Stallings covers the basics of network and Internet security by illuminating the issues and the technical responses to problems of network security. The book has ten chapters in two parts: “Internetwork Security Principles” and “Internetwork Security Practice.” In spite of the word “internetwork” in the part titles, the book is principally about cryptography and its applications.
The first chapter is an overview, which deals with the characteristics of networks and internetworks that require protection. There follows an extensive discussion of attacks, security services, and security mechanisms, which sets the stage for the balance of the book.
Chapter 2, “Conventional Encryption,” deals with conventional (symmetric) single-key encryption, including the Data Encryption Standard (DES) in its various modes. The DES discussion is thorough, although the discussion of differential cryptanalysis is not as informative as it might have been.
Chapter 3, “Confidentiality Using Conventional Encryption,” starts with a discussion of the placement of the encryption functions. An extended section on key distribution as a fundamental problem in any kind of cryptographic application follows.
Chapter 4, “Public Key Encryption,” covers the principles of public key cryptosystems, including the Knapsack problem and the RSA algorithm. It includes a thorough discussion of key management issues. The chapter has two appendices, “An Introduction to Number Theory” and “The Complexity of Algorithms.”
Chapter 5, “Authentication and Digital Signatures,” covers the requirements for each, and includes sections on cryptographic checksums, hash functions, digital signatures, and authentication protocols.
The final chapter of Part 1, “Intruders, Viruses and Worms,” deals with various kinds of network attacks. This is where trusted systems enter the picture (much too late for my taste).
Part 2 has four chapters. The first chapter of this section, “Cryptographic Algorithms,” covers the MD5 message digest algorithm, the secure hash algorithm, IDEA, SKIPJACK, and the LUC public key algorithm.
Chapter 8, “Authentication and Key Exchange,” includes an extended discussion of Kerberos, X.509 Directory Authentication Service, the Diffie-Hellman key exchange, and the Digital Signature Standard. Three appendices cover Kerberos encryption techniques, discrete logarithms, and a proof of the DSS algorithm.
Chapter 9, “Electronic Mail Security,” presents two possibly competing approaches to the problem, PGP and PEM. The three appendices, covering data compression using Zip, Radix-64 compression, and PGP’s random number generation scheme, are only partially or tangentially related to the chapter’s main topics.
The final chapter, “Network Management Security,” includes sections on the Simple Network Management Protocol (SNMP), the SNMPv1 community facility, and the SNMPv2 security facility.
The balance of the book contains a glossary, a list of standards and specifications used, an extensive set of references, and an index.
Each chapter (except the first) includes problems. No answers are provided, but as most of them are essay questions, it is not clear that answers are required. The chapters are well illustrated with diagrams and tables that summarize the key points.
The part of the book I enjoyed most was the appendices. The author does a good job of showing the mathematical basis for most of modern cryptography. He writes clearly and provides enough detail for anyone interested in the problems to follow.
While a few of the juxtapositions are not intuitive, overall the book reads easily and well. It appears to be well suited for an undergraduate or first-year graduate course in network security. The chapter appendices explaining the relevant math help those of us who are not number theorists understand what is going on. Because of all of the detail provided, the book is eminently suited for self-study.
The book, although not designed as such, is a convenient quick reference to the more important technical components of modern network security. I recommend it unreservedly to anyone in the computer or network security field. No matter how much you think you know, you will learn something of value from this book.
