2000-11-14-15:07:28 [EMAIL PROTECTED]:
> [Bruce Schneier is] the author of perhaps the most popular book on
> computer security that's available to the public.
Which book are you referring to? "Secrets and Lies"? While it's a
powerful contribution in the way of standing back and re-examining
the big picture from a different direction, and has some important
thoughts on limitations of what can be achieved, I'm not sure I'd
cite it as the most popular book on computer security. It's hard to
say what that might be, but I'd be more inclined to nominate
Practical Unix and Internet Security.
If you mean Applied Cryptography, it's certainly the most valuable
and popular book on applied crypto available to the public, it
approaches being the final and definitive work on the topic, and if
he keeps updating it to track developing crypto technology (as he's
uniquely qualified to do) it may hold that role for some time. But
cryptography is only loosely related to computer security; it's a
tool which can sometimes be used to help with some security
problems, is all.
> He's generally well regarded - though having sendmail 8.8.8 on
> the secondary MX of his domain doesn't make you feel super
> confident :>
As a computer security generalist (as opposed to a cryptanalyst),
his major thrust seems to be an argument that it's impossible to
really secure systems, and after perhaps some superficial efforts to
knock out the biggest problems, the place to concentrate your
efforts is on monitoring and risk management. With that as a given,
I expect he runs sendmail and BIND; things like qmail and djbdns are
for those of us who haven't given up on really completely securing
our systems:-).
-Bennett
PGP signature
