Preface In this age of electronic connectivity, of viruses and hackers, of electronic eavesdropping and electronic fraud, network security has assumed increasing importance. Two trends have come together to make the topic of this book of vital interest. First, the explosive growth in computer systems and their interconnections via networks has increased the dependence of both organizations and individuals on the information stored and communicated using these systems. This, in turn, has led to a heightened awareness of the need to protect data and resources from disclosure, to guarantee the authenticity of data and messages, and to protect systems from network-based attacks. Second, the disciplines of cryptography and network security have matured, leading to the development of practical, readily available applications to enforce network security. Objectives It is the purpose of this book to provide a practical survey of network security applications and standards. The emphasis is on applications that are widely used on the Internet and for corporate networks, and on standards, especially Internet standards, that have been widely deployed. Intended Audience The book is intended for both an academic and a professional audience. As a textbook, it is intended as a one-semester undergraduate course on network security for computer science, computer engineering, and electrical engineering majors. The book also serves as a basic reference volume and is suitable for self-study. Plan of the Book The book is organized in three parts: I. Cryptography: A concise survey of the cryptographic algorithms and protocols
report underlying network security applications, including encryption, hash functions,
digital signatures, and key exchange.
See Appen~ II.
Network Security Applications: Covers important network security tools and
applications, including Kerberos, X.509v3 certificates, PGP, S/MIME, IP Secu-
rity, SSL/TLS, SET, and SNMPv3. III.
System Security: Looks at system-level security issues, including the threat of
and countermeasures for intruders and viruses, and the use of firewalls and
trusted systems. This book i A more detailed, chapter-by-chapter summary appears at the end of Chapter ~
(CNS2e). 1. In addition, the book includes an extensive glossary, a list of frequently used
detailed anInternet Services for Instructors and Students There is a Web page for this book that provides support for students and instruc tors. The page includes links to relevant sites, transparency masters of figures in the book in PDF (Adobe Acrobat) format, and sign-up information for the book's Internet mailing list. The Web page is at shore/-ws/NetSec.html. An Internet mailing list has been set up so that instructors using this book can exchange information, suggestions, and questions with each other and with the author. As soon as typos or other errors are discovered, an errata list for this book will be available at shore/-ws. Projects for Teaching Network Security For many instructors, an important component of a cryptography or security course is a project or set of projects by which the student gets hands-on experience to rein force concepts from the text. This book provides an unparalleled degree of support for including a projects component in the course. The instructor's manual not only includes guidance on how to assign and structure the projects, but also includes a set of suggested projects that covers a broad range of topics from the text:
• Research Projects: A series of research assignments that instruct the student
to research a particular topic on the Internet and write a report. •
Programming Projects: A series of programming projects that cover a broad range of topics and that can be implemented in any suitable language on any platform. •
Reading/Report Assignments: A list of papers in the literature, one for each chapter, that can be assigned for the student to read and then write a short report. See Appendix B for details. Realtionship to Crytography and Network Security, Second Edition This book is on spin-off from Cryptography and Network Security, Second Edition (CNS2e). CNS2e provides a substantial treatment of cryptography, including detailed analysis of algorithms and a significant mathematical component, the whole of which covers over 300 pages. Network Security Essentials: Applications and Standards (NSEle) provides instead a concise overview of these topics in Chapters 2 and 3. NSEle includes all of the remaining material of CNS2e, with updates. NSEle also covers SNMP security, which is not covered in CNS2e. Thus, NSEle is intended for college courses and professional readers where the interest is primarily in the application of network security, without the need or desire to delve deeply in to cryptographic theory and principles.
As we enter the age of universal electronic connectivity in which viruses, hackers, electronic eavesdropping, and electronic fraud can threaten the prosperity and productivity of corporations and individuals, security is increasingly important. Fortunately, the discipline of network security has matured, leading to the development of practical, available applications to enforce network security. This book provides an integrated, comprehensive, up-to-date coverage of internet-based security tools and applications vital to any treatment of data communications or networking.
Best-selling author and four-time winner of the TEXTY Award for the best computer science and engineering text, William Stallings provides a practical survey of both the principles and practice of network security.
Well organized to provide the optimal sequence for classroom instruction and self-study, this text includes these key features.
Covers important network security tools and applications, including Kerberos, X.509v3, PGP, S/MIME, IP security, SSL/TLS, and SET.
Chapters on Web security and network management security (SNMPv3).
Looks at system-level security issues, including the threat of and countermeasures for intruders and viruses, and the use of firewalls and trusted systems.
On-line transparency masters, an Internet mailing list, and links to relevant Web sites are available at