Lynne, who is coauthor of 386BSD, can be contacted at ljolitz@cardio.ucsf.edu.
For most people, security is as simple as locking the front door or putting a Club on a car's steering wheel. For networked computer users, security is a devilish issue, because a computer system can be compromised by any one of millions of other computers around the globe. Fortunately, a good number of books on network-security techniques are available, and while none will protect a computer from the latest attack (you'll just have to keep up on journals and conferences for that), many offer valuable insights.
Network Security: Private Communications in a Public World, by Charlie Kaufman, Radia Perlman, and Michael Speciner, discusses the practical issues of secure communications, including cryptographic techniques, applied-number theory, authentication, and integrity. It also covers existing Internet mechanisms used to increase network security (Kerberos, PEM, PGP, and the like) as well as extensions to X.400 and NetWare. Finally, the book provides a good overview of encrypted communications and authentication as currently used on the Internet. It avoids matters such as the formal government-security framework and concentrates on the actual "moving pieces" used in security mechanisms.
I enjoyed this book primarily because it was loaded with insider jokes and minutiae, such as "UNIX, an unusually user-hostile and otherwise mediocre operating system" or (my personal favorite)
...plausible deniability, a situation in which events are structured so that someone can claim not to have known or done something, and no proof exists to the contrary. Whenever this term comes up, the person in question is almost certainly guilty.
The authors are not afraid to voice opinions on popularly perceived solutions to insecure networks. For example, the current trend of developing, selling, and purchasing commercial firewall packages is concisely characterized by Charlie Kaufman:
Firewalls are the wrong approach. They don't solve the general problem, and they make it very difficult or impossible to do many things. On the other hand, if I were in charge of a corporate network, I'd never consider hooking into the Internet without one. And if I were looking for a likely financially successful security product to invest in, I'd pick firewalls.
The meat of Network Security: Private Communications in a Public World is its practical introduction to communications-oriented security in the form of encryption and authentication; specific implementation details are described only casually. Of particular interest in this post-Mitnick era is the brief discussion of sabotage-resistant routing protocols. Since routing is the next logical target of attack, it is an area worthy of critical study. In fact, secure routing and network integrity alone could fill another book.
Network Security: Private Communications in a Public World provides a balanced treatment of controversial topics (such as cryptography), but it isn't a "war-stories" book. The level of discussion is technical enough to get the point across, yet not so detailed as to become dull. Still, the book lacks descriptions of attacks against TCP and DNS. Even though they've been covered in other security books, these topics still have a place in a discussion of attack pathologies. The book also omitted discussions of the "Green Book," the follow-up work to the "Orange Book" (which maps the Trusted Computing metaphor into a networking paradigm). While of admittedly limited use, the Green Book does offer sanguine observations about network security that fall into the scope of this book. Finally, the text jumps right into specific algorithms without bothering to develop the subject of cryptography. The result is an incomplete picture: It's unclear why a certain technique is employed in a given algorithm or why an algorithm is considered flawed.
While insider stories and algorithmic examinations are interesting, they are less than useful to the individual trying to protect e-mail from prying eyes. To complicate matters, while regular surface mail is protected by a host of laws regarding privacy and is processed by a quasi-governmental agency which must follow certain regulations, most e-mail correspondence is not (yet) as carefully protected or regulated. The law is still murky regarding privacy from coworkers, system administrators, managers, and the like. Thus, protection of sensitive correspondence and the limits of such protection are topical subjects.
E-Mail Security: How to Keep your Electronic Messages Private, by DDJ contributing editor Bruce Schneier, is an in-depth treatment of electronic-mail security intended for immediate application by the reader. Schneier begins with an overview of electronic-mail security and goes on to discuss and contrast the two preeminent security encapsulations used in network electronic mail--Pretty Good Privacy (PGP) and Privacy Enhanced Mail (PEM). Finally, the book addresses restrictions placed on its use by the government and intellectual-property rights. Schneier's discussion of finite mathematics alone is worth the price of the book.
The one downside is Schneier's view that it is absolutely good to secure all communications in this manner. While this approach probably appeals to his target audience, it is ironic that the same tools that can prevent misappropriation of information can also be used to shield a scoundrel who misappropriates other's work. Yes, I've heard the argument that anyone who doesn't secure their work deserves to be punished, but that's just the old blame-the-victim routine, which doesn't deal with reality.
In addition, shielding posters or remailers on the net, making them effectively anonymous, is not a defensive security approach intended to keep personal e-mail private, but instead an ideologically motivated offensive tactic. Net users should be aware that this approach is rarely used for purposes of, say, revealing a governmental plot to suppress information: Instead, it's used for character assassination, personal vendettas, theft of work, disinformation, petty criminal behavior, and worse. In fact, the current chaos is eerily similar to John Brunner's prediction in his classic book The Shockwave Rider over 20 years ago, where anonymous denunciation lines allowed antagonists to destroy a protagonist's credit, job status, and even marriage without fear of retribution. Ignoring or aiding this practice without regard for the consequences is ethically questionable at best.
Overall, Schneier's writing has a concise, readable, appealing style. E-Mail Security: How to Keep your Electronic Messages Private is ideal for the computer user who feels insecure about sending Internet mail and has an active interest in the powerful tools available for securing it.
Network Security, by Steven L. Shaffer and Alan R. Simon, provides a comprehensive, top-down approach to computer and networking security as a professional practice. It focuses primarily on the formal nomenclature and structure used as the framework for government- and commercial-security environments. This formalism is critical for serious computer-security work. Network Security is ideal as a top-down introduction to any intensive study of formal security mechanisms and policies of the last 20 years.
Not included are the "tools of the trade" that a network-security officer uses in practice, the methodology that programmers use to implement secure operating systems, or the cryptographic mechanisms that secure communications across a data network. However, bibliographic references provide pointers for the serious student.
One nice feature of this book is a description of representative-government-security programs that show the formal information-security structure in practice. Among the programs discussed are the Department of Defense's BLACKER, DNSIX, and CCEP; profiles of security-product vendors are given as well. (This latter group was incomplete: Sun's Secure Solaris, Oracle's MLS products, and HP's HP-UX BLS were missing.)
A downside of Network Security is its insularity and relative blindness that stems from its proximity to traditional security perspectives. For example, while PEM and Kerberos are discussed briefly, unofficial security mechanisms, such as PGP and COPS, are not. There is no critical analysis of the inherent weaknesses of the "official" architectures for information security. Despite these omissions, however, Network Security's coverage of the appropriate formalisms make it essential to the serious security professional's library.
Network Security: How to Plan for It and Achieve It, by Richard Baker, is the most ambitious of the books discussed here. It develops and implements an enterprise network's security envelope from the bottom-up, but avoids discussion of the underlying mechanisms. Baker speaks to MIS managers or network administrators who must develop and implement an official, organized security policy, comprising physical security, business-management structures, backups, training, viruses, and security audits.
Each chapter begins with an overview of a problem (such as securing the desktop), then develops a top-down plan to deal with it. While fleshing out these details, Baker discusses the elements and management of a careful, secure environment (occasionally citing industry examples). The book does not cover operating-system and software architectures; it concentrates on operational aspects pertinent to a business.
Network Security: How to Plan for It and Achieve It reminds us that information security often fails because it is not integrated into the information system from the start.
The breadth of the book is exemplified in its discussion of the legal requirements of a network-information processing service, including the legal doctrines of due care and due diligence. Few administrators are aware of the potential liabilities of insecure or improperly maintained information systems, which are magnified when the system retains information covered by privacy or intellectual-property rights. The Infobahn of the future will likely involve many suits over negligent operation of information services, resulting in substantial liability awards from unsuspecting companies.
Baker approaches enterprise network security from a situational perspective. This is bound to appeal to the administrator who can directly apply Baker's solutions to rectify a situation or avoid an incident; enterprise network administrators should keep this book handy.
Network Security: Private Communications in a Public World
Charlie Kaufman, Radia Perlman, and Michael Speciner
Prentice-Hall, 1995, 504 pp. $46.00 ISBN 0-13-061466-1
Network Security
Steven L. Shaffer and Alan R. Simon
Academic Press, 1994, 318 pp. $25.95, ISBN 0-12638-01-04
E-Mail Security: How to Keep your Electronic Messages Private
Bruce Schneier
John Wiley & Sons, 1995, 362 pp. $24.95, ISBN 0-471-05318-X
Network Security: How to Plan for It and Achieve It
Richard H. Baker
McGraw-Hill, 1995, 456 pp. $34.95, ISBN 0-07005-14-10
Copyright © 1995, Dr. Dobb's Journal