Network security textbooks

David Opitz DOpitz at loyola.edu
Fri Nov 7 20:43:11 GMT 2003


Hi UNISOG!

I am a Security Analyst, probably like many people on this email list.  I have an opportunity to teach a Computer Science course in Network Security, and I'm looking for advice on a good textbook (along with good homework problems).  This class could be either for new graduate students, or upper level undergrads.  I have an idea of what I would cover in this class, starting with the theory of stuff like crypto (symmetric encryption, asymmetric encryption, hashes, PKI, authentication techniques) and security protocols (SSL, IPsec, SSH, Kerberos).  These are the pieces you can use when designing a secure network.

Then I would like to go into practical things - stuff that we all deal with on a daily basis, like buffer overflows, port scanning, vulnerability scanning, DOS attacks, how to use network firewalls and personal firewalls, auditing, intrusion detection, PGP, locking down a host (Windows or Linux), router security, honeypots, patching, and maybe even traffic shaping. 

I can find lots of book on the theory.  I can also find lots of books on practical security or on hacking.  But I haven't yet found one good textbook that covers both.   One difficulty is that the practical side advances so quickly that books quickly become dated.  Options include using two books, or just one book and supplement it with on-line articles.

Does anyone have any suggestions for a good network security textbook?  How about one of the books by William Stallings?  Or "Computer Security" by Bishop?  Or "Firewalls and Internet Security  2nd Edition" by Checkwick, Bellovin, and Rubin?  Or something from the "Hacking Exposed" series?  What else can combine theory and practice?

Also, I'd like to hear if anyone has good ideas for practical, real-world, hands-on lab assignments or homework assignments.  This is a bit tricky, since I don't want anyone to "accidentally" hack into something real, or mistakenly send out a virus email.  

Peace,
Dave Opitz
Security Analyst - Tech Services
Loyola College in Maryland



More information about the unisog mailing list