BKNTWSEC.RVW 20021106 "Network Security", Charlie Kaufman/Radia Perlman/Mike Speciner, 2002, 0-13-046019-2, U$54.99/C$85.99 %A Charlie Kaufman ckaufman@usibm.com %A Radia Perlman radia@alum.mit.edu %A Mike Speciner ms@alum.mit.edu %C One Lake St., Upper Saddle River, NJ 07458 %D 2002 %G 0-13-046019-2 %I Prentice Hall %O U$54.99/C$85.99 201-236-7139 fax 201-236-7131 mfranz@prenhall.com %O http://www.amazon.com/exec/obidos/ASIN/0130460192/robsladesinterne %P 713 p. %T "Network Security: Private Communication in a Public World, 2e" For communications security, this is the text. As well as solid conceptual background of cryptography and authentication, there is overview coverage of specific security implementations, including Kerberos, PEM (Privacy Enhanced Mail), PGP (Pretty Good Privacy), IPsec, SSL (Secure Sockets Layer), AES (Advanced Encryption Standard), and a variety of proprietary systems. Where many security texts use only UNIX examples, this one gives tips on Lotus Notes, NetWare, and Windows NT. Chapter one is an introduction, with a brief primer on networking, some reasonable content on malware, and basic security models and concepts. Part one deals with cryptography. The foundational concepts are covered in chapter one. Symmetric encryption, in chapter three, is presented in terms of the operations of DES (Data Encryption Standard), IDEA (International Data Encryption Algorithm), and AES. Chapter four details the major modes of DES. The algorithms for a number of hash functions and message digests are described in chapter five. Asymmetric algorithms, such as RSA (Rivest-Shamir-Adleman) and Diffie-Hellman, are explained in chapter six, although one could wish for just slightly more material, such as actual numeric computations, that might reach a wider audience. The number theory basis of much of modern encryption is provided as well, in chapter seven. More, including a tiny bit on elliptic curves, is given in chapter eight. Part two covers authentication. The general problems are outlined in chapter nine. Chapter ten looks at the traditional means of authenticating people: something you know, have, or are. Various problems in handshaking are reviewed in chapter eleven. Chapter twelve describes some strong protocols for passwords. Part three examines a number of security standards. Kerberos gets two whole chapters, since we are provided with not only concepts but actual packets: version 4 in thirteen and 5 in fourteen. PKI (Public Key Infrastructure) terms, components, and mechanisms are outlined in chapter fifteen. The basic problems in real-time communications security are delineated in chapter sixteen. Chapter seventeen examines the authentication and encryption aspects of IPsec, while chapter eighteen deals with key exchange packets. SSL and TLS (Transport Layer Security) are described in chapter nineteen. Part four concentrates on electronic mail. Chapter twenty lays out the major concerns and problems. Chapter twenty one discusses PEM and S/MIME (Secure Multipurpose Internet Mail Extensions). PGP is covered in chapter twenty two. Part five contains miscellaneous topics. Chapter twenty three looks at firewalls, twenty four at a variety of specific security systems, and twenty five at Web issues. Folklore, in chapter twenty six, briefly lists a number of simple "best practices" that aren't generally part of formal security literature. The explanations are thorough and well written, with a humour that illuminates the material rather than obscuring it. The organization of the book may be a bit odd at times (the explanation of number theory comes only after the discussion of encryption that it supports), but generally makes sense. (It is, sometimes, evident that later text has created chapters that are slightly out of place.) The end of chapter "homework" problems are well thought out, and much better than the usual reading completion test. If there is a major weakness in the book, it is that the level of detail seems to vary arbitrarily, and readers may find this frustrating. Overall, though, this work provides a solid introduction and reference for network security related topics and technologies. copyright Robert M. Slade, 1996, 2002 BKNTWSEC.RVW 20021106