Sebastopol, CA--On a hot summer night when a cool breeze just begins to rise, you may feel tempted to go to bed with the doors and windows open. Since the neighborhood is quiet and you know the neighbor's dog would bark if there were anything amiss, you think you're probably okay. Is it risky? Perhaps. But you fall asleep enjoying the breeze and decide just not to think about it.
This is the same way that many users deal with security on the Internet. They are aware of security risks, but often decide just not to think about them. Fortunately for users, network administrators and developers don't have that luxury. John Viega, Matt Messier, and Pravir Chandra, authors of "Network Security with OpenSSL" (O'Reilly, US $39.95) tell us, "The Internet is a dangerous place, more dangerous than most people realize. Many technical people know that it's possible to intercept and modify data on the wire, but few realize how easy it actually is. If an application doesn't properly protect data when it travels an untrusted network, the application is a security disaster waiting to happen."
OpenSSL is an open source library that implements the SSL (Secure Socket Layer) and TLS (Transport Layer Security) protocols to secure applications that need to communicate over a network. OpenSSL is by far the most widely deployed, freely available implementation of these protocols. Fully featured and cross-platform, working on Unix and Windows alike, OpenSSL can be used from C and C++ programs, or from the command line, and even from other languages such as Python, Perl and PHP. And it's more than just a free implementation of SSL. It also includes a general-purpose cryptographic library, with implementations of the industry's best-regarded algorithms such as 3DES (Triple DES), AES, and RSA, as well as message digest algorithms and message authentication codes.
Using cryptographic algorithms in a secure and reliable manner is more difficult than most people believe. "The OpenSSL library is seeing widespread adoption for securing network-enabled applications," says coauthor Viega, "but it requires a significant amount of expertise to apply OpenSSL securely, which our book provides. We take a pragmatic approach. We show how to actually use the OpenSSL toolkit to help secure applications."
"Network Security with OpenSSL" takes the reader step-by-step from understanding the challenges faced in communicating securely to using the OpenSSL tools to best meet those challenges. Instead of bogging the reader down in technical details of how SSL works under the hood, the book explains the important aspects of the OpenSSL API in detail and offers a series of practical examples and template code that developers can integrate into their own applications.
"SSL is an excellent protocol. Like many tools, it is effective in the hands of someone who know how to use it well, but it is also easy to misuse," says Viega. "The documentation for OpenSSL is rather minimal. Because of this, it can be hard to use and commercial entities may be wary of tapping the power of OpenSSL. This book should help. We hope to demystify the details of using OpenSSL be it from an admin or developer point of view."
The bulk of "Network Security with OpenSSL" describes the OpenSSL library and the many ways to use it. The discussion centers on working examples, rather than straightforward reference material. The authors discuss all of the common options OpenSSL users can support, as well as the security implications of each choice.
System and network administrators will benefit from the thorough treatment of the OpenSSL command-line interface, as well as from step-by-step directions for obtaining certificates and setting up their own certification authority. Developers will benefit from the in-depth discussions and examples of how to use OpenSSL in their own programs. "Network Security with OpenSSL" is the only book to thoroughly document this important security technology. It will guide readers through the pitfalls so they are able to use OpenSSL much more effectively.
"Network Security with OpenSSL" is also available on Safari Books Online.
Chapter 1, Introduction, is available free online.
For more information about the book, including Table of Contents, index, author bios, and samples, click here.
For a cover graphic in jpeg format, go to: ftp.ora.com/pub/graphics/book_covers/hi-res/059600270X.jpg
Network Security with OpenSSL
By John Viega, Matt Messier & Pravir Chandra
ISBN 0-596-00270-X, 367 pages, $39.95 (US), $61.95 (CAN)
For over 40 years, O’Reilly has provided technology and business training, knowledge, and insight to help companies succeed. Our unique network of experts and innovators share their knowledge and expertise through the company’s SaaS-based training and learning platform. O’Reilly delivers highly topical and comprehensive technology and business learning solutions to millions of users across enterprise, consumer, and university channels. For more information, visit www.oreilly.com.