文件名称:Network Security: Private Communication in a Public World, Second Edition
文件大小:5.16MB
文件格式:CHM
更新时间:2013-04-10 23:20:28
network security kaufman
Network Security: Private Communication in a Public World, Second Edition By Charlie Kaufman, Radia Perlman, Mike Speciner ............................................... Publisher: Prentice Hall Pub Date: April 22, 2002 Print ISBN-10: 0-13-046019-2 Print ISBN-13: 978-0-13-046019-6 Web ISBN-10: 0-13-715588-3 Web ISBN-13: 978-0-13-715588-0 Pages: 752 Copyright The Radia Perlman Series in Computer Networking and Security Acknowledgments Chapter 1. Introduction Section 1.1. Roadmap to the Book Section 1.2. What Type of Book Is This? Section 1.3. Terminology Section 1.4. Notation Section 1.5. Primer on Networking Section 1.6. Active vs. Passive Attacks Section 1.7. Layers and Cryptography Section 1.8. Authorization Section 1.9. Tempest Section 1.10. Key Escrow for Law Enforcement Section 1.11. Key Escrow for Careless Users Section 1.12. Viruses, Worms, * Horses Section 1.13. The Multi-Level Model of Security Section 1.14. Legal Issues Part 1: Cryptography Chapter 2. Introduction to Cryptography Section 2.1. What Is Cryptography? Section 2.2. Breaking an Encryption Scheme Section 2.3. Types of Cryptographic Functions Section 2.4. Secret Key Cryptography Section 2.5. Public Key Cryptography Section 2.6. Hash Algorithms Section 2.7. Homework Chapter 3. Secret Key Cryptography Section 3.1. Introduction Section 3.2. Generic Block Encryption Section 3.3. Data Encryption Standard (DES) Section 3.4. International Data Encryption Algorithm (IDEA) Section 3.5. Advanced Encryption Standard (AES) Section 3.6. RC4 Section 3.7. Homework Chapter 4. Modes of Operation Section 4.1. Introduction Section 4.2. Encrypting a Large Message Section 4.3. Generating MACs Section 4.4. Multiple Encryption DES Section 4.5. Homework Chapter 5. Hashes and Message Digests Section 5.1. Introduction Section 5.2. Nifty Things to Do with a Hash Section 5.3. MD2 Section 5.4. MD4 Section 5.5. MD5 Section 5.6. SHA-1 Section 5.7. HMAC Section 5.8. Homework Chapter 6. Public Key Algorithms Section 6.1. Introduction Section 6.2. Modular Arithmetic Section 6.3. RSA Section 6.4. Diffie-Hellman Section 6.5. Digital Signature Standard (DSS) Section 6.6. How Secure Are RSA and Diffie-Hellman? Section 6.7. Elliptic Curve Cryptography (ECC) Section 6.8. Zero Knowledge Proof Systems Section 6.9. Homework Problems Chapter 7. Number Theory Section 7.1. Introduction Section 7.2. Modular Arithmetic Section 7.3. Primes Section 7.4. Euclid's Algorithm Section 7.5. Chinese Remainder Theorem Section 7.6. Zn* Section 7.7. Euler's Totient Function Section 7.8. Euler's Theorem Section 7.9. Homework Problems Chapter 8. Math with AES and Elliptic Curves Section 8.1. Introduction Section 8.2. Notation Section 8.3. Groups Section 8.4. Fields Section 8.5. Mathematics of Rijndael Section 8.6. Elliptic Curve Cryptography Section 8.7. Homework Part 2: Authentication Chapter 9. Overview of Authentication Systems Section 9.1. Password-Based Authentication Section 9.2. Address-Based Authentication Section 9.3. Cryptographic Authentication Protocols Section 9.4. Who Is Being Authenticated? Section 9.5. Passwords as Cryptographic Keys Section 9.6. Eavesdropping and Server Database Reading Section 9.7. Trusted Intermediaries Section 9.8. Session Key Establishment Section 9.9. Delegation Section 9.10. Homework Chapter 10. Authentication of People Section 10.1. Passwords Section 10.2. On-Line Password Guessing Section 10.3. Off-Line Password Guessing Section 10.4. How Big Should a Secret Be? Section 10.5. Eavesdropping Section 10.6. Passwords and Careless Users Section 10.7. Initial Password Distribution Section 10.8. Authentication Tokens Section 10.9. Physical Access Section 10.10. Biometrics Section 10.11. Homework Chapter 11. Security Handshake Pitfalls Section 11.1. Login Only Section 11.2. Mutual Authentication Section 11.3. Integrity/Encryption for Data Section 11.4. Mediated Authentication (with KDC) Section 11.5. Nonce Types Section 11.6. Picking Random Numbers Section 11.7. Performance Considerations Section 11.8. Authentication Protocol Checklist Section 11.9. Homework Chapter 12. Strong Password Protocols Section 12.1. Introduction Section 12.2. Lamport's Hash Section 12.3. Strong Password Protocols Section 12.4. Strong Password Credentials Download Protocols Section 12.5. Homework Part 3: Standards Chapter 13. Kerberos V4 Section 13.1. Introduction Section 13.2. Tickets and Ticket-Granting Tickets Section 13.3. Configuration Section 13.4. Logging Into the Network Section 13.5. Replicated KDCs Section 13.6. Realms Section 13.7. Interrealm Authentication Section 13.8. Key Version Numbers Section 13.9. Encryption for Privacy and Integrity Section 13.10. Encryption for Integrity Only Section 13.11. Network Layer Addresses in Tickets Section 13.12. Message Formats Section 13.13. Homework Chapter 14. Kerberos V5 Section 14.1. ASN.1 Section 14.2. Names Section 14.3. Delegation of Rights Section 14.4. Ticket Lifetimes Section 14.5. Key Versions Section 14.6. Making Master Keys in Different Realms Different Section 14.7. Optimizations Section 14.8. Cryptographic Algorithms Section 14.9. Hierarchy of Realms Section 14.10. Evading Password-Guessing Attacks Section 14.11. Key Inside Authenticator Section 14.12. Double TGT Authentication Section 14.13. PKINITÂPublic Keys for Users Section 14.14. KDC Database Section 14.15. Kerberos V5 Messages Section 14.16. Homework Chapter 15. PKI (Public Key Infrastructure) Section 15.1. Introduction Section 15.2. Some Terminology Section 15.3. PKI Trust Models Section 15.4. Revocation Section 15.5. Directories and PKI Section 15.6. PKIX and X.509 Section 15.7. X.509 and PKIX Certificates Section 15.8. Authorization Futures Section 15.9. Homework Chapter 16. Real-Time Communication Security Section 16.1. What Layer? Section 16.2. Session Key Establishment Section 16.3. Perfect Forward Secrecy Section 16.4. PFS-Foilage Section 16.5. Denial-of-Service/Clogging Protection Section 16.6. Endpoint Identifier Hiding Section 16.7. Live Partner Reassurance Section 16.8. Arranging for Parallel Computation Section 16.9. Session Resumption Section 16.10. Plausible Deniability Section 16.11. Data Stream Protection Section 16.12. Negotiating Crypto Parameters Section 16.13. Easy Homework Section 16.14. Homework Chapter 17. IPsec: AH and ESP Section 17.1. Overview of IPsec Section 17.2. IP and IPv6 Section 17.3. AH (Authentication Header) Section 17.4. ESP (Encapsulating Security Payload) Section 17.5. So, Do We Need AH? Section 17.6. Comparison of Encodings Section 17.7. Easy Homework Section 17.8. Homework Chapter 18. IPsec: IKE Section 18.1. Photuris Section 18.2. SKIP Section 18.3. History of IKE Section 18.4. IKE Phases Section 18.5. Phase 1 IKE Section 18.6. Phase-2 IKE: Setting up IPsec SAs Section 18.7. ISAKMP/IKE Encoding Section 18.8. Homework Chapter 19. SSL/TLS Section 19.1. Introduction Section 19.2. Using TCP Section 19.3. Quick History Section 19.4. SSL/TLS Basic Protocol Section 19.5. Session Resumption Section 19.6. Computing the Keys Section 19.7. Client Authentication Section 19.8. PKI as Deployed by SSL Section 19.9. Version Numbers Section 19.10. Negotiating Cipher Suites Section 19.11. Negotiating Compression Method Section 19.12. Attacks Fixed in v3 Section 19.13. Exportability Section 19.14. Encoding Section 19.15. Further Reading Section 19.16. Easy Homework Section 19.17. Homework Part 4: Electronic Mail Chapter 20. Electronic Mail Security Section 20.1. Distribution Lists Section 20.2. Store and Forward Section 20.3. Security Services for Electronic Mail Section 20.4. Establishing Keys Section 20.5. Privacy Section 20.6. Authentication of the Source Section 20.7. Message Integrity Section 20.8. Non-Repudiation Section 20.9. Proof of Submission Section 20.10. Proof of Delivery Section 20.11. Message Flow Confidentiality Section 20.12. Anonymity Section 20.13. Containment Section 20.14. Annoying Text Format Issues Section 20.15. Names and Addresses Section 20.16. Verifying When a Message was Really Sent Section 20.17. Homework Chapter 21. PEM & S/MIME Section 21.1. Introduction Section 21.2. Structure of a PEM Message Section 21.3. Establishing Keys Section 21.4. Some PEM History Section 21.5. PEM Certificate Hierarchy Section 21.6. Certificate Revocation Lists (CRLs) Section 21.7. Reformatting Data to Get Through Mailers Section 21.8. General Structure of a PEM Message Section 21.9. Encryption Section 21.10. Source Authentication and Integrity Protection Section 21.11. Multiple Recipients Section 21.12. Bracketing PEM Messages Section 21.13. Forwarding and Enclosures Section 21.14. Unprotected Information Section 21.15. Message Formats Section 21.16. DES-CBC as MIC Doesn't Work Section 21.17. Differences in S/MIME Section 21.18. S/MIME Certificate Hierarchy Section 21.19. Homework Chapter 22. PGP (Pretty Good Privacy) Section 22.1. Introduction Section 22.2. Overview Section 22.3. Key Distribution Section 22.4. Efficient Encoding Section 22.5. Certificate and Key Revocation Section 22.6. Signature Types Section 22.7. Your Private Key Section 22.8. Key Rings Section 22.9. Anomalies Section 22.10. Object Formats Part 5: Leftovers Chapter 23. Firewalls Section 23.1. Packet Filters Section 23.2. Application Level Gateway Section 23.3. Encrypted Tunnels Section 23.4. Comparisons Section 23.5. Why Firewalls Don't Work Section 23.6. Denial-of-Service Attacks Section 23.7. Should Firewalls Go Away? Chapter 24. More Security Systems Section 24.1. NetWare V3 Section 24.2. NetWare V4 Section 24.3. KryptoKnight Section 24.4. DASS/SPX Section 24.5. Lotus Notes Security Section 24.6. DCE Security Section 24.7. Microsoft Windows Security Section 24.8. Network Denial of Service Section 24.9. Clipper Section 24.10. Homework Chapter 25. Web Issues Section 25.1. Introduction Section 25.2. URLs/URIs Section 25.3. HTTP Section 25.4. HTTP Digest Authentication Section 25.5. Cookies Section 25.6. Other Web Security Problems Section 25.7. Homework Chapter 26. Folklore Section 26.1. Perfect Forward Secrecy Section 26.2. Change Keys Periodically Section 26.3. Multiplexing Flows over a Single SA Section 26.4. Use Different Keys in the Two Directions Section 26.5. Use Different Secret Keys for Encryption vs. Integrity Protection Section 26.6. Use Different Keys for Different Purposes Section 26.7. Use Different Keys for Signing vs. Encryption Section 26.8. Have Both Sides Contribute to the Master Key Section 26.9. Don't Let One Side Determine the Key Section 26.10. Hash in a Constant When Hashing a Password Section 26.11. HMAC Rather than Simple MD Section 26.12. Key Expansion Section 26.13. Randomly Chosen IVs Section 26.14. Use of Nonces in Protocols Section 26.15. Don't Let Encrypted Data Begin with a Constant Section 26.16. Don't Let Encrypted Data Begin with a Predictable Value Section 26.17. Compress Data Before Encrypting It Section 26.18. Don't Do Encryption Only Section 26.19. Avoiding Weak Keys Section 26.20. Minimal vs. Redundant Designs Section 26.21. Overestimate the Size of Key Section 26.22. Hardware Random Number Generators Section 26.23. Timing Attacks Section 26.24. Put Checksums at the End of Data Section 26.25. Forward Compatibility Section 26.26. Negotiating Parameters Section 26.27. Homework Bibliography Glossary Index