Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Demystifying the IPsec Puzzle", Sheila Frankel

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKDMIPSP.RVW 20010511 Demystifying the IPsec Puzzle , Sheila Frankel, 2001, 1-58053-079-6, U$75.00 %A Sheila Frankel sheila.frankel@nist.gov
    Message 1 of 1 , May 28, 2001
      BKDMIPSP.RVW 20010511

      "Demystifying the IPsec Puzzle", Sheila Frankel, 2001, 1-58053-079-6,
      %A Sheila Frankel sheila.frankel@... frankel@...
      %C 685 Canton St., Norwood, MA 02062
      %D 2001
      %G 1-58053-079-6
      %I Artech House/Horizon
      %O U$75.00 800-225-9977 fax: 617-769-6334 artech@...
      %P 273 p.
      %T "Demystifying the IPsec Puzzle"

      With its reference to the dim and distant past when Bill Gates was
      working on his fifth billion, the first sentence of the first chapter
      makes you suspect that this book will be a fun read. Which is a very
      strange thing to think about a security text. But the readability
      aspect becomes understandable when the author points out that this is
      not solely a work designed to turn out IPsec implementors (who may
      need additional references), but to inform purchasers and users.

      IPsec is both a part of the "next generation" IPv6 standard, and a
      security option (or add-on) in the current IPv4. It is governed by
      some two dozen Internet RFCs (Request For Comments documents). While
      other security measures work only with specific programs, or at the
      transport layer, IPsec functions at the IP (Internet Protocol) or
      network layer, in order to address the widest range of applications
      and problems. It can address both confidentiality and authentication,
      as well as dealing with a number of denial of service (DoS) attacks
      that other security systems cannot.

      Chapter one provides a general introduction, and a brief and apposite
      background of the Internet and IP layer functions. The author has
      culled a minimal foundation from the normal barrage of design and
      history, and even the description of IP headers is clear and important
      to the matter at hand. The Authentication Header (AH), which assures
      the detection of corruption or modification en route, is discussed in
      chapter two. The material also introduces basic structures such as
      the security association (SA) database, and provides some detail on
      implementation issues and concerns. The Encapsulating Security
      Payload (ESP) is described in chapter three, although not quite as
      lucidly as was the case for prior material. However, there is also an
      excellent section outlining design considerations for the protocol.

      Chapter four details the symmetric key algorithms used for AH and ESP
      operations, but does not go deeply into the asymmetric systems used by
      the Internet Key Exchange (IKE). IKE itself is discussed, in general
      in chapter five, with respect to remote users in chapter six, and
      listing additional options in chapter seven. The PF_KEY application
      programming interface for IPsec is described in chapter eight.
      Chapter nine deals with issues of policy and policy enforcement. An
      overview of PKI (Public Key Infrastructure) is given in chapter ten.
      Chapter eleven looks at the special problems of multicast.

      The book finishes off as many others start, with an analysis of
      whether IPsec can be the right solution to the problem.

      The title of this tome is quite appropriate. It provides a clear
      outline and, if it isn't always articulate about the implications of
      portions of the system, it does a good enough job that the persistent
      reader will be able to work out other aspects. Not a book for the
      masses, perhaps, but for those who need either to purchase IPsec, or
      to choose between IPsec and other technologies, a very useful guide.

      copyright Robert M. Slade, 2001 BKDMIPSP.RVW 20010511

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      What is the problem to which this technology is the answer?
      - Neil Postman
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.