- Paperback: 576 pages
- Publisher: Addison-Wesley Professional; 1 edition (Oct 11 2001)
- Language: English
- ISBN-10: 0201615991
- ISBN-13: 978-0201615999
- Product Dimensions: 23.8 x 18.6 x 3 cm
- Shipping Weight: 998 g
- Average Customer Review: 4.9 out of 5 stars See all reviews (8 customer reviews)
- Amazon Bestsellers Rank: #1,150,029 in Books (See Top 100 in Books)
- See Complete Table of Contents
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
Product Details |
Product Description
From Amazon
One of the key problems of computer security is that of guaranteeing that an entity (person or system) really is who he, she, or it claims to be. Authentication procedures may be very trusting (as for "guest" accounts with limited capability), moderately strong (your bank requires both a physical card and a PIN before it will dispense money from an ATM), or nearly foolproof (biometric devices, which examine--to cite two examples--retina scans or fingerprints). Authentication: From Passwords to Public Keys examines the whole range of authentication options and offers advice on which one might be right for your security requirements, budget, and tolerance for user inconvenience. As the "public keys" part of the title implies, this book also deals with some aspects of encryption.
Rather than present a menagerie of security techniques and explain their strengths and weaknesses in an academic way, Richard Smith demonstrates the strength of protection mechanisms in the only way that counts--he shows how they can be defeated, and at what expenditure of effort. He's also made lists of attacks, complete with assessments of the popularity of each and the particular risk it poses, and a similar list of defenses. Margin notes refer to list entries by number, so it's easy to see what problems and solutions are covered in a given passage of text--though there's no index of references to attacks and defenses by number. --David Wall
Topics covered: How to defend computer systems, primarily through the application of identity-verification techniques. Those covered include passwords (including the randomly generated kind, and their hashes), authentication by machine address, biometric examination, smart cards, and RSA public-key cryptography.
Book Description
This is the first comprehensive guide to authentication- making sure your users are who they say they are. Leading security consultant Richard Smith reviews every option for authentication, from passwords to biometrics, and virtually every application scenario -- offering practical guidance on choosing the best option, implementing it, and managing it. Smith begins by introducing the authentication landscape, explaining how todays authentication options have evolved from yesterdays timesharing systems, and showing how to estimate the prevalence of successful attacks. He presents detailed coverage of passwords, password selection, and the human issues associated with password-based authentication. Other key topics include- authentication for laptops and workstations, encryption, cryptographic keys, PIN numbers, biometrics, tokens, Windows 2000s Kerberos implementation, public and private keys, SSL, certificates, and more. For all network and security professionals.
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items. |
Customer Reviews
|
Share your thoughts with other customers:
|
||||||||||||||||||||||
|
Most helpful customer reviews
5.0 out of 5 stars
Really, really good book,
By Eric Kent (USA) - See all my reviews
This review is from: Authentication: From Passwords to Public Keys (Paperback)
Smith does a great job of writing about authentication while being vendor agnostic.The book provides everything you need to know about PKI and other crucial security topics.
1 of 1 people found the following review helpful
4.0 out of 5 stars
An exciting book on authentication, of all things? It is!,
By
This review is from: Authentication: From Passwords to Public Keys (Paperback)
An exciting book on authentication, of all things? Is such a thing even possible? Yes, Richard E. Smith proves it by publishing Authentication - a comprehensive guide to all things that authenticate or are authenticated. The book will educate you on more aspects of authentication than you ever wanted to know, but most likely you will enjoy it. As a security professional, I found the author's writing style to be excellent and even entertaining, a clear sign of writing by a true expert on the subject. Every obscure form of authentication protocol (have you heard of X9.17 lately?) finds its place in a book. Passwords, tokens, biometrics, various authentication protocols are all described and analyzed in great detail, in plain English and with multiple diagrams. Another valuable feature is that for every authentication protocol, the relevant attacks and defenses are outlined in every chapter summary. The attacks which are not covered by existing defenses ("residual attacks") are emphasized at the end as something to watch for. For example, a 'trojan horse' attack to steal authentication credentials is one of them - apparently there is no 100 percent reliable way to stop it. A chapter on passwords contains several creative ideas to make this ubiquitous form of authentication more effective, simultaneously more secure and more usable. It also answers some interesting password questions. When does it make no sense to enforce a complex non-dictionary password? How random is a random password from a dictionary? Why is a bank PIN of four digits secure enough for the job? When it is better to write a password down? Read the book and you will discover the answers! The book also explains public key crypto systems and their use for authentication (such as PKI). People issues of security also receive well-deserved coverage in a separate chapter. Various kinds of secrets used for people as passwords are outlined. An interesting discussion on choosing an initial password when providing system access reveals important aspects of this process that few people think about. For more technically inclined readers, straightforward analysis of complexities of Windows authentication (LANMAN, NTLM, Kerberos) and attacks against it is provided in a "Challenge Response Passwords" chapter. Computer scientists will find some insights on authentication algorithm design patterns. For less technical readers, understanding authentication based on Ali Baba and a cave of treasures will help to sort through the authentication system requirements and peculiarities. Overall, the book (while being targeted at security professionals) contains something for almost everyone interested in how computers tell that whoever is sitting at the console is who she says she is. Anton Chuvakin, Ph.D. is a senior security analyst with a major security company.
5.0 out of 5 stars
Amazing compilation of the Authentication Methods!,
By Christina Braz (Montreal (QC) Canada) - See all my reviews
This review is from: Authentication: From Passwords to Public Keys (Paperback)
It's a must for anyone who needs to have a deep and clear understanding of the world of the authentication.I'm a research assistant, having finished my Master of Sciences in Electronic Commerce (2003) in the Department of Computer Science and Operations Research at Université de Montréal (Montreal (QC) Canada) and who has written a master's thesis called "ASEMC-Authentication for a SEcure M-Commerce". The book has brought me great contributions in a very clear language even if it is a technical matter. It makes extensive use of pictures, schemas, and graphs that allow us easily understand the authentication methods. Actually, it makes use of the visual intelligence of each one of us!
Share your thoughts with other customers: Create your own review
Want to see more reviews on this item?
|
Most recent customer reviews |
Listmania!
Look for similar items by category
- Books > Computers & Internet > Business & Culture > Privacy
- Books > Computers & Internet > Computer Science > Software Engineering > Information Systems
- Books > Computers & Internet > Networking > Network Security
- Books > Computers & Internet > Networking > Networks, Protocols & APIs
- Books > Computers & Internet > Programming
- Books > Computers & Internet > Web Development > Security & Encryption > Encryption
Look for similar items by subject
Feedback
Would you like to update product info or give feedback on images?
|
