White-Hat Security Arsenal: Tackling the Threats

As a diverse collection of information--much of it at a fairly advanced level--White-Hat Security Arsenal: Tackling the Threats is a valuable primer on matters of computer and network security. The author doesn't offer specific instructions on how to harden your systems against attack, and doesn't go far in explaining how to build security into software you write. But he does offer good overviews of how particular manifestations of malice--such as Babylonia (a specific virus) and distributed denial of service (DDoS) systems (a broad class of attack)--work. Similarly, he details how security protocols and mechanisms--packet filters and the Secure Sockets Layer (SSL) protocol are two examples--go about their tasks. In brief, the book breaks little new ground, but it covers the familiar data communications security material extremely capably and with frequent reference to the most recent exploits of the bad guys.

Rubin is at his best in explaining the details of security protocols, which rarely make intuitive sense. Using the proven "conversation" method of illustration ("Alice sends her public key to Bob..."), he untangles even the remarkably obtuse Diffie-Hellman algorithm. He backs the dialogues with the formulas that underlie encryption and authentication, and usually translates the simplified conversations into the actual messages exchanged by machines.

This book is worth the cover price for its lucid explanations of how security protocols work. It also highlights places in which security technology is lacking (in making sure no unauthorized data goes out from a Web server, for example), which is refreshing. --David Wall

Topics covered: The state of the art in computer and network security, explained from the point of view of the system administrator wishing to keep bad guys out. A menagerie of recent viruses and attack profiles is followed by discussions of secure storage (with emphasis on encrypted file systems and local password authentication), data exchange via public-private key pairs and trust management system (including Kerberos, of course), network defense with firewalls and intrusion detection systems (IDS), and secure communications via the Secure Sockets Layer (SSL) protocol.