1 Understanding Internet Security

How secure is the date that you transmit on the Internet? How vulnerable is your personal data to hackers?

• standard encryption algorithms
• public-key algorithms
  • RSA
  • DSA
• Data Encryption Standard -> Advanced Encryption Standard
• HTTPS -> browser security
• PGP -> email security
• man in the middle attacks
• timing attacks
• side-channel attacks
• certificates -> expired, untrusted CA
• zero-day exploit
• IETF
• PKCS
• FIPS
• NIST
• ITU
• ASN
• RFC 2246 -> TLS
• symmetric cryptography
• public-key cryptography
• digital signature algorithms
• X.509 certificates

As a practitioner rather than a casual user, it’s not enough to treat security as a black box or a binary property; you need to know what the security is doing and how it’s doing it so that you know what you are and aren’t protected against. This book was written for you—the professional programmer who understands the basics of security but wants to uncover the details without reading thousands of pages of specifications.

This book begins by examining sockets and socket programming in brief.

Afterward, it moves on to a detailed examination of cryptographic concepts.

and finally applies thenm to SSL/TLS.

You examine what SSL/TLS does, what it doesn’t do, and how it does it.