Customer Reviews

Cryptography and Network Security: Principles and Practice (2nd Edition)

5 star:		(10)
4 star:		(0)
3 star:		(2)
2 star:		(2)
1 star:		(0)

 

 

This book is intended to serve both as a textbook for an academic course of study, and as a self-study and reference guide for practicing professionals. The material has been extended to emphasize encryption and its central position in network protection. The structure and flow have been reorganized with both classroom use and solo instruction in mind, and additional teaching material, such as additional problems, have been added.

Chapter one is an introduction to the topics to be covered. In a practical way it outlines the concerns involved in the phrase computer security, and the priorities occasioned by the networked nature of modern computing. There is also an outline of the chapters and sequence in the rest of the book. While the text does note that cryptographic techniques underlie most of current security technologies this is only done briefly. Examples in the major categories listed would help explain this primary position.

Part one deals with conventional, symmetric, encryption and the various methods of attacking it. Chapter two covers the historical substitution and transposition ciphers. Symmetric block ciphers are discussed in chapter three, illustrated by an explanation of DES (Data Encryption Standard). The additional conventional algorithms of triple DES, IDEA (International Data Encryption Algorithm), and RC5 are reviewed in chapter four. The use of conventional encryption for confidentiality is outlined in chapter five.

Part three looks at public-key encryption and hash functions. Chapter six introduces public-key encryption and its uses in confidentiality, authentication, and key management and exchange. Number theory is the basis of these modern algorithms, so some basic mathematical concepts are outlined in chapter seven. Digital signatures and message authentication is introduced in some detail in chapter eight. The algorithms themselves are explained in chapter nine, including MD5 (Message Digest algorithm), SHA (Secure Hash Algorithm), and others. Protocols using digital signatures are described in chapter ten.

Part three takes this background material and relates its use in security practice. Chapter eleven looks at authentication, concentrating on Kerberos and X.509. The examples of e-mail security systems given in chapter twelve are PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extension). Security provisions for the Internet Protocol (IP) itself are reviewed in chapter thirteen. Web security, in chapter fourteen, again concentrates on protocol level matters, but also discusses the SET (Secure Electronic Transaction) standard at the application level.

Part four outlines general system security. To the general public the primary concern of security is to deal with intruders and malicious software, so it may seem odd to the uninitiated to find that both of these subjects are lumped together in chapter fifteen. Chapter sixteen finishes off the book with a description of firewalls and the concept of trusted systems that they rely on.

Each chapter ends with a set of recommended readings and problems. Many chapters also have appendices giving additional details of specific topics related to the subject just discussed.

This review is for the 3rd edition -
I'm not a cryptographer by any means. I've owned Applied Cryptography(AC) for 4 years. It's been quite helpful but leans farther into theory (not covered in it) than I was willing or able to research at the time. I often found myself needing to refer to other resources over the years. I purchased this book after thumbing through it a few times at the bookstore. I'm not one to run out and spend $80 on a book in haste. After a couple of collective hours in it at the store I bought it with the intention of returning it in the 30 allotted days for a full refund. That date comes tomorrow and I have no intention on returning it.

I would describe it as a self-contained reference. It covers cryptography principles and practices as the title implies. When discussing the algorithms it covers them with roughly the same notation and detail as AC. However, I found the explained examples to be clearer. When I found myself getting lost I took the text's advice and referred to the chapters on mathematics and number theory. Not only did it clear the fog it also bit me with the math bug. Leading me to buy another great book, Prime Obsession (nothing to do with crypto). I should mention that this book is void of code. I didn't find this to be a problem because if I'm not using a crypto lib I usually have to implement the crypto code from scratch. With the knowledge presented in this book I can do it better. FYI: The OpenSSL lib offers a bunch of implemented algorithims.

As CTO of an internet security company I am often required to locate information or explain concepts to people regarding network security and the Public Key Infrastructure. Having a ready reference with excellent drawings has made the communication of key concepts easy. For details of implementations, I send the engineers to Applied Cryptography, but for the overview of the Net protocols, I bought everyone in the company this book.

One of the better books in Security, concentrating on algorithms, rather than stopping at attack descriptions. Very detailed coverage of converntional and public-key encryption. I recommend this book to anyone interested in Security and has some knowledge on algorithms.

I adored this book! It's one of my favourite texts of all time. I used it for a computer security subject and it's a great primer. It covers a middle ground in computer encryption and network security that serves wonderfully as a primer for the novice and a reference for the experienced.

The contents are roughly evenly split between detailed descriptions of currently used encyrption protocols, and descriptions of network security protocols. For a complete reference library on this field, you would also need a book on network communications protocols, a mathematics-heavy text on the design of encryption algorithms and a programming-heavy text on encryption algorithm implementation.

But if you have prior knowledge of network comms, aren't ineterested in encryption design or maths, and can do the coding yourself, then this book has all you need to understand practical encryption and security currently used in industry and to implement the protocols yourself.

Stallings has a great writing style and explains concepts in clear and interesting English. You can't go wrong with this book. As a primer for the primer, I'd recommend The Code Book by Simon Singh (very readable) or any of Stallings' other books specifically dealing with data comms.

This is a good solid book that attempts and succeeds at covering a very large field in a few hundred pages. It goes into depth on key concepts, and explains those well, but for the most part stays at an abstract or theoretical level. I've read it cover to cover and am buying copies for co-workers.

I was able to use this book as an introduction, and more than an introduction, on the world of cryptography. I started reading it with no knowledge on cryptographic algorithms, ad I learned the principles behind cryptographic algorithms and how they are linked with pratical implementation on security products.

The area of network security is less developed than the cryptography area, but still valuable.

The books intends on giving an introduction to cryptography covering both the theoretical and the practical aspects of the field.

The first two parts of the book gives an introduction to conventional (symmetric) and public-key cryptography. These parts are mainly theoretical and gives a good introduction for the novice.

The third and the fourth part of the book describes how to use these tools in practice. Though, it would ideally be a nice pedagogical way to teach the concepts (after all cryptography, is a lot about practice) the book fails to accomplish this. The chapters mainly list the different technical aspects of the protocols, but give only few example to how the protocols work in real life. This makes it hard to use the book to get an introduction of the applications. I doubt it would helpful for a person with knowledge within the field---he or she would most likely prefer to refer to the original documents.

In conclusion the first two parts are useful for an introduction, while the two last are a pain.

The variability in textbook reviews are interesting. I would consider this text "math heavy" whereas other reviewers believe you'll need another serious text on the matter to round out your collection.

I bought this to learn the high level details/processes behind encryption and cryptography but after flipping through the detailed treatment of each, the book got really short, really fast. If you're looking for "Hey here's DES in a nutshell" then this book isn't for you. It is in the sense that the three paragraphs preceding the several-page detailed discussion of the DES algorithm are for you, but the rest isn't.

Cryptography and Network Security: Principles and Practice by Stallings is a very good book on crypto.

It is not as detailed as Schneier's Applied Cryptography, but is still a great book.