Network Security: Private Communication in a Public World
Charlie Kaufman
Radia Perlman
Mike Speciner

ISBN-10: 0130614661
ISBN-13: 9780130614667

Publisher: Prentice Hall
Copyright: 1995
Format: Cloth; 640 pp
Status: Out of Print

Suggested retail price: $86.65
This item is out of print and is no longer available for purchase.

A comprehensive yet comprehensible and witty guide to the latest advances in computer network security protocols. In this book the authors go beyond documenting standards and technology; they contrast competing schemes, explain weaknesses and strengths, and describe common mistakes people make when intending to design secure systems.

  • Examines the state of computer network security—what works, what doesn't, and why.
  • Explains clearly the cryptographic algorithms on which most network data systems depend.
  • Provides comprehensive descriptions of many authentication systems, including Kerberos, NetWare, Lotus Notes, DASS, and KryptoKnight.
  • Offers a rigorous treatment of secure electronic mail standards, including PEM, PGP, and X.400.
  • Describes classic security pitfalls and how to avoid them when designing protocols.

Acknowledgments.
1. Introduction.

Roadmap the Book. What Type of Book is This? Terminology. Notation. Primer on Networking. OSI Reference Model. Directory Service. Replicated Services. Packet Switching. Network Components. Destinations: Ultimate and Intermediate. Address Structure. Tempest. Firewalls/Security Gatesway. Packet Filters. Application Level Getaway. Encrypted Tunnels. Key Escrow for Law Enforcement. Key Escrow for Careless Users. Viruses, Worms, Trojan Horses. Where Do They Come From? Spreading Pests from Machine to Machine. Virus Checkers. What Can We Do Today? Wish List for the Future. The Military Model of Security. Mandatory (Nondiscretionary) Access Controls. Levels of Security. Mandatory Access Control Rules. Covert Channels. The Orange Book. Legal Issues. Patents. Export Controls.

2. Introduction to Cryptography.
What Is Cryptography? Computational Difficulty. To Publish or Not to Publish. Secret Codes. Breaking an Encryption Scheme. Ciphertext Only. Known Plaintext. Chosen Plaintext. Types of Cryptographic Functions. Secret Key Cryptography. Security Uses of Secret Key Cryptography. Transmitting Over an Insecure Channel. Secure Storage on Insecure Media. Authentication. Integrity Check. Public Key Cryptography. Security Uses of Public Key Cryptography. Transmitting Over an Insecure Channel. Secure Storage on Insecure Media. Authentication. Digital Signatures. Hash Algorithms. Password Hashing. Message Integrity. Message Fingerprint. Downline Load Security. Digital Signature Efficiency. Homework.

3. Secret Key Cryptography.
Introduction. Generic Block Encryption. Data Encryption Standard (DES). DES Overview. The Permutations of the Data. Generating the Per- Round Keys. A DES Round. The Mangler Function. Weak and Semi-Weak Keys. What's So Special About DES? International Data Encryption Algorithm (IDEA). Primitive Operations. Key Expansion. One Round. Odd Round. Even Round. Inverse Keys for Decryption. Does IDEA Work? Using Secret Key Cryptography in Protocols. Encrypting a Large Message. Electronic Code Book (ECB). Cipher Block Chaining (CBC). CBC Threat 1—Modifying Ciphertext Blocks. CBC Threat 2—Rearranging Ciphertext Blocks. Output Feedback Mode (OFB). Cipher Feedback Mode (CFB). Generating MIC's. Ensuring Privacy and Integrity Together. CBC with a Weak Cryptographic Checksum. CBC with a Cryptographic Hash. CBC Encryption and CBC Residue with Related Keys. Multiple Encryption DES. How Many Encryptions? Encrypting Twice with the Same Key. Encrypting Twice with Two Keys. Triple Encryption. CBC Outside vs Inside. Homework.

4. Hashes and Message Digests.
Introduction. Nifty Things to Do with a Hash. Authentication. Computing an MIC with a Hash. Encryption with a Message Digest. Generating a One-Time Pad. Mixing in the Plaintext. Using Secret Key for a Hash. UNIX Password Hash. Hashing Large Messages. MD2. MD2 Padding.2 MD2 Checksum Computation. MD2 Final Pass. MD4. MD4 Message Padding. Overview of MD4 Message Digest Computation. MD4 Message Digest Pass 1. MD4 Message Digest Pass 2. MD4 Message Digest Pass 3. MD5. MD5 Message Padding. Overview of MD5 Message Digest Computation. MD5 Message Digest Pass 1. MD5 Message Digest Pass 2. MD5 Message Digest Pass 3. MD5 Message Digest Pass 4. SHS. SHS Message Padding. Overview of SHS Message Digest Computation. SHS Operation on a 512-bit Block. Homework.

5. Public Key Algorithms.
Introduction. Modular Arithmetic. Modular Addition. Modular Multiplication. Modular Exponentitation. RSA. RSA Algorithm. Why Does RSA Work. Why is RSA Secure? How Efficient Are the RSA Operations? Exponentiating With Big Numbers. Generating RSA Keys. Finding Big Primes p and q. Finding d and e. Having a Small Constant e. Optimizing RSA Private Key Operations. Arcane RSA Threats. Smooth Numbers. The Cube Root Problem. Public-Key Cryptography Standard (PKCS). Encryption. Signing. Diffie- Hellman. The Bucket Brigade Attack. Diffie-Hellman with Published Public Papers. Encryption with Diffie-Hellman. El Gamal Signatures. Diffie- Hellman Details—Strong Primes. Digital Signature Standard (DSS). The DSS Algorithm. Why Does the Verification Procedure Work? Why is This Secure? Per-Message Secret Number. Zero Knowledge Proof Systems. Zero Knowledge Signatures. Homework Problems.

6. Number Theory.
Introduction. Modular Arithmetic. Primes. Euclid's Algorithm. Finding Multiplicative Inverses in Modular Arithmetic. Chinese Remainder Theorem. Zn*. Euler's Totient Function. Euler's Theorem. A Generalization on Euler's Theorem. Homework Problems.

7. Authentication Systems.
Password-Based Authentication. Off- vs. On-Line Password Guessing. Storing User Passwords. Address-Based Authentication. Network Address Impersonation. Cryptographic Authentication Protocols. Who Is Being Authenticated? Passwords as Cryptographic Keys. Eavesdropping and Server Database Reading. Trusted Intermediaries. KDCs. Certification Authorities (CAs). Certificate Revocation. Multiple Trusted Intermediaries. Multiple KDC Domains. Multiple CA Domains. Session Key Establishment. Authorization. Groups. Hierarchial Groups. Delegation. Homework.

8. Authentication of People.
Passwords. On-Line Password Guessing. Off-Line Password Guessing. How Big Should a Secret Be? Eavesdropping. Passwords and Careless Users. Using a Password in Multiple Places. Requiring Frequent Password Changes. A Login Trojan Horse to Capture Passwords. Non-Login Use of Passwords. Initial Password Distribution. Authentication Tokens. Physical Access. Biometrics. Homework.

9. Security Handshake Pitfalls.
Login Only. Shared Secret. One-Way Public Key. Lamport's Hash. Mutual Authentication. Reflection Attack. Password Guessing. Public Keys. Timestamps. Integrity/Encryption for Data. Shared Secret. Two-Way Public Key Based Authentication. One-Way Public Key Based Authentication. Lamport Hash. Privacy and Integrity. Meditated Authentication (with KDC). Needham- Schroeder. Expanded Needham-Schroeder. Otway-Rees. Bellovin-Merritt. Network Login and Password Guessing. Nonce Types. Picking Random Numbers. X.609 Problem. Performance Considerations. Authentication Protocol Checklist. Homework.

10. Kerberos V4.
Introduction. Tickets and Ticket-Granting Tickets. Configuration. Logging into the Network. Obtaining a Session Key and TGT. Alice Asks to Talk to a Remote Node. Replicated KDC's. Realms. Interrealm Authentication. Key Version Numbers. Encryption for Privacy and Integrity. Encryption for Integrity Only. Network Layer Addresses in Tickets. Message Formats. Tickets. Authenticators. Credentials. AS_REQ. TGS_REQ. AS_REP and TGS_REP. Error Reply from KDC. AP_REQ. AP_REP. Encrypted Data (KRB_PRV). Integrity-Checked Data (SAFE). AP_ERR. Homework.

11. Kerberos V5.
ASN. Names. Delegation of Rights. Ticket Lifetimes. Renewable Tickets. Postdated Tickets. Key Versions. Making Master Keys in Different Realms Different. Optimizations. Cryptographic Algorithms. Integrity-Only Algorithms. rsa-md5-des. des-mac. des-mac-k. rsa-md4-des. rsa-md4-des-k. Encryption for Privacy and Integrity. Hierarchy of Realms. Evading Password-Guessing Attacks. Key Inside Authenticator. Double TGT Authentication. KDC Database. Kerberos V5 Messages. Authenticator. Ticket. AS_REQ. TGS_REQ. AS_REP. TGS_REP. AP_REQ. AP-REP. KRB_SAFE. KRB_PRIV. KRB_CRED. KRB_ERROR. Homework.

12. Electronic Mail Security.
Distribution Lists. Store and Forward. Security Services for Electronic Mail. Establishing Keys. Establishing Public Keys. Establishing Secret Keys. Privacy. End-to-End Privacy. Privacy with Distribution List Exploders. Authentication of the Source. Source Authentication Based on Public Key Technology. Source Authentication Based on Secret Keys. Source Authentication with Distribution Lists. Message Integrity. Message Integrity Without Source Authentication. Non-Repudiation. Non-Repudiation Based on Public Key Technology. Plausible Deniability Based on Public Key Technology. Non-Repudiation with Secret Keys. Proof of Submission. Proof of Delivery. Message Flow Confidentiality. Anonymity. Containment. Annoying Text Format Issues. Disguising Data as Text. Names and Addresses. Old Messages. Case 1: The Dishonest Buyer. Case 2: The Solution Looking for a Problem. Homework.

13. Privacy Enhanced Mail (PEM).
Introduction. Structure of a PEM Message. Establishing Keys. Some PEM History. Certificate Hierarchy. Certificate Revocation Lists (CRLs). X.509 Certificates and CRLs. Reformatting Data to Get Through Mailers. General Structure of a PEM Message. Encryption. Source Authentication and Integrity Protection. Multiple Recipients. Bracketing PEM Messages. Remote Distribution List Exploders. Remote Exploding Using Public Keys. Remote Exploding Using Secret Keys. Mixing Key Types. Forwarding and Enclosures. Forwarding a Message. Canonicalization. Unprotected Information. Message Formats. ENCRYPTED, Public Key Variant. ENCRYPTED, Secret Key Variant. MIC-ONLY or MIC-CLEAR, Public Variant Key. MIC-ONLY or MIC-CLEAR, Secret Variant Key. CRL-RETRIEVAL-REQUEST. CRL. DES-CBC as MIC Doesn't Work. Homework.

14. PGP (Pretty Good Privacy).
Introduction. Overview. Key Distribution. Efficient Encoding. Certificate and Key Revocation. Signature Types. Your Private Key. Key Rings. Anomalies. File Name. People Names. Object Formats. Message Formats. Primitive Object Formats.

15. X.400.
Overview of X.400. Security Functions Possible with X.400. Structure of X.400 Message. Per-Message Security Fields. Per-Recipient Security Fields. Security Fields in the Token. Unencrypted Part of the Token. Encrypted Part of the Token. Fields for Probe Messages. Fields for Proof of Delivery. Fields for Proof of Submission. Security Fields for X.420.

16. A Comparison of PEM, PGP, and X.400.
Introduction. Certification Hierarchy. Certificate Distribution. Encryption. Encoding of Transmitted Messages. Cryptographic Algorithms Supported. Recipients with Multiple Keys. Mail-Intermediary-Provided Functions.

17. More Security Systems.
NetWare V3. NetWare V4. NetWare's Gillou-Quisquater Authentication Scheme. KryptoKnight. KryptoKnight Tickets. Authenticators. Nonces vs. Timestamps. Data Encryption. SNMP. DASS/SPX. DASS Certification Hierarchy. Obtaining the User's Private Key. DASS Authentication Handshake. DASS Authenticators. DADD Delegation. Saving Bits. Lotus Notes Security. ID Files. Coping with Export Controls. Certificates for Flat Names. Certificates for Hierarchical Names. Lotus Notes Authentication. Authentication Long-Term Secret. Mail. Certification Revocation. DCE Security. Microsoft Security. Network Denial of Service. Robust Broadcast. Robust Packet Delivery. Clipper. Key Escrow. Homework.

Bibliography.
Glossary.
Index.

    Appropriate for all graduate-level and upper-level courses in network or computer security.

    Widely regarded as the most comprehensive yet comprehensible guide to network security, the First Edition of Network Security received critical acclaim for its lucid and witty explanations of the inner workings of network security protocols. Now, in the Second Edition, this books exceptionally distinguished author team draws on its hard-won experience to illuminate every facet of information security, from the basics to advanced cryptography and authentication; secure Web and email services; and emerging security standards. Highlights of the books extensive new coverage include Advanced Encryption Standard (AES), IPsec, SSL, X.509 and related PKI standards, and Web security. The authors go far beyond documenting standards and technology: they contrast competing schemes, explain strengths and weaknesses, and identify the crucial errors most likely to compromise secure systems.

  • 0130460192Network Security: Private Communication in a Public World, 2/E
    Kaufman, Perlman & Speciner
    © 2003 | Prentice Hall | Cloth; 752 pages | Instock
    ISBN-10: 0130460192 | ISBN-13: 9780130460196
    Brief Description | Buy from myPearsonStore

A comprehensive yet comprehensible and witty guide to the latest advances in computer network security protocols. The author team includes Charlie Kaufman, currently chief security architect for Lotus Notes, and formerly Network Security Architect at Digital Equipment Corporation; best-selling author Radia Perlman, currently with Novell, and a specialist in the areas of bridging and routing. as well as sabotage-proof networks; and Mike Speciner, Chief Architect at ColorAge, an expert in number theory and operating systems, and formerly the security expert for Camex, Inc.

Network Security:

  • Examines the state of computer network security - what works, what doesn't, and why.
  • Explains clearly the cryptographic algorithms on which most network data systems depend.
  • Provides comprehensive descriptions of many authentication systems, including Kerberos, NetWare, Lotus notes, DASS, and KryptoKnight.
  • Offers a rigorous treatment of secure electronic mail standards, including PEM, PGP, and X.400.
  • Describes classic security pitfalls and how to avoid them when designing protocols.

In this books, the authors go beyond documenting standards and technology; they contrast competing schemes, explain weaknesses and strengths, and describe common mistakes people make when intending to design secure systems.

Network Security will appeal to a broad range of professionals, from those who have to design or evaluate security systems to system administrators and programmers who want a better understanding of this important field. It can also be used as a textbook at the graduate or advanced undergraduate level.

View a Sample Chapter PDF: /samplechapter/0130614661.pdf

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students, contact your Pearson Higher Education representative for pricing and ordering information.

This title is a member of the Radia Perlman Series in Computer Networking and Security, which also contains the titles below . You can also visit the Radia Perlman Series in Computer Networking and Security page.

    For years, Counter Hack has been the primary resource for every network/system administrator and security professional who needs a deep, hands-on understanding of hacker attacks and countermeasures. Now, leading network security experts Ed Skoudis and Tom Liston have thoroughly updated this best-selling guide, showing how to defeat today's newest, most sophisticated, and most destructive attacks.

  • 0131481045Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E
    Skoudis & Liston
    © 2006 | Prentice Hall | Paper; 784 pages | Instock
    ISBN-10: 0131481045 | ISBN-13: 9780131481046
    Brief Description | Buy from myPearsonStore

    • An administrator's guide to setting up and managing a wireless LAN. Will cover: speeds and feeds (802.11b vs 11a vs 11g) configuring an 802.11 NIC (network information center) in a Windows and Linux environment.

  • 0131014064Field Guide to Wireless LANs for Administrators and Power Users, A
    Maufer
    © 2004 | Prentice Hall | Paper; 368 pages | Out of Stock
    ISBN-10: 0131014064 | ISBN-13: 9780131014060
    Brief Description

    • Internet Denial of Service provides an in-depth look at the history and future of DDoS attacks. The authors draw on their extensive experience with actual DDoS attacks to offer practical methods for defending against and responding to such crimes. They also survey the commercial DDoS defense tools currently available and share the pros and cons of various defense strategies.
  • 0131475738Internet Denial of Service: Attack and Defense Mechanisms
    Mirkovic, Dietrich, Dittrich & Reiher
    © 2005 | Prentice Hall | Paper; 400 pages | Instock
    ISBN-10: 0131475738 | ISBN-13: 9780131475731
    Brief Description | Buy from myPearsonStore

    • Malicious code is a set of instructions that runs on your computer and makes

    your system do something that you do not want it to do. For example, it can

    delete sensitive configuration files from your hard drive, rendering your

    computer completely inoperable; infect your computer and use it as a jumpingoff

    point to spread to all of your buddies' computers; and steal files from your

    machine. Malicious code in the hands of a crafty attacker is indeed powerful.

    It's becoming even more of a problem because many of the very same factors

    fueling the evolution of the computer industry are making our systems even

    more vulnerable to malicious code. Specifically, malicious code writers benefit

    from the trends toward mixing static data and executable instructions,

    increasingly homogenous computing environments, unprecedented

    connectivity, an ever-larger clueless user base, and an unfriendly world. Skoudis

    addressed malicious code in just one chapter of his previous book. Here, a

    dozen chapters focus on one of the most interesting and rapidly developing

    areas of computer attacks.

    *Chapter 11, "Defender's Toolbox," rolls together the defensive strategies

    described in the book. As a bonus, Skoudis gives recipes for creating your own

    malicious code analysis laboratory using cheap hardware and software.

    *Foreword by Gene Schultz, security inspector for Global Integrity.

  • 0131014056Malware: Fighting Malicious Code
    Skoudis & Zeltser
    © 2004 | Prentice Hall | Paper; 672 pages | Instock
    ISBN-10: 0131014056 | ISBN-13: 9780131014053
    Brief Description | Buy from myPearsonStore

    • The book will focus on mobile networks which use IP or the Internet Protodol. Author is on IETF (Internet Eng Task Force) Group which has standardized Mobile IP and has worked inthis field at Motorola for many years. A good chunck of this book will focus on mobile IP routing and advanced mobile IP features. Author will also cover: security and firewalls in mobile IP nets, IPv6 mobility, multicasting, multi-protocol support, applications (intranet LAN to LAN, wireless LANS, conferencing, commercial wireless products).

  • 0138562466Mobile IP: The Internet Unplugged
    Solomon
    © 1998 | Prentice Hall | Paper; 384 pages | Instock
    ISBN-10: 0138562466 | ISBN-13: 9780138562465
    Brief Description | Buy from myPearsonStore

    • Appropriate for all graduate-level and upper-level courses in network or computer security.

    Widely regarded as the most comprehensive yet comprehensible guide to network security, the First Edition of Network Security received critical acclaim for its lucid and witty explanations of the inner workings of network security protocols. Now, in the Second Edition, this books exceptionally distinguished author team draws on its hard-won experience to illuminate every facet of information security, from the basics to advanced cryptography and authentication; secure Web and email services; and emerging security standards. Highlights of the books extensive new coverage include Advanced Encryption Standard (AES), IPsec, SSL, X.509 and related PKI standards, and Web security. The authors go far beyond documenting standards and technology: they contrast competing schemes, explain strengths and weaknesses, and identify the crucial errors most likely to compromise secure systems.

  • 0130460192Network Security: Private Communication in a Public World, 2/E
    Kaufman, Perlman & Speciner
    © 2003 | Prentice Hall | Cloth; 752 pages | Instock
    ISBN-10: 0130460192 | ISBN-13: 9780130460196
    Brief Description | Buy from myPearsonStore

  • 0137155883Network Security:Private Communications in a Public World, Safari, 2/E
    Kaufman, Perlman & Speciner
    © 2003 | Prentice Hall | On-line Supplement; 752 pages | Instock
    ISBN-10: 0137155883 | ISBN-13: 9780137155880
    URL: http://www.safari.informit.com


    • An implementation guide to optical networking from 2 cisco engineers. Topics covered will include: optical networking standards, optical technologies, Dense Wave Division Multiplexing, net generation intelligent optical networks, optical wavelength routing, routing with rsvp, dynamic packet transport and intelligent protection switching.

  • 013028226XNext Generation Optical Networks: The Convergence of IP Intelligence and Optical Technologies
    Tomsu & Schmutzer
    © 2002 | Prentice Hall | Paper; 352 pages | Instock
    ISBN-10: 013028226X | ISBN-13: 9780130282262
    Brief Description | Buy from myPearsonStore

    • PLEASE PROVIDE COURSE INFORMATION

    PLEASE PROVIDE

  • 0131014684Optimizing Network Performance with Content Switching: Server, Firewall and Cache Load Balancing
    Syme & Goldie
    © 2004 | Prentice Hall | Paper; 288 pages | Instock
    ISBN-10: 0131014684 | ISBN-13: 9780131014688
    Brief Description | Buy from myPearsonStore

  • 013233352XPowerPoint Slides
    Skoudis
    © 2007 | Prentice Hall | Slides | Estimated Availability: 09/25/2006
    ISBN-10: 013233352X | ISBN-13: 9780132333528


    • Appropriate for all courses in network or information security.

    This book teaches students how to secure any network, large or small. More than other books, it reflects the realities network administrators actually face on the front lines, where they are constantly under attack, and don't always get the support they need from their organizations. Former UUNet network architect Allan Liska addresses every facet of network security, including defining security models, access control, Web/DNS/email security, remote access and VPNs, wireless LAN/WAN security, day-to-day monitoring and logging, attack response, and more. He systematically identifies today's most widespread security mistakes and vulnerabilities, offering realistic and up-to-date solutions. He then integrates these techniques in an end-to-end case study, showing how to redesign an insecure enterprise network for maximum security, one step at a time.

  • 0130462233Practice of Network Security, The: Deployment Strategies for Production Environments
    Liska
    © 1996 | Prentice Hall | Paper; 416 pages | Instock
    ISBN-10: 0130462233 | ISBN-13: 9780130462237
    Brief Description | Buy from myPearsonStore

    • This book is the complete reference to today’s only Internet-based document

    authoring and management standard: WebDAV (Web-based Distributed

    Authoring and Versioning). If your work involves collaborative document

    authoring, document management or Web or print publishing, WebDAV is

    beginning to change the way you share documents with others.

    Until recently, the Web has been limited to download and display capabilities.

    HTTP editing functions do not allow multiple authors to work on the same

    document remotely and in a secure manner. Much Web content authoring is

    collaborative and occurs remotely. WebDAV is the first standard protocol to

    address this need. It builds on and extends HTTP to bring the same benefits to

    authoring that the Web has already brought to viewing content.

    The Web is finally becoming a true authoring medium.

    In the past year, support for WebDAV has greatly accelerated. Authors can

    now use WebDAV in products such as Dreamweaver and Adobe products

    such as Photoshop, GoLive and in the recently released version of

    Framemaker WebDAV is also being supported in the operating systems

    including MAC OS X and Windows XP.

  • 0130652083WebDAV: Next-Generation Collaborative Web Authoring
    Dusseault
    © 2004 | Prentice Hall | Paper; 480 pages | Instock
    ISBN-10: 0130652083 | ISBN-13: 9780130652089
    Brief Description | Buy from myPearsonStore

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students contact your Pearson Higher Education representative.


Copyright ©2008 Pearson Education. All rights reserved. Legal Notice | Privacy Policy | Permissions