From the book lists at Adware Report:

 All information current as of 13:59:57 Pacific Time, Monday, 21 February 2005.

Internet Cryptography

   by Richard E. Smith

  Paperback:
    Addison-Wesley Pub Co
    15 January, 1997

   US$19.77 

   Usually ships in 24 hours

Click the button below to . . .

    
(which will add the book to your Amazon U.S.A. "Shopping Cart")

. . . or use your browser's Back button to return to the search-list page.
Editorial description(s):

Amazon.com
For all the talk about the Internet's very real security weaknesses, information safety is not all that difficult to achieve. Yes, most Internet technology does a better job of making information accessible than it does of protecting privacy. Still, modern cryptographic products and techniques have made more than adequate security available to just about anyone who needs it. In Internet Cryptography, network security consultant Richard Smith explains the basics of online security. He avoids getting technical with too much cryptographic theory or the mathematics behind the magic. Instead he focuses on providing just enough information to enable information systems managers and administrators to make wise decisions. In fact, Smith pays close attention to matters of system configuration and operation, showing how even the best encryption methods can be ruined by careless operation. From there, Smith explains how today's techniques can protect information from being forged, altered, or stolen. Smith devotes most of his discussion of various cryptographic options to products that are presently on the market. Therefore, the techniques he describes are generally within the reach of most businesses and organizations. He progresses from the simplest to most complex approach, examining the strengths and weaknesses of each. As a result, readers wind up with a solid understanding of cryptographic security as well as a good feel for the level of security they require.


Book News, Inc.
Written by a security expert, demystifies the essesntials of cryptography, covering how encryption is used, strengths and weaknesses, and what to look for when building or choosing solutions. -- Copyright © 1999 Book News, Inc., Portland, OR All rights reserved


Book Info
An overview of how encrypton is used, its strengths & weaknesses for internet security as written by a security expert focusing on modernday cryptography; demystifying its applications for today's security challenges. Paper. DLC: Internet (Computer network).


From the Back Cover
strengths and weaknesses, and what to look for when building or choosing real-world solutions. This is a must-have book for anyone considering the deployment of an important system relying on modern cryptography."
- Marcus J. Ranum
Chief Scientist, V-ONE Corporation

Here, in one comprehensive, soup-to-nuts book, is the solution for Internet security: modern-day cryptography. Written by a security expert with a wealth of practical experience, this book covers network and Internet security in terms that are easy to understand, using proven technology, systems, and solutions. From the client workstation to the Web host to the e-mail server, every aspect of this important topic is examined and explained. The once-daunting subject of cryptography is demystified and applied to today's security challenges. Topics include:

  • Essentials of cryptography
  • Networking and Internet fundamentals
  • Encryption building blocks
  • Virtual private networks
  • Legal considerations
  • Setting realistic security objectives
  • Secured electronic mail
  • World Wide Web transaction security
  • Internet Firewalls


This book is written for people who want to move data safely across the Internet and protect corporate resources from unauthorized access. Using real-life case studies, examples, and commercially available software products, cryptography is presented as a practical solution to specific, everyday security challenges.



0201924803B04062001


About the Author
Richard E. Smith works for Secure Computing Corporation where he provides consulting services in network security to commercial and government organizations, including the National Security Agency. He has also served as principal systems engineer for military network guard systems and the Sidewinder Internet Firewall. He frequently lectures, writes, and conducts seminars on cryptography and computer security. He holds an M.S. and Ph.D. in computer science from the University of Minnesota and a B.S. in engineering from Boston University.

0201924803AB06252001


Excerpt. © Reprinted by permission. All rights reserved.


This book is about delivering data safely across unsafe territory. The features that give the Internet its vitality also make it unsafe, like the streets of a major city. People do not walk carelessly in a vital, teeming city. Likewise, a careful person approaches the Internet with caution. Business data that crosses the public Internet can be forged, modified, or stolen. The Internet's technology and style don't fit well in the traditional mold of common carrier communications, so traditional security techniques don't fit well either.



Cryptography has emerged as the only alternative to protect Internet data, and it does the job well. Modern crypto techniques have evolved from the secret codes of decades past, brilliantly augmented with a deep knowledge of modern mathematics. New cryptographic products and technologies have been developed particularly for Internet applications. This book describes the principal techniques used in today's products, how they work, and how to use them. While we must talk about people "cracking" codes, we will spend far more time looking at system configurations and operating procedures. Configuration and operating errors have often been the bane of crypto system security. Mathematical details alone don't ensure the security of practical crypto systems. Even the most capable products can be defeated by carelessness.



Effective use of crypto systems requires a clear understanding of what your security objectives are and how they depend on important system properties. This book applies cryptographic techniques to particular Internet security goals like site protection, message secrecy, or transaction security. These goals are lined up against today's off-the-shelf products to show which are best suited to meet particular business and security objectives.

Who This Book is For



This book is intended for people who know very little about cryptography but need to make technical decisions about cryptographic security. Many people face this situation when they need to transmit business data safely over the Internet. This often includes people responsible for the data, like business analysts and managers, as well as those who must install and maintain the protections, like information systems administrators and managers. These people are the book's primary audience. Cryptographic concepts are explained using diagrams to illustrate component relationships and data flows. At every step we examine the relationship between the security measures and the vulnerabilities they address. This will guide readers in safely applying cryptographic techniques.



This book requires no prior knowledge of cryptography or related mathematics. Descriptions of low-level crypto mechanisms focus on presenting the concepts instead of the details. Programmers and product developers must look elsewhere for implementation details, and each chapter ends with a list of appropriate references. However, developers will still find a few useful insights here, like why crypto experts are so picky about mathematical arcana like random number generators ("No, it's a pseudorandom number generator!") or why their theoretically unbreakable system is vulnerable to attack.



This book also contains some general tutorial material about the Internet Protocol (IP) and its cousins, but it is best if readers already have a general familiarity with computers, networking, and the Internet. In particular, it helps if readers already understand the notion of message and packet formatting-in other words, your information must be embedded in other information for the network to deliver it correctly.

How this Book is Organized



We start with cryptographic basics, apply them to product evaluation, and then look at example deployment to achieve various business and security objectives . When we understand the risks against which various security measures might protect, we can reasonably trade off between conflicting techniques. Each chapter ends with a list of references that may provide you with deeper explanations when needed. If your particular problem cannot be solved with available products, the references can provide the technical details for implementing custom solutions.



This book is organized around a small number of basic security objectives that are addressed by a few basic Internet cryptographic technologies. The objective of extending one's internal site via the Internet is illustrated with link encryption and network encryption using the IP Security Protocol (IPSEC). The objective of transaction security is illustrated using Secure Socket Layer (SSL) as applied to the World Wide Web. Message-based security is illustrated using Pretty Good Privacy (PGP) and Privacy Enhanced Mail (PEM).

Chapter Summary



The book's contents fall roughly into three parts, starting with low-level but simple techniques and working upward to high-level, complex crypto systems.

A Typical Chapter



Most chapters follow the same general organization. A typical chapter introduces a security service and a particular cryptographic mechanism underlying that service. Chapter information is usually organized in these general sections:

Crypto Today and Tomorrow



The crypto mechanisms and products appearing in this book were chosen because they illustrate what people can buy off the shelf and use today. Simple, commercially available solutions are given preference over more sophisticated techniques that require extensive vendor support or custom engineering. Naturally this limits the discussion to a fraction of what the technologies can do. However, it is risky to speculate about the behavior of nonexistent products. Countless implementation details will affect their practical effectiveness, so it's pointless to speculate about how they might best work.



This book does not try to predict which future technologies will succeed or fail as easy-to-use products. An elaborate cryptographic infrastructure for safely sharing keys among computer users worldwide has been on the drawing boards for more than a dozen years; the enabling technology and its relatively modest success in off-the-shelf products is described in Chapter 12. Likewise, the chapters on IP security focus on today's products and not on the draft standards for tomorrow. The future is left to future books.

Comments and Questions



Send comments and questions via Internet e-mail to . While I tried to focus on techniques that have been used successfully, many of the techniques have not seen extensive use. I'd value any "war stories" or "been there; done that" evaluations based on personal experience. I regret that I can't guarantee a personal reply to every e-mail I receive, but I will try to respond.



0201924803P04062001


Book Description
"This book provides an excellent overview of how encryption is used, its strengths and weaknesses, and what to look for when building or choosing real-world solutions. This is a must-have book for anyone considering the deployment of an important system relying on modern cryptography." - Marcus J. Ranum, Chief Scientist, V-ONE Corporation.

Here, in one comprehensive, soup-to-nuts book, is the solution for Internet security: modern-day cryptography. Written by a security expert with a wealth of practical experience, this book covers network and Internet security in terms that are easy to understand, using proven technology, systems, and solutions. From the client workstation to the Web host to the e-mail server, every aspect of this important topic is examined and explained. The once-daunting subject of cryptography is demystified and applied to today's security challenges. Topics include: essentials of cryptography; networking and Internet fundamentals; encryption building blocks; virtual private networks; legal considerations; setting realistic security objectives; secured electronic mail; World Wide Web transaction security; and Internet Firewalls.

This book is written for people who want to move data safely across the Internet and protect corporate resources from unauthorized access. Using real-life case studies, examples, and commercially available software products, cryptography is presented as a practical solution to specific, everyday security challenges.




Reader review(s):

Right to the Point, March 21, 1999
This book at will give you just what you want to know. If you want to get into the bits and Bytes then you read every page and you will be a cryptography expert. If however you just need a broad understanding of the subject then skipping the Bits and bytes will do fine. I sell VPN solutions for a living and this book was a real help.

Very good overview of cryptography on the internet, October 21, 2000


This is a solid, if a little dry and sometimes a bit out of date, high-level overview of cryptography as it is used on the Internet. There are no equations or lines of code, so if you're looking to implement anything this is the wrong book. However if you're looking to learn about IPSEC, public-key crypto, secret keys, SSL, virtual private networks and things like that this is the right book.



The familiar cryptographic couple Alice and Bob are used in many examples to illustrate four general types of attacks made by "Henry the Forger", "Peeping Tom", "Play-it-again Sam" and "Bailey the Switcher". These are used throughout the book and this really simplifies understanding of how various types of cryptography can be attacked. Another one of the strengths of this book is lots of useful pointers to other books and Internet sites to provide supplementary information.



I'm not going to give this book 5 stars because to me that's a perfect book. However I highly doubt you'll be disappointed with this book as an overview to cryptography and how it is used on the Internet.

Very good intro, March 19, 1998
I read this book as I was beginning to research the IPSEC protocol suite and its applications, and I found it to be an invaluable introduction. Anyone interested in how the encryption protocols work on the Internet, or interested in deploying virtual private networking, ought to read this book. The only caveat is that this stuff gets out of date very fast - IPSEC has already been revised since this book came out.

A great handbook for network cryptography, October 30, 2001
I've had this book for a couple years, and find myself going back to it consistently (and recommending it to others on a regular basis). It covers all of the crypto concepts & protocols in an easily readable, thorough fashion. For understanding IPsec, digital signatures, hardware crypto devices, and much more it's a great read. The only reason I don't give it 5 stars is that the SSL connection isn't as complete as I'd like... and for that, I'd get Eric Rescorla's "SSL and TLS".

Of the 100 or so security books on my shelf, this is one of the handful that I refer to on a regular basis.

If this man were a blues musician he'd be blowing the truth!, July 20, 2003
In a sea of charlatans and ego-bloated boasters Richard E. Smith stands as a beacon to whom all technical authors should aspire. As an author, trainer, technical editor and Microsoft security consultant I have amassed a huge library of security books. When I need a refresher on the basics or I'm prepping for YACE (Yet Another Certification Exam) or I just need the solace of an extremely well turned technical phrase, I pickup my well-thumbed copy of Internet Cryptography.

In fact that's the only error in the entire book - the title. The title should reflect the fact that it embraces the majority of fundamental concepts regarding networked computer security. Get it, read it and experience one of the best technical writers in the field! Also consider buying his book on Authentication. Hanging out with Mr. Smith is money and time well-spent.

This book is also absolutely essential to any security professional attempting certification be it CISSP, SANS, Security+, Microsoft or Cisco, et al.
{end of page}

(Page code from the SEO Tools, Toys, and Packages site)