"Network Security with OpenSSL" Released by O'Reilly
For Immediate Release
June 27, 2002
For more information, a review copy, cover art, or an interview with
the authors, contact:
Kathryn Barrett (707) 827-7094 or kathrynb@oreilly.com
IMPORTANT BUT TREACHEROUS: O'REILLY BOOK STEERS READERS
THROUGH THE PITFALLS OF USING OPENSSL
O'REILLY RELEASES "NETWORK SECURITY WITH OPENSSL"
Sebastopol, CA--On a hot summer night when a cool breeze just begins to
rise, you may feel tempted to go to bed with the doors and windows
open. Since the neighborhood is quiet and you know the neighbor's dog
would bark if there were anything amiss, you think you're probably
okay. Is it risky? Perhaps. But you fall asleep enjoying the breeze and
decide just not to think about it.
This is the same way that many users deal with security on the
Internet. They are aware of security risks, but often decide just not
to think about them. Fortunately for users, network administrators and
developers don't have that luxury. John Viega, Matt Messier, and Pravir
Chandra, authors of "Network Security with OpenSSL" (O'Reilly,
US $39.95) tell us, "The Internet is a dangerous place, more dangerous
than most people realize. Many technical people know that it's possible
to intercept and modify data on the wire, but few realize how easy it
actually is. If an application doesn't properly protect data when it
travels an untrusted network, the application is a security disaster
waiting to happen."
OpenSSL is an open source library that implements the SSL (Secure
Socket Layer) and TLS (Transport Layer Security) protocols to secure
applications that need to communicate over a network. OpenSSL is by far
the most widely deployed, freely available implementation of these
protocols. Fully featured and cross-platform, working on Unix and
Windows alike, OpenSSL can be used from C and C++ programs, or from the
command line, and even from other languages such as Python, Perl and
PHP. And it's more than just a free implementation of SSL. It also
includes a general-purpose cryptographic library, with implementations
of the industry's best-regarded algorithms such as 3DES (Triple DES),
AES, and RSA, as well as message digest algorithms and message
authentication codes.
Using cryptographic algorithms in a secure and reliable manner is more
difficult than most people believe. "The OpenSSL library is seeing
widespread adoption for securing network-enabled applications," says
coauthor Viega, "but it requires a significant amount of expertise to
apply OpenSSL securely, which our book provides. We take a pragmatic
approach. We show how to actually use the OpenSSL toolkit to help
secure applications."
"Network Security with OpenSSL" takes the reader step-by-step from
understanding the challenges faced in communicating securely to using
the OpenSSL tools to best meet those challenges. Instead of bogging the
reader down in technical details of how SSL works under the hood, the
book explains the important aspects of the OpenSSL API in detail and
offers a series of practical examples and template code that developers
can integrate into their own applications.
"SSL is an excellent protocol. Like many tools, it is effective in the
hands of someone who know how to use it well, but it is also easy to
misuse," says Viega. "The documentation for OpenSSL is rather minimal.
Because of this, it can be hard to use and commercial entities may be
wary of tapping the power of OpenSSL. This book should help. We hope to
demystify the details of using OpenSSL be it from an admin or developer
point of view."
The bulk of "Network Security with OpenSSL" describes the OpenSSL
library and the many ways to use it. The discussion centers on working
examples, rather than straightforward reference material. The authors
discuss all of the common options OpenSSL users can support, as well as
the security implications of each choice.
System and network administrators will benefit from the thorough
treatment of the OpenSSL command-line interface, as well as from
step-by-step directions for obtaining certificates and setting up their
own certification authority. Developers will benefit from the in-depth
discussions and examples of how to use OpenSSL in their own programs.
"Network Security with OpenSSL" is the only book to thoroughly document
this important security technology. It will guide readers through the
pitfalls so they are able to use OpenSSL much more effectively.
Additional resources:
"Network Security with OpenSSL" is also available on
Safari Books Online, see: http://safari.oreilly.com
Chapter 1, "Introduction," is available free online at:
http://www.oreilly.com/catalog/openssl/chapter/index.html
For more information about the book, including Table of Contents,
index, author bios, and samples, see:
http://www.oreilly.com/catalog/openssl/
For a cover graphic in jpeg format, go to:
ftp://ftp.ora.com/pub/graphics/book_covers/hi-res/059600270X.jpg
Network Security with OpenSSL
June 2002
By John Viega, Matt Messier & Pravir Chandra
ISBN 0-596-00270-X, 367 pages, $39.95 (US), $61.95 (CAN)
order@oreilly.com
1-800-998-9938
1-707-827-7000
http://www.oreilly.com
About O'Reilly
O'Reilly & Associates is the premier information source for
leading-edge computer technologies. The company's books, conferences,
and web sites bring to light the knowledge of technology innovators.
O'Reilly books, known for the animals on their covers, occupy a
treasured place on the shelves of the developers building the next
generation of software. O'Reilly conferences and summits bring alpha
geeks and forward-thinking business leaders together to shape the
revolutionary ideas that spark new industries. From the Internet to
XML, open source, .NET, Java, and web services, O'Reilly puts
technologies on the map. For more information: http://www.oreilly.com
# # #
O'Reilly is a registered trademark of O'Reilly & Associates, Inc.
All other trademarks are property of their respective owners.
