Secure?;
Chapter 21: OK, Your Mobile Phone Is Insecure; Should You Care?;
Chapter 22: Do AV Vendors Write Their Own Viruses?;
Chapter 23: One Simple Fix for the AV Industry;
Chapter 24: Open Source Security: A Red Herring;
Chapter 25: Why SiteAdvisor Was Such a Good Idea;
Chapter 26: Is There Anything We Can Do About Identity Theft?;
Chapter 27: Virtualization: Host Security's Silver Bullet?;
Chapter 28: When Will We Get Rid of All the Security Vulnerabilities?;
Chapter 29: Application Security on a Budget;
Chapter 30: "Responsible Disclosure" Isn't Responsible;
Chapter 31: Are Man-in-the-Middle Attacks a Myth?;
Chapter 32: An Attack on PKI;
Chapter 33: HTTPS Sucks; Let's Kill It!;
Chapter 34: CrAP-TCHA and the Usability/Security Tradeoff;
Chapter 35: No Death for the Password;
Chapter 36: Spam Is Dead;
Chapter 37: Improving Authentication;
Chapter 38: Cloud Insecurity?;
Chapter 39: What AV Companies Should Be Doing (AV 2.0);
Chapter 40: VPNs Usually Decrease Security;
Chapter 41: Usability and Security;
Chapter 42: Privacy;
Chapter 43: Anonymity;
Chapter 44: Improving Patch Management;
Chapter 45: An Open Security Industry;
Chapter 46: Academics;
Chapter 47: Locksmithing;
Chapter 48: Critical Infrastructure;
Epilogue;
Colophon;

About the author

John Viega, the founder and CEO of Stonewall Software, is a well-known security expert and the coauthor of Building Secure Software (Addison-Wesley) and Network Security with OpenSSL (O'Reilly). John is responsible for numerous software security tools and is the original author of Mailman, the GNU mailing list manager. He holds a B.A. and M.S. in computer science from the University of Virginia. John is also an adjunct professor of Computer Science at Virginia Tech (Blacksburg) and is a senior policy researcher at the Cyberspace Policy Institute. He serves on the technical advisory boardfor the Open Web Applications Security Project. He also founded a Washington, D.C.-area security interest group that conducts monthly lectures presented by leading experts in the field. He is the author or coauthor of nearly 80 technical publications, including numerous refereed research papers and trade articles.

Summary

Reports on the sorry state of the IT security industry and offers suggestions for professionals confronting the issue. This book tells you: why it's easier for bad guys to 'own' your computer than you think; why anti-virus software doesn't work well - and one simple way to fix it; five steps for fixing application security, and more.