Loading ...
Sorry, an error occurred while loading the content.

[techbooks] REVIEW: "Implementing IPsec", Elizabeth Kaufman/Andrew Newman

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKIMPIPS.RVW 991029 Implementing IPsec , Elizabeth Kaufman/Andrew Newman, 1999, 0-471-34467-2, U$49.99 %A Elizabeth Kaufman %A Andrew Newman %C 5353
    Message 1 of 1 , Jan 27, 2000
    • 0 Attachment
      BKIMPIPS.RVW 991029

      "Implementing IPsec", Elizabeth Kaufman/Andrew Newman, 1999,
      0-471-34467-2, U$49.99
      %A Elizabeth Kaufman
      %A Andrew Newman
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 1999
      %G 0-471-34467-2
      %I John Wiley & Sons, Inc.
      %O U$49.99 416-236-4433 fax: 416-236-4448 rlangloi@...
      %P 271 p.
      %T "Implementing IPsec: Making Security Work on VPNs, Intranets, and

      This book starts with a rough, and even aggressive, manner. It
      continues the same way. But what makes for a rather abrasive
      introduction also makes for a very practical and solid guide to
      designing, evaluating, and thinking about network security.

      Chapter one is brief, really only an overview of the structure of the
      book. Part one actually starts in the next chapter, and looks at what
      you need to know going in. Chapter two looks at the basic information
      you need before you even start to consider security, and provides a
      highly practical guide to documenting the network. (Oh, sure, you
      *all* have fully documented networks. No, thank you, I don't want to
      buy any bridges.) Security should, of course, start with a policy,
      but chapter three outlines a real-world approach when you don't have
      one. The law is an underappreciated factor in implementing security,
      and a highly instructive run through of related aspects is presented
      in chapter four.

      Part two reviews the essentials of the technology. Chapter five
      covers the Internet Protocol, and the security weaknesses built into
      what it does. Cryptography cannot be covered in a single chapter, but
      I was a bit surprised that there is not even a discussion of relative
      strengths in the basics that are explained in chapter six. Keys and
      key management are discussed reasonably well in chapter seven.

      Part three looks at implementation considerations. Chapter eight
      gives an extremely helpful, if somewhat depressing, look at possible
      problems and inherent conflicts. Chapter nine offers some useful
      pointers, but is more about the generic types of implementations.

      Part four gets down to the brass tacks of buying. Chapter ten gives
      some rough pointers on how to evaluate vendors. But the really useful
      stuff is in chapter eleven, which provides the details, with
      explanations, for an entire RFP.

      RFC 2401 is printed as an appendix.

      The authors are not out to produce a fun read, but they have a very
      nice sense of sarcasm--and know when to use it. Subtle digs pop up in
      the text frequently, and are generally right on target. The humour
      included in the work is germane to the topic, and helps to highlight
      and render memorable important basic concepts.

      As the authors are at pains to point out, IPsec is by no means a
      mature technology. Security practitioners, and network managers, are
      fortunate to have such a guide to avoiding the worst mistakes as they
      take the first steps into a new area.

      copyright Robert M. Slade, 1999 BKIMPIPS.RVW 991029

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Pessimists have already begun worrying about what is going to
      replace automation. - John Tudor
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.