The intricacies and complexities of modern system and network architecture are already difficult enough to wrap your head around even before you start trying to analyze them in terms of weaknesses and vulnerabilities.
Students studying for a degree in cybersecurity spend a lot of time immersed in the pages of textbooks trying to work these points out. Some of those textbooks prove to be indispensible in the lifelong learning that every dedicated information security professional is committed to.
One name students are likely to come across repeatedly in their reading is William Stallings.
A Little About Stallings’
Stallings has been researching network technology and information security topics since the early 1980s. In these past decades, he has uncovered a lot of information worth sharing and has been a leading thinker and contributor in the field of cybersecurity.
Stallings’ textbooks on networking, operating systems, computer architecture and security are widely used in cybersecurity curriculums around the world.
With a B.S. in electrical engineering from Notre Dame and a Ph.D. from M.I.T., Stallings certainly has the academic background for such works, but it is the experience from over 20 years in the I.T. industry that gives bite to his subject matter. No dry, sinecure academic, Stallings got his start working hands-on with networked information systems and continues to consult in the field today.
Stallings’ Work: From Network Architecture to Cybersecurity
Of the more than thirteen different textbooks he has written in the field, cybersecurity students are most likely to encounter these seminal security-specific texts:
- Network Security Essentials: Applications and Standards
- Cryptography and Network Security: Principles and Practice
- Computer Security: Principles and Practice
However, his networking protocol and infrastructure texts might also come in handy for information security professionals looking to develop an in-depth understanding of the systems they are going to be protecting. Some of the more nefarious exploits in the wild today operate at the lowest layers of the OSI (Open Systems Interconnection), and Stallings’ works on frame relay and ATM networks provide everything a would-be infosec professional would need to understand how these systems operate.
Stallings’ textbooks are nothing if not well organized. He follows the classic model of defining the subject matter of the book, tying it back to larger information technology or information security subjects, and rigorously defining his terms before beginning his well-ordered dive into the details of his subject matter.
Computer Security: Principles and Practice
The broadest overview is found in “Computer Security,” one of his earlier works. The text provides a solid overview of the fundamentals of securing any computing system, independent from the details of the operating system or machine architecture. As a cryptology expert (Stallings continues to publish research papers on various encryption methods and challenges), he does not shy away from delving into cryptographic tools early on in the book, pushing students to pay attention to a complex topic that is often under-appreciated in security circles.
Nor does the book shy away from the less flashy, but nonetheless vital topics, such as physical site security, auditing, human factors, and the legal and ethical aspects of computer security.
Many authors and texts restrict themselves to the banner topics, failing to recognize that the devil is in the details when it comes to security. Due to his background in networking architecture, Stallings never appears to fall into that trap, devoting significant room in each book to apparently peripheral topics that have a significant bearing on security operations.
Despite the name, “Computer Security” does examine many aspects of networking security, including wireless protocol and Internet security. It also devotes a chapter each to Windows and Linux security, covering some specifics of two of the most popular operating systems in use today.
Network Security Essentials: Applications and Standards
But students most interested in network security will find themselves drawn to “Network Security Essentials,” which gives more specific coverage of that subject.
Like “Computer Security,” “Network Security” begins with an overview of basic security concepts, but quickly verges over into network-specific discussions of the OSI security architecture and the thorny problems of user authentication and transport-layer security. Again, Stallings’ familiarity with cryptography comes into play as he discusses how various encryption techniques, including symmetric and asymmetric encryption algorithms, can be used to facilitate security procedures for these elements.
The book devotes a chapter to email security, important in this day and age of spearphishing attacks, and also spends time talking about intrusion detection methodologies and systems for detecting attacks.
Like all of his texts, both “Computer Security” and “Network Security” are extensively documented with examples and include useful appendices with detailed technical information.
With computersciencestudent.com, Stallings maintains a comprehensive online resource that contains errata, additional resources, and dedicated online-only chapters. The resource website offers students the best of both worlds when it comes to computer science texts, allowing Stallings to keep information up-to-date at the breakneck pace of developments in information security, while still resting that information on the solid bedrock of the textbook itself.
Cryptography and Network Security: Principles and Practice
Although cryptography is never neglected in any of Stallings’ texts, “Cryptography and Network Security” represents his most advanced and in-depth address of the subject. Advanced cybersecurity students will appreciate the deep background on number theory, the most common modern cypher algorithms (including AES, DES, and SHA), and their application to such topics as:
- Transport-level security
- User authentication
- Digital signatures
The book also puts some effort into rehashing the history of cryptography to give students a solid grounding in how modern techniques evolved, and devotes an entire chapter to teaching some of the difficult mathematical concepts that underlie modern cryptographic theory.
Practical aspects of encryption are not neglected, either. Stallings discusses the thorny details of using encryption in electronic mail and wireless networks.
Although his operating system and networking texts aren’t likely to be assigned reading in information security classrooms, they are common in computer science programs and worth a look for any cybersecurity professional serious about understanding network security.
Other Work by Stallings’ on Networking and More
“Foundations of Modern Networking” provides a fascinating glance into the underlying architecture of the modern Internet, from its evolution and adaptation as a set of common protocols in the 1970s to modern developments such as the Internet of Things and Cloud computing.
“Business Data Communications” looks at how businesses use networking and internetwork technology to facilitate internal operations, and ties those processes back to the underlying technologies in use today.
“Computer Organization and Architecture” won the 2016 Textbook and Academic Authors Award for Best Computer Science and Engineering Textbook of the Year for its clear, understandable overview of computer system hardware design and internals.
In each of these books, Stallings provides vital information useful to cybersecurity students, even if it is not explicitly classified as security instruction. With the vulnerabilities in most systems existing primarily as exposed and overlooked flaws in otherwise solid designs, the ability to recognize the standards in the field and distinguish mistakes or exploitable holes is a valuable skill for anyone interested in a career in information security.