(NOTE: Each chapter concludes with For Further Information.)
Preface.
Who This Book Is For.How This Book Is Organized.Crypto Today and
Tomorrow.Comments and Questions.
Acknowledgments.
1. Introduction.
The Basic Problem.Essentials of Crypto.Crypto Is Hard to
Use.Balancing Crypto Use with Your Objectives.Essentials of
Networking and the Internet.Protocol Layers and Network
Products.Internet Technology.Internet Protocols in Your Host.The
Internet Security Problem.An Internet Rogue's Gallery.Setting
Realistic Security Objectives.Appropriate Communications
Security.Communications Security Goals.Internet Crypto
Techniques.Legal Restrictions.
2. Encryption Basics.
Encryption Building Blocks.Stream Ciphers.Block Ciphers.How Crypto
Systems Fail.Cryptanalysis and Modern Codes.Brute Force Cracking of
Secret Keys.Attacks on Improper Crypto Use.Choosing Between Strong
and Weak Crypto.Properties of Good Crypto Algorithms.Crypto
Algorithms to Consider.Selecting a Block Cipher Mode.Identifying a
Safe Key Length.Levels of Risk for Different Applications.
3. Link Encryption.
Security Objectives.Product Example: In-line Encryptor.Red/Black
Separation.Crypto Algorithm and Keying.Encryptor
Vulnerabilities.Product Security Requirements.Deployment Example:
Point-to-Point Encryption.Point-to-Point Practical
Limitations.Physical Protection and Control.Deployment Security
Requirements.Deployment Example: IP-routed Configuration.Site
Protection.Networkwide Security.Deployment Security
Requirements.Key Recovery and Escrowed Encryption.
4. Managing Secret Keys.
Security Objectives.Basic Issues in Secret Key
Management.Technology: Random Key Generation.Random
Seeding.Pseudorandom Number Generators.Technical Security
Requirements.Deployment Example: Manual Key Distribution.Preparing
Secret Keys for Delivery.Batch Generation of Keys.Printing Keys on
Paper.Key Packaging and Delivery.Key Splitting for Safer
Delivery.Deployment Security Requirements.Technology: Automatic
Rekeying.ANSI X9.17 Point-to-Point Rekeying.Variations of
X9.17.Technical Security Requirements.Key Distribution Centers
(KDCs).Maintaining Keys and System Security.
5. Security at the IP Layer.
Security Objectives.Basic Issues with Using IPSEC.Technology:
Cryptographic Checksums.One-way Hash Functions.Technical Security
Requirements.IPSEC: IP Security Protocol.IPSEC Authentication.IPSEC
Encryption.IPSEC Key Management.Other TCP/IP Network Security
Protocols.
6. Virtual Private Networks.
Security Objectives.Basic Issues with VPNs.Technology: IPSEC Proxy
Cryptography.ESP Tunnel Mode.ESP Transport Mode.Product Example:
IPSEC Encrypting Router.Blocking Classic Internet Attacks.Product
Security Requirements.Deployment Example: Site-to-Site
Encryption.Header Usage and Security.Deployment Security
Requirements.
7. Remote Access with IPSEC.
Security Objectives.Basic Issues with IPSEC Clients.Product
Example: IPSEC Client.Client Security Associations.Client
Self-Defense on the Internet.Client Theft and Key
Protection.Product Security Requirements.Deployment Example:
Client-to-Server Site Access.Remote Access Security
Issues.Deployment Security Requirements.
8. IPSEC and Firewalls.
Security Objectives.Basic Issues with IPSEC and Firewalls.Internet
Firewalls.What Firewalls Control.How Firewalls Control
Access.Firewall Control Mechanisms.Product Example: IPSEC
Firewall.Administering Multiple Sites.Product Security
Requirements.Deployment Example: A VPN with a Firewall.Establishing
a Site Security Policy.Chosen Plaintext Attack on a
Firewall.Deployment Security Requirements.
9. Public Key Crypto and SSL.
Public Key Cryptography.Evolution of Public Key
Crypto.Diffie-Hellman Public Key Technique.Brute Force Attacks on
RSA.Other RSA Vulnerabilities.Technical Security
Requirements.Technology: Secret Key Exchange with RSA
Crypto.Attacking Public Key Distribution.Public Key versus Secret
Key Exchange.Technical Security Requirements.Secure Sockets
Layer.Other SSL Properties.Basic Attacks Against SSL.SSL Security
Evolution.
10. World Wide Web Transaction Security.
Security Objectives.Basic Issues in Internet Transaction
Security.Transactions on the World Wide Web.Transactions with Web
Forms.Web Form Security Services.Security Alternatives for Web
Forms.Password Protection.Network-level Security
(IPSEC).Transport-level Security (SSL).Application-level Security
(SHTTP).Client Authentication Alternatives.Product Example: Web
Browser with SSL.Browser Cryptographic Services.Authentication
Capabilities.Client Security and Executable Contents.Product
Security Requirements.Product Example: Web Server with SSL.Web
Server Vulnerabilities.Mandatory Protection.Product Security
Requirements.Deployment Example: Vending with Exportable
Encryption.Export Restrictions and Transaction Security.Site
Configuration.Deployment Security Requirements.
11. Secured Electronic Mail.
Security Objectives.Basic Issues with E-Mail Security.Basics of
Internet Electronic Mail.Internet E-Mail Software
Architecture.E-Mail Security Problems.Technology: Off-line Message
Keying.Encryption Tokens.Technical Security
Requirements.Technology: Digital Signatures.Attacks on Digital
Signatures.The Digital Signature Standard.Technical Security
Requirements.Product Example: Secure E-Mail Client.Basic Secure
Client Features.E-Mail Client Security Issues.Product Security
Requirements.E-Mail Deployment.
12. Public Key Cerificates.
Security Objectives.Distributing Public Keys.Technology: Public Key
Certificates.Generating Public Key Pairs.Certificate
Revocation.Certification Authority Workstation.Technical Security
Requirements.Certificate Distribution.Transparent
Distribution.Interactive Distribution.Centralized Certification
Authority.Netscape Server Authentication.Handling Multiple
Certification Authorities.Hierarchical Certification Authority.PEM
Internet Certification Hierarchy.Private Trees.PGP “Web of
Trust”.For Further Information.
Appendix A: Glossary.
Appendix B: Bibliography.
Index. 0201924803T01282002
Richard E. Smith works for Secure Computing Corporation
where he provides consulting services in network security to
commercial and government organizations, including the National
Security Agency. He has also served as principal systems engineer
for military network guard systems and the Sidewinder Internet
Firewall. He frequently lectures, writes, and conducts seminars on
cryptography and computer security. He holds an M.S. and Ph.D. in
computer science from the University of Minnesota and a B.S. in
engineering from Boston University.
0201924803AB06252001
Ask a Question About this Product More... |