Prentice Hall

Business



Network Security: Private Communication in a Public World, 2/E
Charlie Kaufman
Radia Perlman
Mike Speciner

ISBN-10: 0130460192
ISBN-13: 9780130460196

Publisher: Prentice Hall
Copyright: 2003
Format: Cloth; 752 pp
Published: 04/22/2002

Suggested retail price: $69.99
Buy from myPearsonStore

Appropriate for all graduate-level and upper-level courses in network or computer security.

Widely regarded as the most comprehensive yet comprehensible guide to network security, the First Edition of Network Security received critical acclaim for its lucid and witty explanations of the inner workings of network security protocols. Now, in the Second Edition, this books exceptionally distinguished author team draws on its hard-won experience to illuminate every facet of information security, from the basics to advanced cryptography and authentication; secure Web and email services; and emerging security standards. Highlights of the books extensive new coverage include Advanced Encryption Standard (AES), IPsec, SSL, X.509 and related PKI standards, and Web security. The authors go far beyond documenting standards and technology: they contrast competing schemes, explain strengths and weaknesses, and identify the crucial errors most likely to compromise secure systems.

The classic guide to network security, now fully updated for the latest standards and technologies!

° Extensive new coverage, including PKI, IPSec, SSL, Web security, and AES.

° Definitive introduction to cryptography, authentication, and major standards.

° First edition was honored by Network Magazine as one of the Top 10 Most Useful networking books!

  • Up-to-the-minute coverage of the most important new security technologies and standards—Including the Advanced Encryption Standard (AES), IPsec, SSL, PKI, and Web security.

    • Helps students understand today's newest and most powerful security technologies.



Acknowledgments.


1. Introduction.

Roadmap to the Book. What Type of Book Is This? Terminology. Notation. Primer on Networking. Active vs. Passive Attackc. Layers and Cryptography. Authorization. Tempest. Key Escrow for Law Enforcement. Key Escrow for Careless Users. Viruses, Worms, Trojan Horses. The Multi-level Model of Security. Legal Issues.

I. CRYPTOGRAPHY.

2. Introduction to Cryptography.

What Is Cryptography? Breaking an Encryption Scheme. Types of Cryptographic Functions. Secret Key Cryptography. Public Key Cryptography. Hash Algorithms. Homework.

3. Secret Key Cryptography.

Introduction. Generic Block Encryption. Data Encryption Standard (DES). International Data Encryption Algorithm (IDEA). Advanced Encryption Standard (AES). RC4. Homework.

4. Modes of Operation.

Introduction. Encrypting a Large Message. Generating MACs. Multiple Encryption DES. CBC Outside vs. Inside. Homework.

5. Hashes and Message Digests.

Introduction. Nifty Things to Do with a Hash. MD2. MD4. MD5. SHA-1. HMAC. Homework.

6. Public Key Algorithms.

Introduction. Modular Arithmetic. RSA. Diffie-Hellman. Digital Signature Standard (DSS). How Secure Are RSA and Diffie-Hellman? Elliptic Curve Cryptography (ECC). Zero Knowledge Proof Systems. Homework Problems.

7. Number Theory.

Introduction. Modular Arithmetic. Primes. Euclid's Algorithm. Chinese Remainder Theorem. Zn. Euler's Totient Function. Euler's Theorem. Homework Problems.

8. Math with AES and Elliptic Curves.

Introduction. Notation. Groups. Fields. Mathematics of Rijndael. Elliptic Curve Cryptography. Homework.

II. AUTHENTICATION.

9. Overview of Authentication Systems.

Password-Based Authentication. Address-Based Authentication. Cryptographic Authentication Protocols. Who Is Being Authenticated? Passwords as Cryptographic Keys. Eavesdropping and Server Database Reading. Trusted Intermediaries. Session Key Establishment. Delegation. Homework.

10. Authentication of People.

Passwords. On-Line Password Guessing. Off-Line Password Guessing. How Big Should a Secret Be? Eavesdropping. Passwords and Careless Users. Initial Password Distribution. Authentication Tokens. Physical Access. Biometrics. Homework.

11. Security Handshake Pitfalls.

Login Only. Mutual Authentication. Integrity/Encryption for Data. Mediated Authentication (with KDC). Nonce Types. Picking Random Numbers. Performance Considerations. Authentication Protocol Checklist. Homework.

12. Strong Password Protocols.

Introduction. Lamport's Hash. Strong Password Protocols. Strong Password Credentials. Strong Password Credentials Download Protocols. Homework.

III. STANDARDS.

13. Kerberos V4.

Introduction. Tickets and Ticket-Granting Tickets. Configuration. Logging Into the Network. Replicated KDC's. Realms. Interrealm Authentication. Key Version Numbers. Encryption for Privacy and Integrity. Encryption for Integrity Only. Network Layer Addresses in Tickets. Message Formats. Homework.

14. Kerberos V5.

ASN.1. Names. Delegation of Rights. Ticket Lifetimes. Key Versions. Making Master Keys in Different Realms Different. Optimizations. Cryptographic Algorithms. Hierarchy of Realms. Evading Password-Guessing Attacks. Key Inside Authenticator. Double TGT Authentication. PKINIT-Public Keys for Users. KDC Database. Kerberos V5 Messages. Homework.

15. PKI (Public Key Infrastructure).

Introduction. Some Terminology. PKI Trust Models. Revocation. Directories and PKI. PKIX and X.509. X.509 and PKIX Certificates. Authorization Futures. Homework.

16. Real-time Communication Security.

What Layer? Session Key Establishment. Perfect Forward Secrecy. PFS-Foilage. Denial-of-Service/Clogging Protection. Endpoint Identifier Hiding. Live Partner Reassurance. Arranging for Parallel Computation. Session Resumption. Plausible Deniability. Data Stream Protection. Negotiating Crypto Parameters. Easy Homework. Homework.

17. IPsec: AH and ESP.

Overview of Ipsec. IP and Ipv6. AH (Authentication Header). ESP (Encapsulating Security Payload). So, Do We Need AH? Comparison of Encodings. Easy Homework. Homework.

18. IPsec: IKE.

Photuris. SKIP. History of IKE. IKE Phases. Phase 1 IKE. Phase - 2 IKE: Setting up Ipsec Sas. ISAKMP/IKE Encoding. Homework.

19. SSL/TLS.

Introduction. Using TCP. Quick TCP. Quick History. SSL/TLS Basic Protocol. Session Resumption. Computing the Keys. Client Authentication. PKI as Deployed by SSL. Version Numbers. Negotiating Cipher Suites. Negotiating Compression Method. Attacks Fixed in v3. Exportability. Encoding. Further Reading. Easy Homework. Homework.

IV. ELECTRONIC MAIL.

20. Electronic Mail Security.

Distribution Lists. Store and Forward. Security Services for Electronic Mail. Establishing Keys. Privacy. Authentication of the Source. Message Integrity. Non-Repudiation. Proof of Submission. Proof of Delivery. Message Flow Confidentiality. Anonymity. Containment. Annoying Text Format Issues. Names and Addresses. Verifying When a Message Was Really Sent. Homework.

21. PEM & S/MIME.

Introduction. Structure of a PEM Message. Establishing Keys. Some PEM History. PEM Certificate Hierarchy. Certificate Revocation Lists (CRLs). Reformatting Data to Get Through Mailers. General Structure of a PEM Message. Encryption. Source Authentication and Integrity Protection. Multiple Recipients. Bracketing PEM Messages. Forwarding and Enclosures. Unprotected Information. Message Formats. DES-CBC as MIC Doesn't Work. Differences in S/MIME. S/MIME Certificate Hierarchy. Homework.

22. PGP (Pretty Good Privacy).

Introduction. Overview. Key Distribution. Efficient Encoding. Certificate and Key Revocation. Signature Types. Your Private Key. Key Rings. Anomalies. Object Formats.

V. LEFTOVERS.

23. Firewalls.

Packet Filters. Application Level Gateway. Encrypted Tunnels. Comparisons. Why Firewalls Don't Work. Denial-of-Service Attacks. Should Firewalls Go Away?

24. More Security Systems.

NetWare V3. NetWare V4. KryptoKnight. DASS/SPX. Lotus Notes Security. DCE Security. Microsoft Windows Security. Network Denial of Service. Clipper. Homework.

25. Web Issues.

Introduction. URLs/URIs. HTTP. HTTP Digest Authentication. Cookies. Other Web Security Problems. Homework.

26. Folklore.

Perfect Forward Secrecy. Change Keys Periodically. Multiplexing Flows over a Single SA. Use Different Keys in the Two Directions. Use Different Secret Keys for Encryption vs. Integrity Protection. Use Different Keys for Different Purposes. Use Different Keys for Signing vs. Encryption. Have Both Sides Contribute to the Master Key. Don't Let One Side Determine the Key. Hash in a Constant When Hashing a Password. HMAC Rather than Simple MD. Key Expansion. Randomly Chosen Ivs. Use of Nonces in Protocols. Don't Let Encrypted Data Begin with a Constant. Don't Let Encrypted Data Begin with a Predictable Value. Compress Data Before Encrypting It. Don't Do Encryption Only. Avoiding Weak Keys. Minimal vs. Redundant Designs. Overestimate the Size of Key. Hardware Random Number Generators. Timing Attacks. Put Checksums at the End of Data. Forward Compatibility. Negotiating Parameters. Homework.

Bibliography.

Glossary.

Index.

CHARLIE KAUFMAN is a Distinguished Engineer at IBM, where he is Chief Security Architect for Lotus Notes and Domino. Previously, he was the Network Security Architect at Digital Equipment Corporation. He chaired the IETF's Web Transaction Security working group and currently serves on the IAB, the IETF's architecture board.

RADIA PERLMAN, Distinguished Engineer at Sun Microsystems, is known worldwide for her contributions to bridging (spanning tree algorithm) and routing (link state routing) as well as security (sabotage-proof networks). Perlman is the author of Interconnections: Bridges, Routers, Switches, and Internetworking Protocols, and she is one of the 25 people whose work has most influenced the networking industry, according to Data Communications magazine.

MIKE SPECINER is a Senior Consulting Engineer at ThinkEngine Networks and is a recognized expert in mathematical algorithms and operating systems.

Combined, this author team holds close to 100 patents.

The classic guide to network security—now fully updated!"Bob and Alice are back!"

Widely regarded as the most comprehensive yet comprehensible guide to network security, the first edition of Network Security received critical acclaim for its lucid and witty explanations of the inner workings of network security protocols. In the second edition, this most distinguished of author teams draws on hard-won experience to explain the latest developments in this field that has become so critical to our global network-dependent society.

Network Security, Second Edition brings together clear, insightful, and clever explanations of every key facet of information security, from the basics to advanced cryptography and authentication, secure Web and email services, and emerging security standards. Coverage includes:

  • All-new discussions of the Advanced Encryption Standard (AES), IPsec, SSL, and Web security
  • Cryptography: In-depth, exceptionally clear introductions to secret and public keys, hashes, message digests, and other crucial concepts
  • Authentication: Proving identity across networks, common attacks against authentication systems, authenticating people, and avoiding the pitfalls of authentication handshakes
  • Core Internet security standards: Kerberos 4/5, IPsec, SSL, PKIX, and X.509
  • Email security: Key elements of a secure email system-plus detailed coverage of PEM, S/MIME, and PGP
  • Web security: Security issues associated with URLs, HTTP, HTML, and cookies
  • Security implementations in diverse platforms, including Windows, NetWare, and Lotus Notes

The authors go far beyond documenting standards and technology: They contrast competing schemes, explain strengths and weaknesses, and identify the crucial errors most likely to compromise secure systems. Network Security will appeal to a wide range of professionals, from those who design or evaluate security systems to system administrators and programmers who want a better understanding of this important field. It can also be used as a textbook at the graduate or advanced undergraduate level.

Prentice Hall Series in Computer Networking and Distributed Systems

View a Sample Chapter PDF: /samplechapter/0130460192.pdf

  • Solutions Manual, 2/E
    Kaufman, Perlman & Speciner
    © 2002 | Prentice Hall | Paper | Instock
    ISBN-10: 0131019902 | ISBN-13: 9780131019904

    Solutions Manual, 2/E
    Kaufman, Perlman & Speciner
    © 2002 | Prentice Hall | Paper | Instock
    ISBN-10: 0131019902 | ISBN-13: 9780131019904

    Downloadable files:

    • Powerpoint Lectures (zip) (.2 MB | zip file | Type: Presentations)
      Compressed file contains powerpoint slides for 10 lectures.


    • Exercises (zip) (0.1 MB | zip file | Type: Assessment)
      Compressed file contains 9 suggested homework assignments.


    Help downloading files

    View Downloadable Files

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students, contact your Pearson Higher Education representative for pricing and ordering information.

This title is a member of the Radia Perlman Series in Computer Networking and Security, which also contains the titles below . You can also visit the Radia Perlman Series in Computer Networking and Security page.

    For years, Counter Hack has been the primary resource for every network/system administrator and security professional who needs a deep, hands-on understanding of hacker attacks and countermeasures. Now, leading network security experts Ed Skoudis and Tom Liston have thoroughly updated this best-selling guide, showing how to defeat today's newest, most sophisticated, and most destructive attacks.

  • 0131481045Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E
    Skoudis & Liston
    © 2006 | Prentice Hall | Paper; 784 pages | Instock
    ISBN-10: 0131481045 | ISBN-13: 9780131481046
    Brief Description | Buy from myPearsonStore

    • An administrator's guide to setting up and managing a wireless LAN. Will cover: speeds and feeds (802.11b vs 11a vs 11g) configuring an 802.11 NIC (network information center) in a Windows and Linux environment.

  • 0131014064Field Guide to Wireless LANs for Administrators and Power Users, A
    Maufer
    © 2004 | Prentice Hall | Paper; 368 pages | Out of Stock
    ISBN-10: 0131014064 | ISBN-13: 9780131014060
    Brief Description

    • Internet Denial of Service provides an in-depth look at the history and future of DDoS attacks. The authors draw on their extensive experience with actual DDoS attacks to offer practical methods for defending against and responding to such crimes. They also survey the commercial DDoS defense tools currently available and share the pros and cons of various defense strategies.
  • 0131475738Internet Denial of Service: Attack and Defense Mechanisms
    Mirkovic, Dietrich, Dittrich & Reiher
    © 2005 | Prentice Hall | Paper; 400 pages | Instock
    ISBN-10: 0131475738 | ISBN-13: 9780131475731
    Brief Description | Buy from myPearsonStore

    • Malicious code is a set of instructions that runs on your computer and makes

    your system do something that you do not want it to do. For example, it can

    delete sensitive configuration files from your hard drive, rendering your

    computer completely inoperable; infect your computer and use it as a jumpingoff

    point to spread to all of your buddies' computers; and steal files from your

    machine. Malicious code in the hands of a crafty attacker is indeed powerful.

    It's becoming even more of a problem because many of the very same factors

    fueling the evolution of the computer industry are making our systems even

    more vulnerable to malicious code. Specifically, malicious code writers benefit

    from the trends toward mixing static data and executable instructions,

    increasingly homogenous computing environments, unprecedented

    connectivity, an ever-larger clueless user base, and an unfriendly world. Skoudis

    addressed malicious code in just one chapter of his previous book. Here, a

    dozen chapters focus on one of the most interesting and rapidly developing

    areas of computer attacks.

    *Chapter 11, "Defender's Toolbox," rolls together the defensive strategies

    described in the book. As a bonus, Skoudis gives recipes for creating your own

    malicious code analysis laboratory using cheap hardware and software.

    *Foreword by Gene Schultz, security inspector for Global Integrity.

  • 0131014056Malware: Fighting Malicious Code
    Skoudis & Zeltser
    © 2004 | Prentice Hall | Paper; 672 pages | Instock
    ISBN-10: 0131014056 | ISBN-13: 9780131014053
    Brief Description | Buy from myPearsonStore

    • The book will focus on mobile networks which use IP or the Internet Protodol. Author is on IETF (Internet Eng Task Force) Group which has standardized Mobile IP and has worked inthis field at Motorola for many years. A good chunck of this book will focus on mobile IP routing and advanced mobile IP features. Author will also cover: security and firewalls in mobile IP nets, IPv6 mobility, multicasting, multi-protocol support, applications (intranet LAN to LAN, wireless LANS, conferencing, commercial wireless products).

  • 0138562466Mobile IP: The Internet Unplugged
    Solomon
    © 1998 | Prentice Hall | Paper; 384 pages | Instock
    ISBN-10: 0138562466 | ISBN-13: 9780138562465
    Brief Description | Buy from myPearsonStore

    • Appropriate for all graduate-level and upper-level courses in network or computer security.

    Widely regarded as the most comprehensive yet comprehensible guide to network security, the First Edition of Network Security received critical acclaim for its lucid and witty explanations of the inner workings of network security protocols. Now, in the Second Edition, this books exceptionally distinguished author team draws on its hard-won experience to illuminate every facet of information security, from the basics to advanced cryptography and authentication; secure Web and email services; and emerging security standards. Highlights of the books extensive new coverage include Advanced Encryption Standard (AES), IPsec, SSL, X.509 and related PKI standards, and Web security. The authors go far beyond documenting standards and technology: they contrast competing schemes, explain strengths and weaknesses, and identify the crucial errors most likely to compromise secure systems.

  • 0130460192Network Security: Private Communication in a Public World, 2/E
    Kaufman, Perlman & Speciner
    © 2003 | Prentice Hall | Cloth; 752 pages | Instock
    ISBN-10: 0130460192 | ISBN-13: 9780130460196
    Brief Description | Buy from myPearsonStore

  • 0137155883Network Security:Private Communications in a Public World, Safari, 2/E
    Kaufman, Perlman & Speciner
    © 2003 | Prentice Hall | On-line Supplement; 752 pages | Instock
    ISBN-10: 0137155883 | ISBN-13: 9780137155880
    URL: http://www.safari.informit.com


    • An implementation guide to optical networking from 2 cisco engineers. Topics covered will include: optical networking standards, optical technologies, Dense Wave Division Multiplexing, net generation intelligent optical networks, optical wavelength routing, routing with rsvp, dynamic packet transport and intelligent protection switching.

  • 013028226XNext Generation Optical Networks: The Convergence of IP Intelligence and Optical Technologies
    Tomsu & Schmutzer
    © 2002 | Prentice Hall | Paper; 352 pages | Instock
    ISBN-10: 013028226X | ISBN-13: 9780130282262
    Brief Description | Buy from myPearsonStore

    • PLEASE PROVIDE COURSE INFORMATION

    PLEASE PROVIDE

  • 0131014684Optimizing Network Performance with Content Switching: Server, Firewall and Cache Load Balancing
    Syme & Goldie
    © 2004 | Prentice Hall | Paper; 288 pages | Instock
    ISBN-10: 0131014684 | ISBN-13: 9780131014688
    Brief Description | Buy from myPearsonStore

  • 013233352XPowerPoint Slides
    Skoudis
    © 2007 | Prentice Hall | Slides | Estimated Availability: 09/25/2006
    ISBN-10: 013233352X | ISBN-13: 9780132333528


    • Appropriate for all courses in network or information security.

    This book teaches students how to secure any network, large or small. More than other books, it reflects the realities network administrators actually face on the front lines, where they are constantly under attack, and don't always get the support they need from their organizations. Former UUNet network architect Allan Liska addresses every facet of network security, including defining security models, access control, Web/DNS/email security, remote access and VPNs, wireless LAN/WAN security, day-to-day monitoring and logging, attack response, and more. He systematically identifies today's most widespread security mistakes and vulnerabilities, offering realistic and up-to-date solutions. He then integrates these techniques in an end-to-end case study, showing how to redesign an insecure enterprise network for maximum security, one step at a time.

  • 0130462233Practice of Network Security, The: Deployment Strategies for Production Environments
    Liska
    © 1996 | Prentice Hall | Paper; 416 pages | Instock
    ISBN-10: 0130462233 | ISBN-13: 9780130462237
    Brief Description | Buy from myPearsonStore

    • This book is the complete reference to today’s only Internet-based document

    authoring and management standard: WebDAV (Web-based Distributed

    Authoring and Versioning). If your work involves collaborative document

    authoring, document management or Web or print publishing, WebDAV is

    beginning to change the way you share documents with others.

    Until recently, the Web has been limited to download and display capabilities.

    HTTP editing functions do not allow multiple authors to work on the same

    document remotely and in a secure manner. Much Web content authoring is

    collaborative and occurs remotely. WebDAV is the first standard protocol to

    address this need. It builds on and extends HTTP to bring the same benefits to

    authoring that the Web has already brought to viewing content.

    The Web is finally becoming a true authoring medium.

    In the past year, support for WebDAV has greatly accelerated. Authors can

    now use WebDAV in products such as Dreamweaver and Adobe products

    such as Photoshop, GoLive and in the recently released version of

    Framemaker WebDAV is also being supported in the operating systems

    including MAC OS X and Windows XP.

  • 0130652083WebDAV: Next-Generation Collaborative Web Authoring
    Dusseault
    © 2004 | Prentice Hall | Paper; 480 pages | Instock
    ISBN-10: 0130652083 | ISBN-13: 9780130652089
    Brief Description | Buy from myPearsonStore

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students, browse our available packages below, or contact your Pearson Higher Education representative to create your own package.



Copyright ©2008 Pearson Education. All rights reserved. Legal Notice | Privacy Policy | Permissions