2008, Volume 11, Issue 1
The Book Corner Recommends:
Network Security Essentials: Applications and Standards, Third Edition
By William Stallings
Pearson Prentice Hall, 2007
The concepts discussed in Network Security Essentials should inspire managers to pay more attention to their own security and control policies.
Not for the faint of heart, Network Security Essentials delves into the black art of electronic security, including cryptography, e-mail, Internet Protocol (IP), and web and network security. Written in a textbook format, the concepts are organized in a fashion that provides even an IT novice an ability to explore relatively complex topics.
Much of the book is dedicated to the explanation and exploration of various encryption algorithms and authentication standards. The author, Stallings, remains impartial, declining to recommend any one standard over the other; instead he provides a detailed discussion of the strengths and weaknesses of each against various types of malicious attacks, including estimates of the length of time it would take an attacker to perform a brute-force cryptanalysis and decode each algorithm. He details different types of attacks and provides practical eye-opening examples of how opponents might use these tactics.
At times the detail provided by Stallings is fascinating, such as the various applications of asynchronous encryption used in web and email security and message authentication. However, on a few occasions the depth at which some of the mathematical models and algorithms are covered may cause the reader to lose sight of the big picture.
Stallings concludes the book with a brief exploration of malicious software including viruses, worms, and distributed denial of service attacks; he also offers defensive approaches to combat each of these threats.
The book is not reserved for practitioners, as security is an important issue to every manager. The concepts discussed should be enough to inspire readers to pay more attention to their own security and control policies, as well as arm them with enough knowledge to intelligently converse with their IT staff to put these policies into action.
Sun Tzu wrote, "If you know the enemy and know yourself, you need not fear the result of a hundred battles." Stallings' Network Security Essentials provides a reasonable foundation of knowledge to engage in the ongoing battle of security and control that every business must face.
