[ISN] REVIEW: "Network Security", Charlie Kaufman/Radia Perlman/Mike Speciner

From: InfoSec News (isnat_private)
Date: Wed Jan 15 2003 - 04:12:52 PST

  • Next message: InfoSec News: "[ISN] Want to know the ten most critical web app vulnerabilities?"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    
    BKNTWSEC.RVW   20021106
    
    "Network Security", Charlie Kaufman/Radia Perlman/Mike Speciner, 2002,
    0-13-046019-2, U$54.99/C$85.99
    %A   Charlie Kaufman ckaufmanat_private
    %A   Radia Perlman radiaat_private
    %A   Mike Speciner msat_private
    %C   One Lake St., Upper Saddle River, NJ   07458
    %D   2002
    %G   0-13-046019-2
    %I   Prentice Hall
    %O   U$54.99/C$85.99 201-236-7139 fax 201-236-7131 mfranzat_private
    %O  http://www.amazon.com/exec/obidos/ASIN/0130460192/robsladesinterne
    %P   713 p.
    %T   "Network Security: Private Communication in a Public World, 2e"
    
    For communications security, this is the text.  As well as solid
    conceptual background of cryptography and authentication, there is
    overview coverage of specific security implementations, including
    Kerberos, PEM (Privacy Enhanced Mail), PGP (Pretty Good Privacy),
    IPsec, SSL (Secure Sockets Layer), AES (Advanced Encryption Standard),
    and a variety of proprietary systems.  Where many security texts use
    only UNIX examples, this one gives tips on Lotus Notes, NetWare, and
    Windows NT.
    
    Chapter one is an introduction, with a brief primer on networking,
    some reasonable content on malware, and basic security models and
    concepts.
    
    Part one deals with cryptography.  The foundational concepts are
    covered in chapter one.  Symmetric encryption, in chapter three, is
    presented in terms of the operations of DES (Data Encryption
    Standard), IDEA (International Data Encryption Algorithm), and AES. 
    Chapter four details the major modes of DES.  The algorithms for a
    number of hash functions and message digests are described in chapter
    five.  Asymmetric algorithms, such as RSA (Rivest-Shamir-Adleman) and
    Diffie-Hellman, are explained in chapter six, although one could wish
    for just slightly more material, such as actual numeric computations,
    that might reach a wider audience.  The number theory basis of much of
    modern encryption is provided as well, in chapter seven.  More,
    including a tiny bit on elliptic curves, is given in chapter eight.
    
    Part two covers authentication.  The general problems are outlined in
    chapter nine.  Chapter ten looks at the traditional means of
    authenticating people: something you know, have, or are.  Various
    problems in handshaking are reviewed in chapter eleven.  Chapter
    twelve describes some strong protocols for passwords.
    
    Part three examines a number of security standards.  Kerberos gets two
    whole chapters, since we are provided with not only concepts but
    actual packets: version 4 in thirteen and 5 in fourteen.  PKI (Public
    Key Infrastructure) terms, components, and mechanisms are outlined in
    chapter fifteen.  The basic problems in real-time communications
    security are delineated in chapter sixteen.  Chapter seventeen
    examines the authentication and encryption aspects of IPsec, while
    chapter eighteen deals with key exchange packets.  SSL and TLS
    (Transport Layer Security) are described in chapter nineteen.
    
    Part four concentrates on electronic mail.  Chapter twenty lays out
    the major concerns and problems.  Chapter twenty one discusses PEM and
    S/MIME (Secure Multipurpose Internet Mail Extensions).  PGP is covered
    in chapter twenty two.
    
    Part five contains miscellaneous topics.  Chapter twenty three looks
    at firewalls, twenty four at a variety of specific security systems,
    and twenty five at Web issues.  Folklore, in chapter twenty six,
    briefly lists a number of simple "best practices" that aren't
    generally part of formal security literature.
    
    The explanations are thorough and well written, with a humour that
    illuminates the material rather than obscuring it.  The organization
    of the book may be a bit odd at times (the explanation of number
    theory comes only after the discussion of encryption that it
    supports), but generally makes sense.  (It is, sometimes, evident that
    later text has created chapters that are slightly out of place.)  The
    end of chapter "homework" problems are well thought out, and much
    better than the usual reading completion test.  If there is a major
    weakness in the book, it is that the level of detail seems to vary
    arbitrarily, and readers may find this frustrating.  Overall, though,
    this work provides a solid introduction and reference for network
    security related topics and technologies.
    
    copyright Robert M. Slade, 1996, 2002   BKNTWSEC.RVW   20021106
    
    -- 
    ======================
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
    Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
        February 10, 2003   February 14, 2003   St. Louis, MO
        March 31, 2003      April 4, 2003       Indianapolis, IN
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Jan 15 2003 - 06:47:23 PST