"Implementing IPsec", Elizabeth Kaufman/Andrew Newman, 1999,
%A Elizabeth Kaufman
%A Andrew Newman
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$49.99 416-236-4433 fax: 416-236-4448 rlangloi@...
%P 271 p.
%T "Implementing IPsec: Making Security Work on VPNs, Intranets, and
This book starts with a rough, and even aggressive, manner. It
continues the same way. But what makes for a rather abrasive
introduction also makes for a very practical and solid guide to
designing, evaluating, and thinking about network security.
Chapter one is brief, really only an overview of the structure of the
book. Part one actually starts in the next chapter, and looks at what
you need to know going in. Chapter two looks at the basic information
you need before you even start to consider security, and provides a
highly practical guide to documenting the network. (Oh, sure, you
*all* have fully documented networks. No, thank you, I don't want to
buy any bridges.) Security should, of course, start with a policy,
but chapter three outlines a real-world approach when you don't have
one. The law is an underappreciated factor in implementing security,
and a highly instructive run through of related aspects is presented
in chapter four.
Part two reviews the essentials of the technology. Chapter five
covers the Internet Protocol, and the security weaknesses built into
what it does. Cryptography cannot be covered in a single chapter, but
I was a bit surprised that there is not even a discussion of relative
strengths in the basics that are explained in chapter six. Keys and
key management are discussed reasonably well in chapter seven.
Part three looks at implementation considerations. Chapter eight
gives an extremely helpful, if somewhat depressing, look at possible
problems and inherent conflicts. Chapter nine offers some useful
pointers, but is more about the generic types of implementations.
Part four gets down to the brass tacks of buying. Chapter ten gives
some rough pointers on how to evaluate vendors. But the really useful
stuff is in chapter eleven, which provides the details, with
explanations, for an entire RFP.
RFC 2401 is printed as an appendix.
The authors are not out to produce a fun read, but they have a very
nice sense of sarcasm--and know when to use it. Subtle digs pop up in
the text frequently, and are generally right on target. The humour
included in the work is germane to the topic, and helps to highlight
and render memorable important basic concepts.
As the authors are at pains to point out, IPsec is by no means a
mature technology. Security practitioners, and network managers, are
fortunate to have such a guide to avoiding the worst mistakes as they
take the first steps into a new area.
copyright Robert M. Slade, 1999 BKIMPIPS.RVW 991029
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
Pessimists have already begun worrying about what is going to
replace automation. - John Tudor