Student Resources
Network Security Essentials, Second Edition

Last updated: Friday, February 9, 2007

Useful Web Sites

Computer Science Student Resource Site: Help and advice for the long-suffering, overworked student.
Errata sheet: Latest list of errors, updated at most monthly. File name is Errata-NetSec2e-mmyy. If you spot any errors, please report them to .
Introduction to Cryptography: Provides a Web-based introduction to cryptography for non-CS majors. Although elementary, it provides a useful feel for some key concepts. Originally appeared in the on-line Journal on Educational Resources in Computing, September 2002..

Chapter 1 - Overview

COAST: Comprehensive set of links to sites related to cryptography and network security.
IETF Security Area: Provides up-to-date information on Internet security standardization efforts.
The Cryptography FAQ: Lengthy and worthwhile FAQ covering all aspects of cryptography.
Tom Dunigan's Security Page: An excellent list of pointers to cryptography and network security web sites.
Helgar Lipma's Cryptology Pointers: Another excellent list of pointers to cryptography and network security web sites.
IEEE Technical Committee on Security and Privacy: Home of the electronic newsletter Cipher, which provides book reviews, new crypto and security links, and links to reports and papers available online.
Computer Security Resource Center: Maintained by NIST; contains a broad range of information on security threats, technology, and standards.
Computer and Network Security Reference Index: A good index to vendor and commercial products, FAQs, newsgroup archives, papers, and other Web sites.
Security Focus: A wide variety of security information, with an emphasis on vendor products and end-user concerns.
SANS Institute: Similar to Security Focus. Extensive collection of white papers.
Data Protection Resource Directory: Varied collection of links.
Network Security Directory: Varied collection of links

Chapter 2 - Conventional Encryption and Message Confidentiality

AES Home Page: NIST's page on AES. Contains the standard plus a number of other relevant documents
AES Lounge: Contains a comprehensive bibliography of documents and papers on AES, with access to electronic copies.
Block Cipher Modes of Operation: NIST page with full information on NIST-approved modes of operation.

Chapter 4 - Authentication Applications

MIT Kerberos Site: Information about Kerberos, including the FAQ, papers and documents, and pointers to commercial product sites.
USC/ISI Kerberos Page: Another good source of Kerberos material.
Kerberos Working Group: IETF group developing standards for Kerberos.
Public-Key Infrastructure Working Group: IETF group developing standards based on X.509v3.
NIST PKI Program: Good source of information.
Verisign: A leading commercial vendor of X.509-related products; white papers and other worthwhile material at this site.

Chapter 5 - Electronic Mail Security

PGP Home Page: Web site of PGP Corp., the leading PGP commercial vendor.
PGP Charter: Latest RFCs and internet drafts for an Open Specification PGP.
S/MIME Charter: Latest RFCs and internet drafts for S/MIME.

Chapter 6 - IP Security

NIST IPSec Project: Contains papers, presentations, and reference implementations.

Chapter 7 - Web Security

Netscape's SSL Page: Contains the SSL specification.
TLS Charter: Latest RFCs and internet drafts for TLS.
OpenSSL Project: Project to develop open-source SSL and TLS software. Site includes documents and links.

Chapter 8 - Network Management Security

SNMPv3 Web Site: Maintained by the Technical University of Braunschweig. It provides links to the RFCs and internet drafts, copies of clarifications and proposed changes posted by the working group, and links to vendors with SNMPv3 implementations.
Simple Web Site: Maintained by the University of Twente. It is a good source of information on SNMP, including pointers to many public-domain implementations and lists of books and articles.

Chapter 9 - Intruders

CERT Coordination Center: The organization that grew from the computer emergency response team formed by the Defense Advanced Research Projects Agency. Site provides good information on Internet security threats, vulnerabilities, and attack statistics.
Honeynet Project: A research project studying the techniques of predatory hackers and developing honeypot products
Honeypots: A good collection of research papers and technical articles.

Chapter 10 - Malicious Software

Anti-Virus Online: IBM's site on virus information; one of the best.
Vmyths: Dedicated to exposing virus hoaxes and dispelling misconceptions about real viruses.

Chapter 11 - Firewalls Numerous links to firewall references and software resources.
Trusted Computing Group: Vendor group involved in developing and promoting trusted computer standards. Site includes white papers, specifications, and vendor links..