Chapter 8: Network Security

Kurose and Keith W. Ross focuses on network security, addressing how to defend against threats such as malware, denial-of-service attacks, packet sniffing, spoofing, and message tampering. Using the classic example of Alice and Bob, the chapter introduces the core goals of secure communication: confidentiality, message integrity, authentication, and access control. The authors explore cryptographic principles, including symmetric key cryptography (e.g., AES) and public key cryptography (e.g., RSA), as well as the use of digital signatures and message digests for integrity verification. Protocols such as SSL/TLS for securing transport connections and IPsec for network-layer security are explained in detail. The chapter also examines end-point authentication methods, including challenge-response protocols and certificate-based systems, along with the role of Certification Authorities (CAs) in the Public Key Infrastructure (PKI). Key Internet security applications are discussed, such as secure email (PGP, S/MIME), firewalls, intrusion detection systems, and virtual private networks (VPNs). The authors also highlight practical attack methods—like man-in-the-middle, replay, and brute-force attacks—and describe mitigation techniques. By integrating theory with real-world examples, the chapter equips readers to understand both the foundations and practical implementations of securing modern computer networks.