REVIEW: "Network Security", Charlie Kaufman/Radia Perlman/Mike Speciner

[InfoSec News <isn () c4i org>]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKNTWSEC.RVW   20021106

"Network Security", Charlie Kaufman/Radia Perlman/Mike Speciner, 2002,
0-13-046019-2, U$54.99/C$85.99
%A   Charlie Kaufman ckaufman () usibm com
%A   Radia Perlman radia () alum mit edu
%A   Mike Speciner ms () alum mit edu
%C   One Lake St., Upper Saddle River, NJ   07458
%D   2002
%G   0-13-046019-2
%I   Prentice Hall
%O   U$54.99/C$85.99 201-236-7139 fax 201-236-7131 mfranz () prenhall com
%O  http://www.amazon.com/exec/obidos/ASIN/0130460192/robsladesinterne
%P   713 p.
%T   "Network Security: Private Communication in a Public World, 2e"

For communications security, this is the text.  As well as solid
conceptual background of cryptography and authentication, there is
overview coverage of specific security implementations, including
Kerberos, PEM (Privacy Enhanced Mail), PGP (Pretty Good Privacy),
IPsec, SSL (Secure Sockets Layer), AES (Advanced Encryption Standard),
and a variety of proprietary systems.  Where many security texts use
only UNIX examples, this one gives tips on Lotus Notes, NetWare, and
Windows NT.

Chapter one is an introduction, with a brief primer on networking,
some reasonable content on malware, and basic security models and
concepts.

Part one deals with cryptography.  The foundational concepts are
covered in chapter one.  Symmetric encryption, in chapter three, is
presented in terms of the operations of DES (Data Encryption
Standard), IDEA (International Data Encryption Algorithm), and AES. 
Chapter four details the major modes of DES.  The algorithms for a
number of hash functions and message digests are described in chapter
five.  Asymmetric algorithms, such as RSA (Rivest-Shamir-Adleman) and
Diffie-Hellman, are explained in chapter six, although one could wish
for just slightly more material, such as actual numeric computations,
that might reach a wider audience.  The number theory basis of much of
modern encryption is provided as well, in chapter seven.  More,
including a tiny bit on elliptic curves, is given in chapter eight.

Part two covers authentication.  The general problems are outlined in
chapter nine.  Chapter ten looks at the traditional means of
authenticating people: something you know, have, or are.  Various
problems in handshaking are reviewed in chapter eleven.  Chapter
twelve describes some strong protocols for passwords.

Part three examines a number of security standards.  Kerberos gets two
whole chapters, since we are provided with not only concepts but
actual packets: version 4 in thirteen and 5 in fourteen.  PKI (Public
Key Infrastructure) terms, components, and mechanisms are outlined in
chapter fifteen.  The basic problems in real-time communications
security are delineated in chapter sixteen.  Chapter seventeen
examines the authentication and encryption aspects of IPsec, while
chapter eighteen deals with key exchange packets.  SSL and TLS
(Transport Layer Security) are described in chapter nineteen.

Part four concentrates on electronic mail.  Chapter twenty lays out
the major concerns and problems.  Chapter twenty one discusses PEM and
S/MIME (Secure Multipurpose Internet Mail Extensions).  PGP is covered
in chapter twenty two.

Part five contains miscellaneous topics.  Chapter twenty three looks
at firewalls, twenty four at a variety of specific security systems,
and twenty five at Web issues.  Folklore, in chapter twenty six,
briefly lists a number of simple "best practices" that aren't
generally part of formal security literature.

The explanations are thorough and well written, with a humour that
illuminates the material rather than obscuring it.  The organization
of the book may be a bit odd at times (the explanation of number
theory comes only after the discussion of encryption that it
supports), but generally makes sense.  (It is, sometimes, evident that
later text has created chapters that are slightly out of place.)  The
end of chapter "homework" problems are well thought out, and much
better than the usual reading completion test.  If there is a major
weakness in the book, it is that the level of detail seems to vary
arbitrarily, and readers may find this frustrating.  Overall, though,
this work provides a solid introduction and reference for network
security related topics and technologies.

copyright Robert M. Slade, 1996, 2002   BKNTWSEC.RVW   20021106

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    February 10, 2003   February 14, 2003   St. Louis, MO
    March 31, 2003      April 4, 2003       Indianapolis, IN



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.