Network Security Essentials [Paperback]

"The tie, if I might suggest it, sir, a shade more tightly knotted. One aims at
the perfect butterfly effect. If you will permit me—"

"What does it matter, Jeeves, at a time like this? Do you realize that Mr. Little's domestic happiness is hanging in the scale?"

"There is no time, sir, at which ties do not matter."
— Very Good Jeeves! P.G. Wodehouse

In this age of universal electronic connectivity, of viruses and hackers, of electronic eavesdropping and electronic fraud, there is indeed no time at which security does not matter. Two trends have come together to make the topic of this book of vital interest. First, the explosive growth in computer systems and their interconnections via networks has increased the dependence of both organizations and individuals on the information stored and communicated using these systems. This, in turn, has led to a heightened awareness of the need to protect data and resources from disclosure, to guarantee the authenticity of data and messages, and to protect systems from network-based attacks. Second, the disciplines of cryptography and network security have matured, leading to the development of practical, readily available applications to enforce network security.

It is the purpose of this book to provide a practical survey of network security applications and standards. The emphasis is on applications that are widely used on the Internet and for corporate networks, and on standards, especially Internet standards, that have been widely deployed.

The book is intended for both an academic and a professional audience. As a textbook, it is intended as a one-semester undergraduate course on network security for computer science, computer engineering, and electrical engineering majors. The book also serves as a basic reference volume and is suitable for self-study.

The book is organized in three parts:

Part One — Cryptography: A concise survey of the cryptographic algorithms and protocols underlying network security applications, including encryption, hash functions, digital signatures, and key exchange

Part Two — Network Security Applications: Covers important network security tools and applications, including Kerberos, X.509v3 certificates, PGP, S/MIME, IP Security, SSL/TLS, SET, and SNMPv3

Part Three — System Security: Looks at system-level security issues, including the threat of and countermeasures for intruders and viruses, and the use of firewalls and trusted systems.

In addition, the book includes an extensive glossary, a list of frequently used acronyms, and a bibliography. Each chapter includes homework problems, review questions, a list of key words, suggestions for further reading, and recommended Web sites.

A more detailed, chapter-by-chapter summary of each part appears at the beginning of that part.

There is a Web page for this book that provides support for students and instructors. The page includes links to relevant sites, transparency masters of the figures and tables in the book in PDF (Adobe Acrobat) format, and sign-up information for the book's Internet mailing list.An Internet mailing list has been set up so that instructors using this book can exchange information, suggestions, and questions with each other and with the author.

For many instructors, an important component of a cryptography or security course is a project or set of projects by which the student gets hands-on experience to reinforce concepts from the text. This book provides an unparalleled degree of support for including a projects component in the course. The instructor's manual not only includes guidance on how to assign and structure the projects, but also includes a set of suggested projects that covers a broad range of topics from the text:

• Research Projects: A series of research assignments that instruct the student to research a particular topic on the Internet and write a report
• Programming Projects: A series of programming projects that cover a broad range of topics and that can be implemented in any suitable language on any platform
• Reading/Report Assignments: A list of papers in the literature, one for each chapter, that can be assigned for the student to read and then write a short report

See Appendix B for details.

This book is a spin-off from Cryptography and Network Security, Third Edition (CNS3e). CNS3e provides a substantial treatment of cryptography, including detailed analysis of algorithms and significant mathematical component, all of which covers almost 400 pages. Network Security Essentials: Applications and Standards (NSE2e) provides instead a concise overview of these topics in Chapters 2 and 3. NSE2e includes all of the remaining material of CNS3e. NSE2e also covers SNMP security, which is not covered in CNS3e. Thus, NSE2e is intended for college courses and professional readers where the interest is primarily in the application of network security, without the need or desire to delve deeply into cryptographic theory and principles.