What do you think?
Rate this book
Computer Security and the Internet: Tools and Jewels
This book provides a concise yet comprehensive overview of computer and Internet security, suitable for a one-term introductory course for junior/senior undergrad or first-year graduate students. It is also suitable for self-study by anyone seeking a solid footing in security – including software developers and computing professionals, technical managers and government staff. An overriding focus is on brevity, without sacrificing breadth of core topics or technical detail within them. The aim is to enable a broad understanding in roughly 350 pages. Further prioritization is supported by designating as optional selected content within this. Fundamental academic concepts are reinforced by specifics and examples, and related to applied problems and real-world incidents. The first chapter provides a gentle overview and 20 design principles for security. The ten chapters that follow provide a framework for understanding computer and Internet security. They regularly refer back to the principles, with supporting examples. These principles are the conceptual counterparts of security-related error patterns that have been recurring in software and system designs for over 50 years.The book is “elementary” in that it assumes no background in security, but unlike “soft” high-level texts it does not avoid low-level details, instead it selectively dives into fine points for exemplary topics to concretely illustrate concepts and principles. The book is rigorous in the sense of being technically sound, but avoids both mathematical proofs and lengthy source-code examples that typically make books inaccessible to general audiences. Knowledge of elementary operating system and networking concepts is helpful, but review sections summarize the essential background.
387 pages, Hardcover
Published April 5, 2020
3 people are currently reading
18 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
April 7, 2022
One of the issues with cryptographers is that they often are not the best writers. They can write crypto algorithms that make the world secure. But are often challenged to write in a manner that an information security professional can understand. Crypto is so unique that even the RSA Conference has a separate Cryptography Track.
Paul van Oorschot is a cryptographer and professor of computer science at Carleton University in Ottawa, Ontario (note to Americans, Carleton University is not Carleton College, which is in Minnesota). While he may be a cryptographer par excellence in Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin (Springer), he is also a superb writer. The book is a technical tour de force and is broad, deep, and a quite helpful reference.
While van Oorschot is an academic, and the book has its primary audience in students in a one-term or two-term, third- or fourth-year undergraduate course in computer science; those in the corporate world looking for a highly-technical reference will find the book to be quite valuable.
At a little over 400 pages, the book covers all of the core areas of information security. It cannot be fully comprehensive, and while it may sacrifice depth for breadth, van Oorschot provides countless references in every chapter for the reader who wants to (and should) dig deeper into the topic.
A common mistake in information security is that hardware and software can protect you. Every company that has suffered a breach finds that is simply not the case. In chapter 1, van Oorschot lists 22 design principles for computer security.
He notes that no complete checklist exists that system designers can follow to guarantee that computer-based systems are secure. The reasons are many, including significant variations across technologies, environments, applications, requirements, and more. However, the design principles he details are critical for firms to consider if they are serious about security. Security hardware and software do not and cannot work in a vacuum. And if they are not deployed in the framework of a secure architecture, they will just be the technologies that can be blamed in the event of a breach.
Some of the core design principles he details include open-design, isolated components, database validations, and more. These are core considerations that are often not considered and, worse, ignored. Any organization that takes this list of 22 design principles to heart will undoubtedly have better security controls to show for it.
Even with those design principles, the next section in the book is about why computer security is hard. van Oorschot observes, as Andrew Stewart wrote in A Vulnerable System: The History of Information Security in the Computer Age, that many of today’s fundamental problems in computer security remain from decades ago, despite massive changes in computer hardware, software, applications, and environments. He lists 20 detailed reasons why this is the case.
And it is worth noting that the 20 is but a partial list. Security professionals should not be depressed by this, and more than an oncologist would be depressed in their professional by high morbidity rates. But that 20 reasons can be seen as opportunities for improvement. The bottom line is that computer security is not simple, is fraught will challenges, and includes many difficulties on the road. Nevertheless, with all that, it is a fascinating and challenging career and an essential imperative to ensure secure computing.
Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin is your go-to guide for those looking for a solid computer security introduction. As a first-rate computer scientist and writer, van Oorschot has written a book will make you a much smarter and better information security professional.
Paul van Oorschot is a cryptographer and professor of computer science at Carleton University in Ottawa, Ontario (note to Americans, Carleton University is not Carleton College, which is in Minnesota). While he may be a cryptographer par excellence in Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin (Springer), he is also a superb writer. The book is a technical tour de force and is broad, deep, and a quite helpful reference.
While van Oorschot is an academic, and the book has its primary audience in students in a one-term or two-term, third- or fourth-year undergraduate course in computer science; those in the corporate world looking for a highly-technical reference will find the book to be quite valuable.
At a little over 400 pages, the book covers all of the core areas of information security. It cannot be fully comprehensive, and while it may sacrifice depth for breadth, van Oorschot provides countless references in every chapter for the reader who wants to (and should) dig deeper into the topic.
A common mistake in information security is that hardware and software can protect you. Every company that has suffered a breach finds that is simply not the case. In chapter 1, van Oorschot lists 22 design principles for computer security.
He notes that no complete checklist exists that system designers can follow to guarantee that computer-based systems are secure. The reasons are many, including significant variations across technologies, environments, applications, requirements, and more. However, the design principles he details are critical for firms to consider if they are serious about security. Security hardware and software do not and cannot work in a vacuum. And if they are not deployed in the framework of a secure architecture, they will just be the technologies that can be blamed in the event of a breach.
Some of the core design principles he details include open-design, isolated components, database validations, and more. These are core considerations that are often not considered and, worse, ignored. Any organization that takes this list of 22 design principles to heart will undoubtedly have better security controls to show for it.
Even with those design principles, the next section in the book is about why computer security is hard. van Oorschot observes, as Andrew Stewart wrote in A Vulnerable System: The History of Information Security in the Computer Age, that many of today’s fundamental problems in computer security remain from decades ago, despite massive changes in computer hardware, software, applications, and environments. He lists 20 detailed reasons why this is the case.
And it is worth noting that the 20 is but a partial list. Security professionals should not be depressed by this, and more than an oncologist would be depressed in their professional by high morbidity rates. But that 20 reasons can be seen as opportunities for improvement. The bottom line is that computer security is not simple, is fraught will challenges, and includes many difficulties on the road. Nevertheless, with all that, it is a fascinating and challenging career and an essential imperative to ensure secure computing.
Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin is your go-to guide for those looking for a solid computer security introduction. As a first-rate computer scientist and writer, van Oorschot has written a book will make you a much smarter and better information security professional.
Displaying 1 of 1 review