Thinking Security by Steven M. Bellovin - Free Chapter Included
Thinking Security is a book about adapting to rapidly changing technology and thinking out-of-the-box to prevent (or fix) future attacks. We sat down with the author, Steven Bellovin, to learn more about his book. Share
A world-respected security expert, Steven Bellovin's Thinking Security: Stopping Next Year's Hackers tackles the problem of cyber security head-on. Many people believe they're secure if they follow the same protocol from the year before, but with technology changing all the time, it's not sufficient. Thinking Security helps you understand security systematically, so you can stay updated on rapidly changing technology and prepare for the future.
We sat down with Bellovin, who caught his first hacker back in 1971, to talk about his book.
vpnMentor: What made you write Thinking Security?
Bellovin: For years, I've been saying that the worst thing to do in technology is to give yesterday's answer to today's questions. Technology changes; why should the old answers be right?
Authentication is a classic case in point -- the standard advice to "pick strong passwords" dates to 1979, a time when many people were using hardcopy terminals and had no local computing or storage capability, and might have to remember three passwords. None of that is true
today -- why should the advice remain the same?
In any case, I encountered an excess of misguided information regarding authentication, which prompted me to start writing. Fortunately, I was on sabbatical then, granting me ample time to pen a book. Other areas where I continually observed the same issues included firewalls (notably, I co-authored the pioneer book on this topic in 1994), PKI, cloud computing, and more. The issue I identified was the absence of instruction encouraging individuals to think beyond mere checklists. While I've endeavored to impart this skill to my students, there was a noticeable lack of quality resources that accomplished this. Hence, I resolved to write my own book.
vpnMentor: What new knowledge did you gain while writing this book?
Bellovin: That's a remarkably hard question to answer.
Any time you write a book, you're forced to learn the fine details of anything you cover, even in an area you know well. Take firewalls, for example. I've been working with them for a very long time -- I co-authored the very first book on them, in 1994, and have done further work on them since then -- but ruminating on what, fundamentally, firewalls are and what they're good for led me to some new insights on their role in collaborative projects, and on how to do proper logging in such situations.
For that matter, authentication is far more subtle than I had thought, even though it was a desire to dispel myths about it that led me to write this book in the first place. I have some forthcoming papers examining what, in essence, identity is, and what the real risks are for various authentication schemes.
Thinking Security: Stopping Next Year's Hackers is available for purchase on informit.com.
Click here to read the first chapter of Thinking Security.