Managing Network Security

The Best Security Book Ever Written

by Fred Cohen

Series Introduction

Networks dominate today's computing landscape and commercial technical protection is lagging behind attack technology. As a result, protection program success depends more on prudent management decisions than on the selection of technical safeguards. Managing Network Security takes a management view of protection and seeks to reconcile the need for security with the limitations of technology.

Don't Steal This Book!

I recall that in the 1960s there was a book titled "Steal This Book!!!" that was very popular in bookstores all over the US and probably much of the rest of the English speaking world. This book basically told people how to get along without any money and encouraged theft and other similar activities in all of their various forms. That represents one end of the spectrum.

At the other end of the spectrum, we have Winn Schwartau's latest and by far his greatest book: "Internet & Computer Ethics for Kids" which can be purchased for about US$16 at

Now for those of you who know me, you also know that I have written several books on information protection and that I am a very competitive sort of person when it comes to writing the best book I can on a subject. You probably also know that my works tend to be somewhat more technical than others you may find, although I am working on getting away from being so to the point of boredom. It should therefore come as a great surprise when I tell you that Winn's book is, in my opinion...

The Best Security Book Ever Written

Yes - that's right. I think that this new book of Winn's is the best ever written, and despite the fact that I don't get a penny for saying so, I want to advise all of you to go to the Internet right now and order as many copies of this book as you can find people to give it to. After I read it, I immediately ordered a case of 50 copies (at somewhat of a discount) and had them shipped overnight so I could provide them to a substantial group of people that I work with. It will be mandatory reading for my introductory course in information protection this fall, and I think that it should be required reading for every parent, every child over the age of 8, and every teacher in every country in the world that has access to the Internet.

Now my readers may ask how it is that I have come to think so highly of this book when there are so many fantastic books out there on information protection. The answer is really quite simple. Winn has beaten all of us by leaps and bounds. But I am leaping ahead of myself, so let me tell you a little story.

The Nebraska CERT Conference

I was a keynote speaker at the CERT conference in Nebraska last week, and as is now my usual process, I reviewed the list of speakers and subjects before my talk so I could refer my audience to the things and speakers that I found most interesting at the conference. I have liked Winn's talks for a long time and, even though he gets some of the technical details a bit screwy at times, I tend to advise folks to go see his presentations because they are thoughtful and he is a nice and likeable guy. When I saw his presentation, I thought I would go to it and was particularly interested because he was running a facilitated ethics game - a great idea - and an extension of the sorts of strategic games Winn and I had worked on a few years back.

I was also fortunate enough to be on a small tour of the area with my host at the conference, seeing various folks in the area with mutual interest, chatting about things, and so forth. Along the way, he indicated to me that some on the conference committee had been concerned about inviting Winn and I to the same conference because of some perception that we didn't like each other. I was amazed by this since I have always liked Winn, even if I have occasionally criticized some of his work because, as I stated above, he doesn't always get all of the details right. As an aside, I am sure that he finds fault in things I do and say, but this doesn't mean that he doesn't like me and enjoy my presentations either.

At any rate, I straightened this out with my host and we were discussing how this sort of rumor is typically started either by a misimpression or maliciously by someone who wants to get more keynote addresses and figures that by creating a fictitious rumor about some entanglement people will back off of inviting either of us to their conference. I bring this up because the very subject is covered in "Chapter 18 - Rumor Mongering" of Winn's new book. Did I mention the URL?

How I Got My Copy

Now in order to really appreciate this review of Winn's book, you must understand how I got my copy of the book. Winn was at the conference about to leave for the airport. I had gotten a glance of the book and leafed through it quickly after his sessions and was planning to share a ride to the Airport with him and have dinner with him before we both departed on separate airlines for our respective homes. He brought some sample copies of the book along and, rather than carry them home, he decided to give them to the people who ran the conference, seed corn I guess, and told them to do with them as they pleased. I asked if I could have one of those copies and the conference people gave one to me.

Is this an ethical thing to do, I asked myself? I knew that Winn was standing there next to me and that I was taking some of his planted seed, but I also know that Winn is not one to begrudge such a thing and, because we have worked together on such things before, I knew that the $16 retail price was not going to break him or violate any rules about my getting this copy. I also figured that if the book was any good I would pay him for it later in good will anyway - and we have exchanged good will for a very long time - so this was just a drop in the bucket. That is not to say that this article is any form of payment. I'm not that cheap - or easy...

Which brings me to the next issue. There is sometimes a big difference between the law, which limits my ability to accept free anything from anyone who might ever work for or sell to my employer, and ethics, which is a personal limit on the way I decide to deal with other people in the world. You might want to read "Chapter 33 - Ethics and the Law."... did I mention you could get this at: I will be sending my check to Winn for the copy I have, or perhaps I will just ask them to take one book out of the next shipment of 50 I buy from them to give away to other folks.

I am running out of space...

but not out of praise for this book. Nor could I even hope to adequately cover it in this space. But that is not to say that the book is long or complicated. I read it on the plane between Omaha and Salt Lake City. It's less than a 2 hour flight, and I don't like to read books on airplanes, but I couldn't put it down. I did find one flaw in it - a word missing an 's' somewhere in the middle of the book. The Persian flaw I guess.

Every one of the 40 small chapters in this book is a gem and worth spending your time and effort reading. Every chapter talks about an issue, ethics, and the law, and there is no place in the book that Winn tells anybody what is right or wrong or what to do. And this is one of the things that makes this book so incredibly wonderful and valuable. Because it is exactly what the world needs. A book that helps us think about the ethics issues associated with the Internet and computers.

In addition, the book does a great job of covering many of the most common risks associated with computing - including issues of the role of government, the power of corporations, methods of attack and defense, privacy, viruses, pornography, stalking, and on and on and on. Did I mention that you can get the table of contents and buy the book at


Winn has simply out done himself and everyone else in writing this outstanding book. It is far and away the best security book ever written because it is designed to help everybody who uses computers or the Internet think about how what they do affects others.

The book also has something that I personally enjoyed a great deal. It has excellent cartoons. After all, did you expect me to read a computer book without any pictures?

Did I mention that you can get the book at

About The Author:

Fred Cohen is researching information protection as a Principal Member of Technical Staff at Sandia National Laboratories, helping clients meet their information protection needs as the Managing Director of Fred Cohen and Associates, and educating cyber defenders over-the-Internet as a practitioner in residence in the University of New Haven's Forensic Sciences Program. He can be reached by sending email to fred at or visiting