rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9780130460196

Network Security Private Communication in a Public World

by ; ;
  • ISBN13:

    9780130460196

  • ISBN10:

    0130460192

  • Edition: 2nd
  • Format: Hardcover
  • Copyright: 2002-04-22
  • Publisher: Prentice Hall
  • View Upgraded Edition

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $89.99 Save up to $25.20
  • Buy Used
    $64.79
    Add to Cart Free Shipping Icon Free Shipping

    USUALLY SHIPS IN 24-48 HOURS

Summary

The classic guide to network security--now fully updated!"Bob and Alice are back!"Widely regarded as the most comprehensive yet comprehensible guide to network security, the first edition of Network Security received critical acclaim for its lucid and witty explanations of the inner workings of network security protocols. In the second edition, this most distinguished of author teams draws on hard-won experience to explain the latest developments in this field that has become so critical to our global network-dependent society."Network Security, Second Edition" brings together clear, insightful, and clever explanations of every key facet of information security, from the basics to advanced cryptography and authentication, secure Web and email services, and emerging security standards. Coverage includes: All-new discussions of the Advanced Encryption Standard (AES), IPsec, SSL, and Web securityCryptography: In-depth, exceptionally clear introductions to secret and public keys, hashes, message digests, and other crucial conceptsAuthentication: Proving identity across networks, common attacks against authentication systems, authenticating people, and avoiding the pitfalls of authentication handshakesCore Internet security standards: Kerberos 4/5, IPsec, SSL, PKIX, and X.509Email security: Key elements of a secure email system-plus detailed coverage of PEM, S/MIME, and PGPWeb security: Security issues associated with URLs, HTTP, HTML, and cookiesSecurity implementations in diverse platforms, including Windows, NetWare, and Lotus NotesThe authors go far beyond documenting standards and technology: Theycontrast competing schemes, explain strengths and weaknesses, and identify the crucial errors most likely to compromise secure systems. Network Security will appeal to a wide range of professionals, from those who design or evaluate

Author Biography

CHARLIE KAUFMAN is a Distinguished Engineer at IBM, where he is Chief Security Architect for Lotus Notes and Domino. Previously, he was the Network Security Architect at Digital Equipment Corporation. He chaired the IETF's Web Transaction Security working group and currently serves on the IAB, the IETF's architecture board.

RADIA PERLMAN, Distinguished Engineer at Sun Microsystems, is known worldwide for her contributions to bridging (spanning tree algorithm) and routing (link state routing) as well as security (sabotage-proof networks). Perlman is the author of Interconnections: Bridges, Routers, Switches, and Internetworking Protocols, and she is one of the 25 people whose work has most influenced the networking industry, according to Data Communications magazine.

MIKE SPECINER is a Senior Consulting Engineer at ThinkEngine Networks and is a recognized expert in mathematical algorithms and operating systems.

Combined, this author team holds close to 100 patents.

Table of Contents

Acknowledgments xxv
Introduction
1(40)
Roadmap to the Book
2(1)
What Type of Book Is This?
3(1)
Terminology
4(2)
Notation
6(1)
Primer on Networking
7(8)
OSI Reference Model
7(1)
IP, UDP, and TCP
8(1)
Directory Service
9(2)
Replicated Services
11(1)
Packet Switching
11(1)
Network Components
12(1)
Destinations: Ultimate and Next-Hop
13(1)
Address Structure
14(1)
Active vs. Passive Attacks
15(1)
Layers and Cryptography
15(1)
Authorization
15(1)
Tempest
16(1)
Key Escrow for Law Enforcement
17(2)
Key Escrow for Careless Users
19(1)
Viruses, Worms, Trojan Horses
19(8)
Where Do They Come From?
20(3)
Spreading Pests from Machine to Machine
23(1)
Virus Checkers
24(1)
What Can We Do Today?
25(1)
Wish List for the Future
26(1)
The Multi-level Model of Security
27(9)
Mandatory (Nondiscretionary) Access Controls
28(1)
Levels of Security
29(1)
Mandatory Access Control Rules
29(1)
Covert Channels
30(2)
The Orange Book
32(3)
Successors to the Orange Book
35(1)
Legal Issues
36(5)
Patents
36(1)
Export Controls
37(4)
CRYPTOGRAPHY
Introduction to Cryptography
41(18)
What Is Cryptography?
41(4)
Computational Difficulty
42(1)
To Publish or Not to Publish
43(1)
Secret Codes
44(1)
Breaking an Encryption Scheme
45(2)
Ciphertext Only
45(1)
Known Plaintext
46(1)
Chosen Plaintext
46(1)
Types of Cryptographic Functions
47(1)
Secret Key Cryptography
47(3)
Security Uses of Secret Key Cryptography
47(1)
Transmitting Over an Insecure Channel
48(1)
Secure Storage on Insecure Media
48(1)
Authentication
48(1)
Integrity Check
49(1)
Public Key Cryptography
50(4)
Security Uses of Public Key Cryptography
52(1)
Transmitting Over an Insecure Channel
52(1)
Secure Storage on Insecure Media
52(1)
Authentication
53(1)
Digital Signatures
54(1)
Hash Algorithms
54(3)
Password Hashing
55(1)
Message Integrity
56(1)
Message Fingerprint
56(1)
Downline Load Security
57(1)
Digital Signature Efficiency
57(1)
Homework
57(2)
Secret Key Cryptography
59(36)
Introduction
59(1)
Generic Block Encryption
59(3)
Data Encryption Standard (DES)
62(13)
DES Overview
64(2)
The Permutations of the Data
66(1)
Generating the Per-Round Keys
67(2)
A DES Round
69(1)
The Mangler Function
70(4)
Weak and Semi-Weak Keys
74(1)
What's So Special About DES?
74(1)
International Data Encryption Algorithm (IDEA)
75(6)
Primitive Operations
75(2)
Key Expansion
77(1)
One Round
78(1)
Odd Round
78(1)
Even Round
79(1)
Inverse Keys for Decryption
80(1)
Does IDEA Work?
81(1)
Advanced Encryption Standard (AES)
81(11)
Basic Structure
82(2)
Primitive Operations
84(3)
What about the inverse cipher?
87(2)
Key Expansion
89(1)
Rounds
90(1)
Inverse Rounds
91(1)
Optimization
91(1)
RC4
92(1)
Homework
92(3)
Modes of Operation
95(22)
Introduction
95(1)
Encrypting a Large Message
95(10)
Electronic Code Book (ECB)
96(1)
Cipher Block Chaining (CBC)
97(2)
CBC Threat 1---Modifying Ciphertext Blocks
99(1)
CBC Threat 2---Rearranging Ciphertext Blocks
100(1)
Output Feedback Mode (OFB)
101(1)
Cipher Feedback Mode (CFB)
102(2)
Counter Mode (CTR)
104(1)
Generating MACs
105(4)
Ensuring Privacy and Integrity Together
106(1)
CBC with a Weak Cryptographic Checksum
107(1)
CBC Encryption and CBC Residue with Related Keys
108(1)
CBC with a Cryptographic Hash
108(1)
Offset Codebook Mode (OCB)
108(1)
Multiple Encryption DES
109(5)
How Many Encryptions?
111(1)
Encrypting Twice with the Same Key
111(1)
Encrypting Twice with Two Keys
111(1)
Triple Encryption with only Two Keys
112(1)
CBC Outside vs. Inside
113(1)
Homework
114(3)
Hashes and Message Digests
117(30)
Introduction
117(4)
Nifty Things to Do with a Hash
121(7)
Authentication
123(1)
Computing a MAC with a Hash
123(2)
Encryption with a Message Digest
125(1)
Generating a One-Time Pad
125(1)
Mixing In the Plaintext
126(1)
Using Secret Key for a Hash
126(1)
UNIX Password Hash
126(1)
Hashing Large Messages
127(1)
MD2
128(5)
MD2 Padding
129(1)
MD2 Checksum Computation
129(2)
MD2 Final Pass
131(2)
MD4
133(3)
MD4 Message Padding
133(1)
Overview of MD4 Message Digest Computation
133(2)
MD4 Message Digest Pass 1
135(1)
MD4 Message Digest Pass 2
135(1)
MD4 Message Digest Pass 3
136(1)
MD5
136(4)
MD5 Message Padding
137(1)
Overview of MD5 Message Digest Computation
137(1)
MD5 Message Digest Pass 1
138(1)
MD5 Message Digest Pass 2
138(1)
MD5 Message Digest Pass 3
139(1)
MD5 Message Digest Pass 4
139(1)
SHA-1
140(2)
SHA-1 Message Padding
140(1)
Overview of SHA-1 Message Digest Computation
140(1)
SHA-1 Operation on a 512-bit Block
141(1)
HMAC
142(1)
Homework
143(4)
Public Key Algorithms
147(38)
Introduction
147(1)
Modular Arithmetic
148(4)
Modular Addition
148(1)
Modular Multiplication
149(2)
Modular Exponentiation
151(1)
RSA
152(9)
RSA Algorithm
152(1)
Why Does RSA Work?
153(1)
Why Is RSA Secure?
153(1)
How Efficient Are the RSA Operations?
154(1)
Exponentiating with Big Numbers
154(2)
Generating RSA Keys
156(1)
Finding Big Primes p and q
156(2)
Finding d and e
158(1)
Having a Small Constant e
158(2)
Optimizing RSA Private Key Operations
160(1)
Arcane RSA Threats
161(2)
Smooth Numbers
161(1)
The Cube Root Problem
162(1)
Public-Key Cryptography Standard (PKCS)
163(3)
Encryption
163(1)
Encryption---Take 2
164(1)
Signing
165(1)
Diffie-Hellman
166(6)
The Bucket Brigade/Man-in-the-Middle Attack
167(2)
Defenses Against Man-in-the-Middle Attack
169(1)
Published Diffie-Hellman Numbers
169(1)
Authenticated Diffie-Hellman
169(1)
Encryption with Diffie-Hellman
170(1)
ElGamal Signatures
170(1)
Diffie-Hellman Details---Safe Primes
171(1)
Digital Signature Standard (DSS)
172(5)
The DSS Algorithm
172(2)
Why Does the Verification Procedure Work?
174(1)
Why Is This Secure?
174(1)
The DSS Controversy
175(1)
Per-Message Secret Number
176(1)
How Secure Are RSA and Diffie-Hellman?
177(1)
Elliptic Curve Cryptography (ECC)
178(1)
Zero Knowledge Proof Systems
179(3)
Zero Knowledge Signatures
181(1)
Homework Problems
182(3)
Number Theory
185(12)
Introduction
185(1)
Modular Arithmetic
185(1)
Primes
186(1)
Euclid's Algorithm
187(3)
Finding Multiplicative Inverses in Modular Arithmetic
189(1)
Chinese Remainder Theorem
190(2)
Zn*
192(2)
Euler's Totient Function
194(1)
Euler's Theorem
194(1)
A Generalization of Euler's Theorem
195(1)
Homework Problems
195(2)
Math with AES and Elliptic Curves
197(18)
Introduction
197(1)
Notation
197(1)
Groups
198(2)
Fields
200(6)
Polynomials
201(3)
Finite Fields
204(1)
What Sizes Can Finite Fields Be?
205(1)
Representing a Field
205(1)
Mathematics of Rijndael
206(3)
A Rijndael Round
207(2)
Elliptic Curve Cryptography
209(1)
Homework
210(5)
AUTHENTICATION
Overview of Authentication Systems
215(22)
Password-Based Authentication
215(4)
Off- vs. On-Line Password Guessing
217(1)
Storing User Passwords
217(2)
Address-Based Authentication
219(3)
Network Address Impersonation
221(1)
Cryptographic Authentication Protocols
222(1)
Who Is Being Authenticated?
223(1)
Passwords as Cryptographic Keys
223(1)
Eavesdropping and Server Database Reading
224(2)
Trusted Intermediaries
226(7)
KDCs
227(1)
Certification Authorities (CAs)
228(1)
Certificate Revocation
229(1)
Multiple Trusted Intermediaries
230(1)
Multiple KDC Domains
230(2)
Multiple CA Domains
232(1)
Session Key Establishment
233(1)
Delegation
234(2)
Homework
236(1)
Authentication of People
237(20)
Passwords
238(1)
On-Line Password Guessing
238(3)
Off-Line Password Guessing
241(2)
How Big Should a Secret Be?
243(1)
Eavesdropping
244(1)
Passwords and Careless Users
245(4)
Using a Password in Multiple Places
246(1)
Requiring Frequent Password Changes
246(1)
A Login Trojan Horse to Capture Passwords
247(1)
Non-Login Use of Passwords
248(1)
Initial Password Distribution
249(1)
Authentication Tokens
250(3)
Physical Access
253(1)
Biometrics
253(2)
Homework
255(2)
Security Handshake Pitfalls
257(34)
Login Only
258(6)
Shared Secret
258(4)
One-Way Public Key
262(2)
Mutual Authentication
264(5)
Reflection Attack
264(2)
Password Guessing
266(1)
Public Keys
267(1)
Timestamps
268(1)
Integrity/Encryption for Data
269(5)
Shared Secret
269(2)
Two-Way Public Key Based Authentication
271(1)
One-Way Public Key Based Authentication
272(1)
Privacy and Integrity
272(2)
Mediated Authentication (with KDC)
274(6)
Needham-Schroeder
275(2)
Expanded Needham-Schroeder
277(1)
Otway-Rees
278(2)
Nonce Types
280(2)
Picking Random Numbers
282(2)
Performance Considerations
284(1)
Authentication Protocol Checklist
285(3)
Homework
288(3)
Strong Password Protocols
291(16)
Introduction
291(1)
Lamport's Hash
292(3)
Strong Password Protocols
295(5)
The Basic Form
295(1)
Subtle Details
296(2)
Augmented Strong Password Protocols
298(1)
SRP (Secure Remote Password)
299(1)
Strong Password Credentials Download Protocols
300(1)
Homework
301(6)
STANDARDS
Kerberos V4
307(30)
Introduction
307(1)
Tickets and Ticket-Granting Tickets
308(1)
Configuration
309(1)
Logging Into the Network
310(4)
Obtaining a Session Key and TGT
310(1)
Alice Asks to Talk to a Remote Node
311(3)
Replicated KDCs
314(1)
Realms
315(1)
Interrealm Authentication
316(1)
Key Version Numbers
317(1)
Encryption for Privacy and Integrity
318(2)
Encryption for Integrity Only
320(1)
Network Layer Addresses in Tickets
321(1)
Message Formats
322(14)
Tickets
324(1)
Authenticators
325(1)
Credentials
326(2)
AS_REQ
328(1)
TGS_REQ
328(1)
AS_REP and TGS_REP
329(2)
Error Reply from KDC
331(1)
AP_REQ
331(1)
AP_REP
332(1)
Encrypted Data (KRB_PRV)
333(1)
Integrity-Checked Data (SAFE)
333(2)
AP_ERR
335(1)
Homework
336(1)
Kerberos V5
337(34)
ASN.1
337(2)
Names
339(1)
Delegation of Rights
339(3)
Ticket Lifetimes
342(2)
Renewable Tickets
342(1)
Postdated Tickets
343(1)
Key Versions
344(1)
Making Master Keys in Different Realms Different
344(1)
Optimizations
345(1)
Cryptographic Algorithms
345(4)
Integrity-Only Algorithms
346(1)
rsa-md5-des
346(1)
des-mac
347(1)
des-mac-k
348(1)
rsa-md4-des
348(1)
rsa-md4-des-k
348(1)
Encryption for Privacy and Integrity
349(1)
Hierarchy of Realms
349(3)
Evading Password-Guessing Attacks
352(1)
Key Inside Authenticator
353(1)
Double TGT Authentication
353(1)
PKINIT---Public Keys for Users
354(1)
KDC Database
355(1)
Kerberos V5 Messages
356(13)
Authenticator
356(1)
Ticket
357(1)
AS_REQ
357(2)
TGS_REQ
359(1)
AS_REP
360(2)
TGS_REP
362(1)
AP_REQ
362(1)
AP_REP
363(1)
KRB_SAFE
363(1)
KRB_PRIV
364(1)
KRB_CRED
364(1)
KRB_ERROR
365(4)
Homework
369(2)
PKI (Public Key Infrastructure)
371(32)
Introduction
371(1)
Some Terminology
372(1)
PKI Trust Models
372(10)
Monopoly Model
372(1)
Monopoly plus Registration Authorities (RAs)
373(1)
Delegated CAs
373(1)
Oligarchy
374(1)
Anarchy Model
375(1)
Name Constraints
376(1)
Top-Down with Name Constraints
376(1)
Bottom-Up with Name Constraints
377(3)
Relative Names
380(1)
Name Constraints in Certificates
380(1)
Policies in Certificates
381(1)
Revocation
382(2)
Revocation Mechanisms
383(1)
Delta CRLs
383(1)
First Valid Certificate
384(1)
OLRS Schemes
384(1)
Good-lists vs. Bad-lists
385(1)
Directories and PKI
386(3)
Store Certificates with Subject or Issuer?
387(1)
Finding Certificate Chains
388(1)
PKIX and X. 509
389(2)
Names
389(1)
OIDs
390(1)
Specification of Time
391(1)
X.509 and PKIX Certificates
391(4)
X.509 and PKIX CRLs
395(1)
Authorization Futures
395(6)
ACL (Access Control List)
396(1)
Central Administration/Capabilities
396(1)
Groups
397(1)
Cross-Organizational and Nested Groups
397(1)
Roles
398(2)
Anonymous Groups
400(1)
Homework
401(2)
Real-time Communication Security
403(20)
What Layer?
403(3)
Session Key Establishment
406(1)
Perfect Forward Secrecy
407(2)
PFS-Foilage
409(1)
Denial-of-Service/Clogging Protection
410(2)
Cookies
410(1)
Puzzles
411(1)
Endpoint Identifier Hiding
412(1)
Live Partner Reassurance
413(2)
Arranging for Parallel Computation
415(1)
Session Resumption
416(1)
Plausible Deniability
416(1)
Data Stream Protection
417(2)
Negotiating Crypto Parameters
419(1)
Easy Homework
420(1)
Homework
420(3)
IPsec: AH and ESP
423(18)
Overview of IPsec
423(4)
Security Associations
423(1)
Security Association Database
424(1)
Security Policy Database
424(1)
AH and ESP
424(1)
Tunnel, Transport Mode
425(2)
Why Protect the IP Header?
427(1)
IP and IPv6
427(5)
NAT (Network Address Translation)
428(1)
Firewalls
429(1)
IPv4 Header
430(1)
IPv6 Header
431(1)
AH (Authentication Header)
432(3)
Mutable, Immutable
433(1)
Mutable but Predictable
434(1)
ESP (Encapsulating Security Payload)
435(1)
So, Do We Need AH?
436(1)
Comparison of Encodings
437(1)
Easy Homework
438(1)
Homework
438(3)
IPsec: IKE
441(36)
Photuris
442(1)
Skip
443(1)
History of IKE
444(1)
IKE Phases
445(1)
Phase 1 IKE
446(16)
Aggressive Mode and Main Mode
446(2)
Key Types
448(1)
Proof of Identity
449(1)
Cookie Issues
450(1)
Negotiating Cryptographic Parameters
451(1)
Session Keys
452(2)
Message IDs
454(1)
Phase 2/Quick Mode
454(1)
Traffic Selectors
454(1)
The IKE Phase 1 Protocols
455(1)
Public Signature Keys, Main Mode
455(1)
Public Signature Keys, Aggressive Mode
456(1)
Public Encryption Key, Main Mode, Original
457(1)
Public Encryption Key, Aggressive Mode, Original
458(1)
Public Encryption Key, Main Mode, Revised
458(1)
Public Encryption Key, Aggressive Mode, Revised
459(1)
Shared Secret Key, Main Mode
459(1)
Shared Secret Key, Aggressive Mode
460(2)
Phase-2 IKE: Setting up IPsec SAs
462(1)
ISAKMP/IKE Encoding
463(13)
Fixed Header
465(2)
Payload Portion of ISAKMP Messages
467(1)
SA Payload
467(1)
Ps and Ts within the SA Payload
468(1)
Payload Length in SA, P, and T Payloads
468(1)
Type of Next Payload
468(1)
SA Payload Fields
469(1)
P Payload
470(1)
T Payload
471(1)
KE Payload
472(1)
ID Payload
472(1)
Cert Payload
473(1)
Certificate Request Payload
474(1)
Hash/Signature/Nonce Payloads
474(1)
Notify Payload
474(1)
Vendor ID Payload
475(1)
Homework
476(1)
SSL/TLS
477(24)
Introduction
477(1)
Using TCP
477(1)
Quick History
477(1)
SSL/TLS Basic Protocol
478(2)
Session Resumption
480(1)
Computing the Keys
481(1)
Client Authentication
482(1)
PKI as Deployed by SSL
482(1)
Version Numbers
483(1)
Negotiating Cipher Suites
484(2)
Who Makes the Decision?
485(1)
Cipher Suite Names
485(1)
Negotiating Compression Method
486(1)
Attacks Fixed in v3
486(1)
Downgrade Attack
486(1)
Truncation Attack
486(1)
Exportability
487(3)
Exportability in SSLv2
487(1)
Exportability in SSLv3
488(1)
Server Gated Cryptography/Step-Up
489(1)
Encoding
490(7)
Encrypted Records
491(1)
Handshake Messages
492(1)
ClientHello
493(1)
ServerHello
493(1)
ServerHelloDone
493(1)
ClientKeyExchange
494(1)
ServerKeyExchange
494(1)
CertificateRequest
495(1)
Certificate
495(1)
Certificate Verify
496(1)
HandshakeFinished
496(1)
ChangeCipherSpec
496(1)
Alerts
497(1)
Further Reading
497(1)
Easy Homework
497(1)
Homework
498(3)
ELECTRONIC MAIL
Electronic Mail Security
501(28)
Distribution Lists
501(3)
Store and Forward
504(1)
Security Services for Electronic Mail
505(1)
Establishing Keys
506(2)
Establishing Public Keys
507(1)
Establishing Secret Keys
507(1)
Privacy
508(2)
End-to-End Privacy
508(1)
Privacy with Distribution List Exploders
509(1)
Authentication of the Source
510(2)
Source Authentication Based on Public Key Technology
510(1)
Source Authentication Based on Secret Keys
511(1)
Source Authentication with Distribution Lists
512(1)
Message Integrity
512(2)
Message Integrity without Source Authentication
513(1)
Non-Repudiation
514(2)
Non-Repudiation Based on Public Key Technology
514(1)
Plausible Deniability Based on Public Key Technology
514(1)
Non-Repudiation with Secret Keys
515(1)
Proof of Submission
516(1)
Proof of Delivery
516(1)
Message Flow Confidentiality
517(1)
Anonymity
517(2)
Containment
519(1)
Annoying Text Format Issues
519(4)
Disguising Data as Text
521(2)
Names and Addresses
523(1)
Verifying When a Message Was Really Sent
524(1)
Preventing Backdating
524(1)
Preventing Postdating
525(1)
Homework
525(4)
PEM & S/MIME
529(38)
Introduction
529(1)
Structure of a PEM Message
530(3)
Establishing Keys
533(1)
Some PEM History
534(2)
PEM Certificate Hierarchy
536(2)
Certificate Revocation Lists (CRLs)
538(1)
Reformatting Data to Get Through Mailers
539(1)
General Structure of a PEM Message
540(1)
Encryption
541(1)
Source Authentication and Integrity Protection
542(1)
Multiple Recipients
543(1)
Bracketing PEM Messages
544(3)
Forwarding and Enclosures
547(2)
Forwarding a Message
547(2)
Unprotected Information
549(1)
Message Formats
550(8)
Encrypted, Public Key Variant
551(3)
Encrypted, Secret Key Variant
554(2)
MIC-Only or MIC-Clear, Public Key Variant
556(1)
MIC-Only and MIC-Clear, Secret Key Variant
557(1)
CRL-Retrieval-Request
558(1)
CRL
558(1)
DES-CBC and MIC Doesn't Work
558(3)
Differences in S/MIME
561(3)
S/MIME Certificate Hierarchy
564(1)
S/MIME with a Public Certifier
564(1)
S/MIME with an Organizational Certifier
564(1)
S/MIME with Certificates from Any Old CA
564(1)
Homework
565(2)
PGP (Pretty Good Privacy)
567(18)
Introduction
567(1)
Overview
568(1)
Key Distribution
569(2)
Efficient Encoding
571(1)
Certificate and Key Revocation
572(1)
Signature Types
573(1)
Your Private Key
573(1)
Key Rings
574(1)
Anomalies
574(1)
File Name
574(1)
People Names
575(1)
Object Formats
575(10)
Message Formats
576(1)
Primitive Object Formats
577(8)
LEFTOVERS
Firewalls
585(10)
Packet Filters
588(1)
Application Level Gateway
589(2)
Encrypted Tunnels
591(1)
Comparisons
592(1)
Why Firewalls Don't Work
592(1)
Denial-of-Service Attacks
593(1)
Should Firewalls Go Away?
594(1)
More Security Systems
595(40)
NetWare V3
595(2)
NetWare V4
597(5)
NetWare's Guillou-Quisquater Authentication Scheme
600(2)
KryptoKnight
602(3)
KryptoKnight Tickets
603(1)
Authenticators
604(1)
Nonces vs. Timestamps
604(1)
Data Encryption
605(1)
DASS/SPX
605(4)
DASS Certification Hierarchy
605(1)
Login Key
606(1)
DASS Authentication Handshake
606(2)
DASS Authenticators
608(1)
DASS Delegation
608(1)
Saving Bits
609(1)
Lotus Notes Security
609(8)
ID Files
610(1)
Coping with Export Controls
611(1)
Certificates for Hierarchical Names
612(1)
Certificates for Flat Names
613(1)
Lotus Notes Authentication
614(2)
The Authentication Long-Term Secret
616(1)
Mail
616(1)
Certification Revocation
617(1)
DCE Security
617(5)
Microsoft Windows Security
622(4)
LAN Manager and NTLM
622(2)
Windows 2000 Kerberos
624(2)
Network Denial of Service
626(3)
Robust Broadcast
626(2)
Robust Packet Delivery
628(1)
Clipper
629(4)
Key Escrow
632(1)
Homework
633(2)
Web Issues
635(18)
Introduction
635(1)
URLs/URIs
636(2)
HTTP
638(1)
HTTP Digest Authentication
639(2)
Cookies
641(4)
Alternatives to Cookies
641(1)
Cookies Rules
642(1)
Tracking Users
643(2)
Other Web Security Problems
645(5)
Spoofing a Site to a User
645(1)
Merchants Unclear on the Concept
646(1)
Getting Impersonated by a Subsequent User
646(1)
Cross-Site Scripting
647(2)
Poisoning Cookies
649(1)
Other Misuse of Cookies
649(1)
Homework
650(3)
Folklore
653(22)
Perfect Forward Secrecy
653(1)
Change Keys Periodically
654(1)
Multiplexing Flows over a Single SA
655(2)
The Splicing Attack
655(1)
Service Classes
656(1)
Different Cryptographic Algorithms
656(1)
Use Different Keys in the Two Directions
657(1)
Use Different Secret Keys for Encryption vs. Integrity Protection
657(1)
Use Different Keys for Different Purposes
658(1)
Use Different Keys for Signing vs. Encryption
658(1)
Have Both Sides Contribute to the Master Key
659(1)
Don't Let One Side Determine the Key
659(1)
Hash in a Constant When Hashing a Password
660(1)
HMAC Rather than Simple MD
661(1)
Key Expansion
661(1)
Randomly Chosen IVs
662(1)
Use of Nonces in Protocols
663(1)
Don't Let Encrypted Data Begin with a Constant
663(1)
Don't Let Encrypted Data Begin with a Predictable Value
664(1)
Compress Data Before Encrypting It
664(1)
Don't Do Encryption Only
665(1)
Avoiding Weak Keys
665(1)
Minimal vs. Redundant Designs
666(1)
Overestimate the Size of Key
666(1)
Hardware Random Number Generators
667(1)
Timing Attacks
667(1)
Put Checksums at the End of Data
668(1)
Forward Compatibility
669(3)
Options
669(1)
Version Numbers
670(1)
Version Number Field Must Not Move
670(1)
Negotiating Highest Version Supported
670(1)
Minor Version Number Field
671(1)
Vendor Options
672(1)
Negotiating Parameters
672(1)
Homework
673(2)
Bibliography 675(10)
Glossary 685(18)
Index 703

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program