A fascinating work on the history and development of cryptography, from the Egyptians to WWII. Many of the earliest books, particularly those dating back to the 1900s and before, are now extremely scarce and increasingly expensive. Hesperides Press are republishing these classic works in affordable, high quality, modern editions, using the original text and artwork Contents Include - The Beginings of Cryptography - From the Middle Ages Onwards - Signals, Signs, And Secret Languages - Commercial Codes - Military Codes and Ciphers - Types of Codes and Ciphers - Methods of Deciphering - Bibliography

Cryptography is the study of methods to transform information from its original comprehensible form into a scrambled incomprehensible form, such that its content can only be disclosed to some qualified persons. In the past, cryptography helped ensure secrecy in important communications, such as those of spies, military leaders, and diplomats. In recent decades, it has expanded in two main ways: firstly, it provides mechanisms for more than just keeping secrets through schemes like digital signatures, digital cash, etc; secondly, cryptography is used by almost all computer users as it is embedded into the infrastructure for computing and telecommunications. Cryptography ensures secure communications through confidentiality, integrity, authenticity and non-repudiation. Cryptography has evolved over the years from Julius Cesar's cipher, which simply shifts the letters of the words a fixed number of times, to the sophisticated RSA algorithm, which was invented by Ronald L. Rivest, Adi Shamir and Leonard M. Adleman, and the elegant AES cipher (Advanced Encryption Standard), which was invented by Joan Daemen and Vincent Rijmen. The need for fast but secure cryptographic systems is growing bigger. Therefore, dedicated hardware for cryptography is becoming a key issue for designers. With the spread of reconfigurable hardware such as FPGAs, embedded cryptographic hardware became cost-effective. Nevertheless, it is worthy to note that nowadays, even hardwired cryptographic algorithms are not safe. Attacks based on power consumption and electromagnetic Analysis, such as SPA, DPA and EMA have been successfully used to retrieve secret information stored in cryptographic devices. Besides performance in terms of area and throughput, designer of embedded cryptographic hardware must worry about the leakage of their implementations. The content of this book is divided into three main parts, which are focused on new trends in cryptographic hardware, arithmetic and factoring.

This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the Top 10 security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. The book then goes on to discuss the relevancy of all of this information. Next, the book describes how to script open source reporting tools like Tcpdstats to automatically correlate log files from the various network devices to the Top 10 list. By doing so, the IT professional is instantly made aware of any critical vulnerabilities or serious degradation of network performance. All of the scripts presented within the book will be available for download from the Syngress Solutions Web site.
Almost every operating system, firewall, router, switch, intrusion detection system, mail server, Web server, and database produces some type of log file. This is true of both open source tools and commercial software and hardware from every IT manufacturer. Each of these logs is reviewed and analyzed by a system administrator or security professional responsible for that particular piece of hardware or software. As a result, almost everyone involved in the IT industry works with log files in some capacity.
* Provides turn-key, inexpensive, open source solutions for system administrators to analyze and evaluate the overall performance and security of their network
* Dozens of working scripts and tools presented throughout the book are available for download from Syngress Solutions Web site.
* Will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks"

Take a proactive approach to enterprise network security by implementing preventive measures against attacks before they occur. Written by a team of IT security specialists, this hands-on resource provides concrete steps you can take immediately as well as ongoing actions to ensure long-term security. Whether you're working on a Windows, UNIX, wireless, or mixed network, you'll get complete details on how to systematically harden your network from the ground up, as well as strategies for getting company-wide support for your security plan. With coverage of all major platforms and applications, this book is an essential security tool for on-the-job IT professionals. Features a four-part hardening methodology:

Do This Now!--Checklist of immediate steps to take to lockdown your system from further attack Take It From The Top--Systematic approach to hardening your enterprise from the top down, focusing on network, data, and software access, storage, and communications Once Is Never Enough!--Ongoing monitoring and assessment plan to keep your network secure, including patch management and auditing How to Succeed at Hardening Network Security--Strategies for getting budget approval, management buy-in, and employee cooperation for your security program

John Mallery is a Managing Consultant at BKD, LLP, and a veteran security specialist.

Jason Zann, CISSP, is an Information Security Consultant for DST Systems.

Patrick Kelly, CISSP, CCSE, MCSE, MCP+I, is an Information Assurance Engineer for ComGlobal Systems, Inc.

Paul Love, MS Network Security, CISSP, CISM, CISA, is a Security Manager with a large financial institution.

Wesley Noonan, MCSE, CCNA, CCDA, NNCSS, Security+, is aSenior Network Consultant for Collective Technologies, LLC.

Eric S. Seagren, CISSP, ISSAP, SCNP, CCNA, CNE, MCP+I, MCSE, is an IT architect, designing secure, scalable, and redundant networks.

Rob Kraft is the director of software development for KCX, Inc. Mark O'Neil is the CTO of Vordel and principal author of "Web Services Security."

Series Editor and author Roberta Bragg, CISSP, MCSE: Security, Security+, writes a column for Redmond Magazine and writes the weekly Security Watch newsletter. She is the author of "Hardening Windows Systems" and several other information security books.

Even before the terrorist attacks of September 2001, concerns had been rising among security experts about the vulnerabilities to attack of computer systems and associated infrastructure. Yet, despite increasing attention from federal and state governments and international organisations, the defence against attacks on these systems has appeared to be generally fragmented and varying widely in effectiveness. Concerns have grown that what is needed is a national cybersecurity framework -- a co-ordinated, coherent set of public- and private-sector efforts required to ensure an acceptable level of cybersecurity for the nation. As commonly used, cybersecurity refers to three things: measures to protect information technology; the information it contains, processes, and transmits, and associated physical and virtual elements (which together comprise cyberspace); the degree of protection resulting from application of those measures; and the associated field of professional endeavour. Virtually any element of cyberspace can be at risk, and the degree of interconnection of those elements can make it difficult to determine the extent of the cybersecurity framework that is needed. Identifying the major weaknesses in U.S. cybersecurity is an area of some controversy. However, some components appear to be sources of potentially significant risk because either major vulnerabilities have been identified or substantial impacts could result from a successful attack -- in particular, components that play critical roles in elements of critical infrastructure, widely used commercial software, organisational governance, and the level of public knowledge and perception about cybersecurity. There are several options for broadly addressing weaknesses in cybersecurity. They include adopting standards and certification, promulgating best practices and guidelines, using benchmarks and checklists, use of auditing, improving training and education, building security into enterprise architecture, using risk management, and using metrics. These different approaches all have different strengths and weaknesses with respect to how they might contribute to the development of a national framework for cybersecurity. None of them are likely to be widely adopted in the absence of sufficient economic incentives for cybersecurity.

User passwords are the keys to the network kingdom, yet most users choose overly simplistic passwords (like password) that anyone could guess, while system administrators demand impossible to remember passwords littered with obscure characters and random numerals.
Every computer user must face the problems of password security. According to a recent British study, passwords are usually obvious: around 50 percent of computer users select passwords based on names of a family member, spouse, partner, or a pet. Many users face the problem of selecting strong passwords that meet corporate security requirements. Too often, systems reject user-selected passwords because they are not long enough or otherwise do not meet complexity requirements. This book teaches users how to select passwords that always meet complexity requirements.
A typical computer user must remember dozens of passwords and they are told to make them all unique and never write them down. For most users, the solution is easy passwords that follow simple patterns. This book teaches users how to select strong passwords they can easily remember.
* Examines the password problem from the perspective of the administrator trying to secure their network
* Author Mark Burnett has accumulated and analyzed over 1,000,000 user passwords and through his research has discovered what works, what doesn't work, and how many people probably have dogs named Spot
* Throughout the book, Burnett sprinkles interesting and humorous password ranging from the Top 20 dog names to the number of references to the King James Bible in passwords

Take network security to the next level!This book has never before published advanced security techniques and step-by-step instructions showing how to defend against devastating vulnerabilities to systems and network infrastructure.Just about every day the media is reporting another hard-core hack against some organisation. It was reported mid-March that hackers had taken over one of Lexis Nexis' databases gaining access to the personal files of as many as 32,000 people. Extreme Exploits provides advanced methodologies and solutions needed to defend against sophisticated exploits by showing them how to use the latest advanced security tools. The book teaches you how little-known vulnerabilities have been successfully exploited in the real world and have wreaked havoc on large-scale networks.

In the aftermath of the 9/11 terrorist attacks, responsible organizations are now even more interested in identifying their specific needs for information system security. This book provides a structured process for assisting any analyst in performing this task.

Get full details on major mobile/wireless clients and operating systems--including Windows CE, Palm OS, UNIX, and Windows. You’ll learn how to design and implement a solid security system to protect your wireless network and keep hackers out. Endorsed by RSA Security -- the most trusted name in e-security -- this is your one-stop guide to wireless security.

There are many ways that a potential attacker can intercept information, or learn more about the sender, as the information travels over a network. Silence on the Wire uncovers these silent attacks so that system administrators can defend against them, as well as better understand and monitor their systems.

"Silence on the Wire" dissects several unique and fascinating security and privacy problems associated with the technologies and protocols used in everyday computing, and shows how to use this knowledge to learn more about others or to better defend systems. By taking an indepth look at modern computing, from hardware on up, the book helps the system administrator to better understand security issues, and to approach networking from a new, more creative perspective. The sys admin can apply this knowledge to network monitoring, policy enforcement, evidence analysis, IDS, honeypots, firewalls, and forensics.

Completely reviewed by technical experts at CheckPoint, this valuable tool shows network administrators and engineers the essentials of installing, running, and troubleshooting the Nokia VPN-1/FireWall-1 enterprise system. Includes case studies and ready-to-use applications, and a CD-ROM with sample software and solutions.

Lock down your most important information by understanding numerous practical security applications in different environments. Robust coverage includes the most recent advances in technology and the law, including wireless security, biometrics, Windows, IDS technology, as well as the new Patriot Act, homeland security initiatives, and special information on relevant state laws. End-of-chapter review sections include summaries, key term lists, quizzes, and lab projects.

For a long time, there has been a need for a practical, down-to-earth developers book for the Java Cryptography Extension. I am very happy to see there is now a book that can answer many of the technical questions that developers, managers, and researchers have about such a critical topic. I am sure that this book will contribute greatly to the success of securing Java applications and deployments for e-business. --Anthony Nadalin, Java Security Lead Architect, IBM
For many Java developers and software engineers, cryptography is an "on-demand" programming exercise, where cryptographic concepts are shelved until the next project requires renewed focus. But considerations for cryptography must be made early on in the design process and it s imperative that developers know what kinds of solutions exist.
One of Java s solutions to help bridge the gap between academic research and real-world problem solving comes in the form of a well-defined architecture for implementing cryptographic solutions. However, to use the architecture and its extensions, it is important to recognize the pros and cons of different cryptographic algorithms and to know how to implement various devices like key agreements, digital signatures, and message digests, to name a few.
In Java Cryptography Extensions (JCE), cryptography is discussed at the level that developers need to know to work with the JCE and with their own applications but that doesn t overwhelm by packing in details unimportant to the busy professional. The JCE is explored using numerous code examples and instructional detail, with clearly presented sections on each aspect of the Java library. An online open-source cryptography toolkit and the code for all of the examples further reinforces the concepts covered within the book. No other resource presents so concisely or effectively the exact material needed to begin utilizing the JCE.
* Written by a seasoned veteran of both cryptography and server-side programming
* Covers the architecture of the JCE, symmetric ciphers, asymmetric ciphers, message digests, message authentication codes, digital signatures, and managing keys and certificates
* Includes a companion web site that contains the code for the examples in the book, open-source cryptographic toolkits, and further resources"

Thsi comprehensive reference provides a detailed overview of intrusion detection systems [IDS], offering the latest detection systems, the latest technology in information protection.

Cisco Systems, Inc. is the worldwide leader in networking for the Internet, and its Intrusion Detection Systems line of products is making in roads in the IDS market segment, with major upgrades having happened in February of 2003. Cisco Security Professional's Guide to Secure Intrusion Detection Systems is a comprehensive, up-to-date guide to the hardware and software that comprise the Cisco IDS. Cisco Security Professional's Guide to Secure Intrusion Detection Systems does more than show network engineers how to set up and manage this line of best selling products ... it walks them step by step through all the objectives of the Cisco Secure Intrusion Detection System course (and corresponding exam) that network engineers must pass on their way to achieving sought-after CCSP certification.

Learn to implement a solid mCommerce security plan--from start to finish

Many businesses today recognize mobile commerce--mCommerce--as a way to increase revenue and offer customers a new level of convenience. Mobile phones and PDAs can now be used for online banking, purchasing tickets, messaging, and much more. For any transaction, security is a top priority--and this becomes increasingly complex when wireless and mobile applications are involved. This practical introductory guide clearly explains different mCommerce applications and their associated security risks. Through case studies, you'll learn best practices for implementing specific security methods in key industries--including banking, retail, entertainment, military, travel, and healthcare. The book also contains 8 pages of blueprints that depict secure end-to-end mCommerce architecture as well as identify key vulnerability points.Explore the latest security topics for both business and consumer mCommerce applications Improve services offered to customers through secure mCommerce applications Get details on various types of mobile applications and understand their security risks--including commerce, payments, information, communications, gaming, and military Discover the differences between mobile versus wired security Address mobile security issues in key industries such as banking and finance, travel, manufacturing, entertainment, public services, and defense Recognize the time- and cost-saving benefits of secured mCommerce applications through comprehensive case studies Preview the security of future mobile applications--such as 3G/4G networks and wearable computers

This book constitutes the refereed proceedings of the 4th International Conference on Security and Cryptology, ICISC 2001, held in Seoul, Korea, in December 2001. The 32 revised full papers presented together with one invited paper were carefully reviewed and selected from a total of 107 submissions. All current issues of cryptography and cryptanalysis and their applications to securing data, systems, and communications are addressed.

Written by the experts at RSA Security, this book will show you how to secure transactions and develop customer trust in e-commerce through the use of PKI technology. Part of the RSA Press Series.

LOCK IN PDA SECURITY:

* Let an IT security expert help you assess the PDA threat to your business

* Learn what you must do to lock out dangers -- password theft, viruses, electronic eavesdropping, mobile code and wireless vulnerabilities, data corruption, device loss and theft, and other risks

* Maximize and protect the value of increasingly capable personal digital assistants to your organization

DOWNSIZE PDA RISKS. SUPERSIZE PDA REWARDS.

PDAs have moved into the workplace. More than 25 million of them will soon be accessing company networks. Are you prepared? If you’re an information technology or business executive, the time is right to size up the unique security risks these small, portable devices pose. This essential primer for those deploying, managing or using PDAs in the workplace will help you understand and address the challenges presented by this emerging set of technologies. Written by respected IT security experts, PDA Security, shows you how to:

* Assess the level of threat posed by PDAs in your organization

* Develop a measured and enforceable policy response to minimize the risk

* Understand the technical issues and defend against the threats PDAs pose to privacy, theft of sensitive information, system corruption, and other issues of network and data misuse

* Analyze secure solutions for all major handhelds -- Palm, PocketPC, and RIM

* Examine a case study on securing Palm for the work environment

* Learn why solutions almost always involve the operating system

* Discover what White-Hat Hacking reveals about vulnerabilities

* Find profitable ways to integrate PDAs into business plans and networks, while downsizing risks

* Get an insider’s preview of the future of handhelds -- the PCs of the early twenty-first century

With a Foreword by Rebecca Bace, internationally renowned intrusion-detection and network-security specialist and former member of the United States Department of Defense National Security Agency (NSA).

For ongoing news and original content on PDA security, related Web sites, and a calendar of related events, visit www.pdasecurity-book.com

This hands-on guide to hacking begins with step-by-step tutorials on hardware modifications that teach basic hacking techniques as well as essential reverse engineering skills. The book progresses into a discussion of the Xbox security mechanisms and other advanced hacking topics, with an emphasis on educating the readers on the important subjects of computer security and reverse engineering. "Hacking the Xbox" includes numerous practical guides, such as where to get hacking gear, soldering techniques, debugging tips and an Xbox hardware reference guide.

"Hacking the Xbox" also confronts the social and political issues facing today's hacker by looking forward and discussing the impact of today's legal challenges on legitimate reverse engineering activities. The book includes a chapter written by the Electronic Frontier Foundation (EFF) about the rights and responsibilities of hackers, and concludes by discussing the latest trends and vulnerabilities in secure PC platforms.

Enigma und Lucifer-Chiffre: das spannende Lehrbuch zur Kryptographie mit Online-Service.
Es wird detailliert beschrieben, was bei der Entwicklung eines symmetrischen Kryptosystems - das den heutigen Anforderungen entspricht - zu berucksichtigen ist. Dazu wird insbesondere die differentielle und die lineare Kryptoanalyse ausfuhrlich erklart."

Get comprehensive coverage of XP Professional security with this definitive and focused resource. Work with firewalls and intrusion detection systems, fully utilize XP’s built-in support tools, manage security remotely, and much more.

* Configuring an intrusion detection system (IDS) is very challenging, and if improperly configured an IDS is rendered ineffective
* Packed with real-world tips and practical techniques, this book shows IT and security professionals how to implement, optimize, and effectively use IDS
* Features coverage of the recently revised IETF IDS specification
* Covers IDS standards, managing traffic volume in the IDS, intrusion signatures, log analysis, and incident handling
* Provides step-by-step instructions for configuration procedures

Protect your IIS server with help from this authoritative book. Covering all basic security tools that come with IIS -- and explaining their weaknesses -- this complete guide shows you how to utilize encryption, authorization, filtering, and other restrictive techniques to protect against attacks and other security violations.

Many faces of modern computing - from archiving data to coding theory to image processing ¿ rely heavily on data compression. This new and practical guide explains the process of compressing all types of computer data, as well as the use of significant methods and algorithms. Its purpose is to succinctly describe both the principles underlying the field of data compression and how to use the key methods effectively. A Guide to Data Compression Methods concentrates on general concepts and methods and describes them with a minimal amount of mathematical detail. It presents the main approaches to data compression, describes the most important algorithms, and includes straightforward examples. Statistical, dictionary, and wavelet methodologies are addressed in specific chapters, as well as image, video, and audio compression. The reader can expect to gain a basic understanding of the key algorithms and methods used to compress data for storage and transmission. Topics and features: ¿ All core methods are clearly explained with realistic examples, and some computer code is included ¿ Accessible presentation, with only minimum computer and mathematics technical background ¿ Discussion of wavelet methods and JPEG 2000 ¿ Appendix lists all algorithms presented in the book ¿ CD-ROM included compromising computer code from the book and extensive public-domain compression utility programs This book is an invaluable practical reference and guide for all practitioners and professionals in computer science, software engineering, and programming.