Order from a Major Online Bookstore
Ultimate Book Price Comparison Engine
Save Your Time And Money
| AnyBook4Less.com | Order from a Major Online Bookstore |
|
| Home | Store List | FAQ | Contact Us | | ||
| Ultimate Book Price Comparison Engine Save Your Time And Money |
||
 |
Title: Authentication: From Passwords to Public Keys by Richard E. Smith ISBN: 0-201-61599-1 Publisher: Addison-Wesley Pub Co Pub. Date: 01 October, 2001 Format: Paperback Volumes: 1 List Price(USD): $44.99 |
Average Customer Rating: 4.83 (6 reviews)
Rating: 5
Summary: Really, really good book
Comment: Smith does a great job of writing about authentication while being vendor agnostic.
The book provides everything you need to know about PKI and other crucial security topics.
Rating: 4
Summary: An exciting book on authentication, of all things? It is!
Comment: An exciting book on authentication, of all things? Is such a thing even possible? Yes, Richard E. Smith proves it by publishing Authentication - a comprehensive guide to all things that authenticate or are authenticated. The book will educate you on more aspects of authentication than you ever wanted to know, but most likely you will enjoy it. As a security professional, I found the author's writing style to be excellent and even entertaining, a clear sign of writing by a true expert on the subject.
Every obscure form of authentication protocol (have you heard of X9.17 lately?) finds its place in a book. Passwords, tokens, biometrics, various authentication protocols are all described and analyzed in great detail, in plain English and with multiple diagrams. Another valuable feature is that for every authentication protocol, the relevant attacks and defenses are outlined in every chapter summary. The attacks which are not covered by existing defenses ("residual attacks") are emphasized at the end as something to watch for. For example, a 'trojan horse' attack to steal authentication credentials is one of them - apparently there is no 100 percent reliable way to stop it.
A chapter on passwords contains several creative ideas to make this ubiquitous form of authentication more effective, simultaneously more secure and more usable. It also answers some interesting password questions. When does it make no sense to enforce a complex non-dictionary password? How random is a random password from a dictionary? Why is a bank PIN of four digits secure enough for the job? When it is better to write a password down? Read the book and you will discover the answers! The book also explains public key crypto systems and their use for authentication (such as PKI).
People issues of security also receive well-deserved coverage in a separate chapter. Various kinds of secrets used for people as passwords are outlined. An interesting discussion on choosing an initial password when providing system access reveals important aspects of this process that few people think about.
For more technically inclined readers, straightforward analysis of complexities of Windows authentication (LANMAN, NTLM, Kerberos) and attacks against it is provided in a "Challenge Response Passwords" chapter. Computer scientists will find some insights on authentication algorithm design patterns. For less technical readers, understanding authentication based on Ali Baba and a cave of treasures will help to sort through the authentication system requirements and peculiarities. Overall, the book (while being targeted at security professionals) contains something for almost everyone interested in how computers tell that whoever is sitting at the console is who she says she is.
Anton Chuvakin, Ph.D. is a senior security analyst with a major security company.
Rating: 5
Summary: Masterful writing and in-depth treatment of the subject
Comment: I'm in complete agreement with the previous reviewers that this book is easy to read and that it clearly explains complex material.
What I like is the way the author integrates theory, application and the human side of authentication. For example, he makes excellent use of tables to distill and display information, such as summary tables for attacks and defenses that are cross-referenced to each other. This is particularly useful to anyone who is developing security profiles, and the thorough and meticulous way that the author summarizes the information reduces the attack-defense pairings to the essentials.
His clear explanations of authentication methods and their underlying technologies, as well as how they evolved, are among the clearest in print. More importantly, he goes beyond explaining the mathematics behind the protocols by also showing how assumptions can lead to exposures. An example is the 4-digit lock, which has 10,000 possible combinations. At first glance it would seem that you have a 1-in-10000 chance of guessing the combination. However, he goes on to explain that a study showed 50% of people chose a calendar date for the combination, then leads you through the math of showing why you have approximately 1-in-512 chance of breaking the combination on the first try. He uses similar techniques throughout the book, which makes you think in real-world terms. It's his treatment of the people side of the authentication techniques that add to the real-world approach.
I also thought that the chapter on picking PINs and passwords was exceptional. I've written password management policies and procedures for a number of clients in recent years and thought I was an expert. After reading this 37-page chapter I discovered what I didn't know - and it was a lot!
Each chapter is filled with facts that you may have or have not considered, and each is filled with common sense, backed up with the math or technical underpinnings. Moreover, the book complete covers authentication and will get anyone quickly up-to-speed on the basics and many of the finer points. This book is especially important as a resource to anyone who is involved in health care because the material is directly applicable to requirements set forth in HIPAA. It is also essential reading for anyone who develops or manages security in a web- or e-commerce environment because of the dependencies upon the technologies and methods that are discussed in this book. IT security specialists will also find this book to be an invaluable resource, especially the parts that cover password management, social engineering and practical applications of authentication.
 |
Title: Network Security: Private Communication in a Public World by Charlie Kaufman, Radia Perlman, Mike Speciner ISBN: 0130460192 Publisher: Prentice Hall PTR Pub. Date: 15 April, 2002 List Price(USD): $54.99 |
 |
Title: Kerberos : The Definitive Guide by Jason Garman ISBN: 0596004036 Publisher: O'Reilly & Associates Pub. Date: 26 August, 2003 List Price(USD): $34.95 |
 |
Title: LDAP System Administration by Gerald Carter ISBN: 1565924916 Publisher: O'Reilly & Associates Pub. Date: 20 March, 2003 List Price(USD): $39.95 |
 |
Title: Building Secure Software: How to Avoid Security Problems the Right Way by John Viega, Gary McGraw ISBN: 020172152X Publisher: Addison-Wesley Pub Co Pub. Date: 24 September, 2001 List Price(USD): $54.99 |
 |
Title: Implementing Biometric Security by John Chirillo, Scott Blaul ISBN: 0764525026 Publisher: John Wiley & Sons Pub. Date: 01 April, 2003 List Price(USD): $45.00 |
Thank you for visiting www.AnyBook4Less.com and enjoy your savings!
Copyright� 2001-2021 Send your comments
