REVIEW: "Internet Cryptography", Richard E. Smith

[InfoSec News <isn () c4i org>]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKINTCRP.RVW   20021215

"Internet Cryptography", Richard E. Smith, 1997, 0-201-92480-3,
U$29.95/C$44.95
%A   Richard E. Smith internet-crypto () aw com
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   1997
%G   0-201-92480-3
%I   Addison-Wesley Publishing Co.
%O   U$29.95/C$44.95 416-447-5101 fax: 416-443-0948 bkexpress () aw com
%O  http://www.amazon.com/exec/obidos/ASIN/0201924803/robsladesinterne
%P   356 p.
%T   "Internet Cryptography"

According to the preface, this book is aimed at non-specialists who
need to know just enough about cryptography to make informed technical
decisions.  As an example, Smith suggests systems administrators and
managers who, while not formally charged with security, still have to
use cryptographic techniques to secure their networks or
transmissions.

Chapter one is an introduction, contrasting what we want; secure
communications; with the environment we have to work in; a wide open
Internet.  The text also looks at the balance that must be maintained
between convenience and requirements.  Encryption basics, in chapter
two, presents the concepts of symmetric cryptography, use, and choice. 
There is a clear explanation of the ideas without overwhelming
technical details.  (It is interesting to note how quickly the
cryptographic technology changes: SKIPJACK and ITAR were still
important when the book was written, and are now basically
irrelevant.)  Some random thoughts on network implementation of
encryption are given in chapter three.  Managing secret keys, in
chapter four, provides good conceptual coverage of generation and
management, although the discussion of the problems of key escrow is
weak.  Because of the requirements for technical details when
discussing protocols, chapter five, on IPSec, is different from other
material in the book.  It also includes a brief mention of other
protocols.  Chapter six discusses the use of IPSec in virtual private
networks, while seven examines IPSec in terms of remote access. 
Chapter eight looks at IPSec in relation to firewalls, but it is
difficult to see how this would be used in an actual application.

Chapter nine reviews public key encryption and SSL (Secure Sockets
Layer).  The basic concepts of asymmetric cryptography are presented
well, but may be unconvincing due to the lack of mathematical support
and details.  While there is an introduction to the related idea of
digital signatures, SSL is really only barely mentioned.  World Wide
Web transaction security, in chapter ten, provides practical examples
of the technologies discussed.  The same is true of email, in chapter
eleven, but digital signatures get a bit more explanation.  Chapter
twelve builds on the signature concept to introduce PKI (Public Key
Infrastructure) notions.

The fundamentals are written clearly and well, and are quite suitable
for managers and users.  Despite the lack of detail, the text may even
be suitable for some security professionals who need a rough
background without needing to work with the technology itself.  The
work is easy to read, although the idiosyncratic structure may be
confusing, and the value of some chapters questionable.

copyright Robert M. Slade, 2002   BKINTCRP.RVW   20021215

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    February 10, 2003   February 14, 2003   St. Louis, MO
    March 31, 2003      April 4, 2003       Indianapolis, IN



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.