Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications. The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols. Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library's advanced features. And, instead of bogging you down in the technical details of how SSL works under the hood, this book provides only the information that is necessary to use OpenSSL safely and effectively. In step-by-step fashion, the book details the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges. As a system or network administrator, you will benefit from the thorough treatment of the OpenSSL command-line interface, as well as from step-by-step directions for obtaining certificates and setting up your own certification authority. As a developer, you will further benefit from the in-depth discussions and examples of how to use OpenSSL in your own programs. Although OpenSSL is written in C, information on how to use OpenSSL with Perl, Python and PHP is also included. OpenSSL may well answer your need to protect sensitive data. If that's the case, Network Security with Ope
openssl programming cleanly explained
By H. Wang - October 11, 2004
The book starts with a general introduction of encryption in general, then SSL protocol in general. Then openssl command line interface is introduced with some easy to follow examples. Later openssl programming is explained in detail.
As the only free SSL programming library with source code available, openssl is notorious for its undocumented/underdocumented/misdocumented manuals. Starting a software project using openssl without prior experience is often a painful experience if you simply rely on the manuals coming with the source code. Given thousands of interfaces/data structures, it is an overwhelming job to understand openssl in depth. Your best bet is usually reading the sample source code that comes with package, but often it leaves lots of questions - what does this api do? Why use this one? Under what circumstances should I use this one? You may rely on openssl mailing list, but answer is not guaranteed and you have to do your own home work first.
If you have little or no experience with SSL, or OpenSSL, get this book. It explains the principles behind SSL, and then goes on to cover OpenSSL. The companion website opensslbook.com contains the latest examples.
The only drawbacks to the book are the way that the authors cover random number generators for windows, (totally excludes the MS crypto function cryptgenrand(), in favor of the Author's own entropy collection system), and the creation of certificates could have been covered a little better. I also kept having to consult the Openssl API documentation for clarification on certain things, but overall this is a great book.
Another example of how NOT to write a technical book
By Patrick Goetz "cultural omnivore" - July 20, 2009
Although I haven't finished reading the book yet, my level of frustration with it warrants a review. I'll update the review if I change my mind. Setting aside the many typos (e.g. bottom of p. 86), the fact that the book is now 7-8 years out of date, and explanations of functions that are frequently less clear than the online documentation, my complaint has to do with the almost randomized organization of the material. The first chapter is an overview that focuses on jargon more than anything; in particular it doesn't provide a clear description of exactly what happens when an SSL connection is established (the single most important detail for understanding everything that follows). This renders the second chapter on the command line interface next to useless, since it's only somewhat clear what these commands are doing -- shouldn't this material come after almost everything else? The 3rd chapter shows how to generate public keys without explaining clearly how they're used, and... read more
Special Ops: Internal Network Security Guide is the solution for the impossible 24-hour IT work day. By now, most companies have hardened their perimeters and locked out the "bad guys," but what has ...
Anyone embarking on a career in IT security can benefit from a firm understanding of common security threats and the technologies used to counter them. Network Security Foundations assumes no prior ...