Sebastopol, CA--On a hot summer night when a cool breeze just begins to
rise, you may feel tempted to go to bed with the doors and windows
open. Since the neighborhood is quiet and you know the neighbor's dog
would bark if there were anything amiss, you think you're probably
okay. Is it risky? Perhaps. But you fall asleep enjoying the breeze and
decide just not to think about it.
This is the same way that many users deal with security on the
Internet. They are aware of security risks, but often decide just not
to think about them. Fortunately for users, network administrators and
developers don't have that luxury. John Viega, Matt Messier, and Pravir
Chandra, authors of "Network Security with OpenSSL" (O'Reilly,
US $39.95) tell us, "The Internet is a dangerous place, more dangerous
than most people realize. Many technical people know that it's possible
to intercept and modify data on the wire, but few realize how easy it
actually is. If an application doesn't properly protect data when it
travels an untrusted network, the application is a security disaster
waiting to happen."
OpenSSL is an open source library that implements the SSL (Secure
Socket Layer) and TLS (Transport Layer Security) protocols to secure
applications that need to communicate over a network. OpenSSL is by far
the most widely deployed, freely available implementation of these
protocols. Fully featured and cross-platform, working on Unix and
Windows alike, OpenSSL can be used from C and C++ programs, or from the
command line, and even from other languages such as Python, Perl and
PHP. And it's more than just a free implementation of SSL. It also
includes a general-purpose cryptographic library, with implementations
of the industry's best-regarded algorithms such as 3DES (Triple DES),
AES, and RSA, as well as message digest algorithms and message
Using cryptographic algorithms in a secure and reliable manner is more
difficult than most people believe. "The OpenSSL library is seeing
widespread adoption for securing network-enabled applications," says
coauthor Viega, "but it requires a significant amount of expertise to
apply OpenSSL securely, which our book provides. We take a pragmatic
approach. We show how to actually use the OpenSSL toolkit to help
"Network Security with OpenSSL" takes the reader step-by-step from
understanding the challenges faced in communicating securely to using
the OpenSSL tools to best meet those challenges. Instead of bogging the
reader down in technical details of how SSL works under the hood, the
book explains the important aspects of the OpenSSL API in detail and
offers a series of practical examples and template code that developers
can integrate into their own applications.
"SSL is an excellent protocol. Like many tools, it is effective in the
hands of someone who know how to use it well, but it is also easy to
misuse," says Viega. "The documentation for OpenSSL is rather minimal.
Because of this, it can be hard to use and commercial entities may be
wary of tapping the power of OpenSSL. This book should help. We hope to
demystify the details of using OpenSSL be it from an admin or developer
point of view."
The bulk of "Network Security with OpenSSL" describes the OpenSSL
library and the many ways to use it. The discussion centers on working
examples, rather than straightforward reference material. The authors
discuss all of the common options OpenSSL users can support, as well as
the security implications of each choice.
System and network administrators will benefit from the thorough
treatment of the OpenSSL command-line interface, as well as from
step-by-step directions for obtaining certificates and setting up their
own certification authority. Developers will benefit from the in-depth
discussions and examples of how to use OpenSSL in their own programs.
"Network Security with OpenSSL" is the only book to thoroughly document
this important security technology. It will guide readers through the
pitfalls so they are able to use OpenSSL much more effectively.
"Network Security with OpenSSL" is also available on
Safari Books Online.
Introduction, is available free online.
For more information about the book, including Table of Contents,
index, author bios, and samples,
For a cover graphic in jpeg format, go to:
Network Security with OpenSSL
By John Viega, Matt Messier & Pravir Chandra
ISBN 0-596-00270-X, 367 pages, $39.95 (US), $61.95 (CAN)