[unisog] Network security textbooks

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Nov 7 22:43:00 GMT 2003


On Fri, 07 Nov 2003 15:43:11 EST, David Opitz <DOpitz at loyola.edu>  said:

> undergrads. I have an idea of what I would cover in this class, starting with
> the theory of stuff like crypto (symmetric encryption, asymmetric encryption,
> hashes, PKI, authentication techniques) and security protocols (SSL, IPsec,
> SSH, Kerberos). These are the pieces you can use when designing a secure
> network.

Randy Marchany and I spent a good chunk of an afternoon recently looking
at a number of books that all looked good for various classes - I know he's
lurking here, and I know he took notes at the time.. Hey, Raaannnndddyy ;)

One thing that struck me with several of them was that there was an incredible
over-emphasis on the details of cryptography.  Now mind you, I'm a big
believer in properly applied crypto, but it's nowhere near as important
as many authors would have you believe.

For instance - who *honestly* believes that in *the real world*, the average
Web user gets *any* MITM security from the CA-signed certs for an SSL
connection? (Hint - I'm preaching to the choir here - when was the last
time any of *YOU* actually clicked on the little padlock and checked the
cert details?)

Given the current state of the art, and the first/second derivatives of same,
I'd suggest picking a good theory book, and supplementing with online resources.

The theory doesn't move much at all - a quick read of the original Karger&Schell
paper on Multics, and their "30 years later" paper will be depressingly
illuminating (and both are (I think) required reading):

http://www.acsac.org/2002/papers/classic-multics.pdf - "30 years later"
www.acsac.org/2002/papers/classic-multics-orig.pdf   - the original paper.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20031107/1529bd32/attachment-0003.bin


More information about the unisog mailing list