Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "IPSec: Securing VPNs", Carlton Davis

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKIPSECS.RVW 20021001 IPSec: Securing VPNs , Carlton Davis, 2001, 0-07-212757-0, U$49.99/C$79.95/UK#36.99 %A Carlton Davis carlton@cs.mcgill.ca %C 300
    Message 1 of 1 , Dec 2, 2002
      BKIPSECS.RVW 20021001

      "IPSec: Securing VPNs", Carlton Davis, 2001, 0-07-212757-0,
      %A Carlton Davis carlton@...
      %C 300 Water Street, Whitby, Ontario L1N 9B6
      %D 2001
      %G 0-07-212757-0
      %I McGraw-Hill Ryerson/Osborne
      %O U$49.99/C$79.95/UK#36.99 800-565-5758 fax: 905-430-5020
      %O http://www.amazon.com/exec/obidos/ASIN/0072127570/robsladesinterne
      %P 404 p.
      %T "IPSec: Securing VPNs"

      Chapter one is an overview of TCP/IP. The material is generally good,
      but does demonstrate a possible weakness of the book: we are provided
      with way too much information about a number of areas that are not
      relevant to IPSec. A similar overabundance of detail (and math)
      describes symmetric cryptography, in chapter two. Oddly, given the
      level of particulars in other areas, there is no analysis of the
      weakness of double DES (Data Encryption Standard). Operational
      specifics of the various AES (Advanced Encryption Standard) candidates
      are also included. The mathematical basis of asymmetric cryptography,
      in chapter three, is not explained as well as symmetric is. In
      dealing with hashes and message authentication codes, chapter four has
      lots of math and almost no other discussion. Chapter five provides
      extensive details about X.509 attribute fields, for digital
      certificates, and also has a bit of material on PGP (Pretty Good
      Privacy) and key recovery. The fields of LDAP (Lightweight Directory
      Access Protocol) are outlined in chapter six.

      Chapter seven finally talks, very briefly, about IPSec architecture,
      repeating (from chapter one) the specifics of the IP header, and
      mentioning some of the components of IPSec. Chapters eight, nine, and
      ten concentrate of the header structure of AH (Authentication Header),
      ESP (Encapsulating Security Payload), and ISAKMP (Internet Security
      Association Key Management Protocol) packets, albeit chapter ten also
      covers a bit of the handshaking process. There is very little
      discussion of strengths and weaknesses. There are lots of details
      related to IKE (Internet Key Exchange) in chapter eleven, but
      surprisingly little information about what it does or how it works.
      The header structure and options for the compression function, IPComp,
      are given in chapter twelve. Chapter thirteen is supposed to talk
      about implementation, but has a fairly generic example of a VPN and
      some screen shots from a commercial product.

      Overall, the book contains lots of technical details, but very little
      in the way of explanation, discussion, or analysis. You would
      probably learn just as much about IPSec by reading the RFCs

      copyright Robert M. Slade, 2002 BKIPSECS.RVW 20021001

      rslade@... rslade@... slade@... p1@...
      Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
      Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
      December 16, 2002 December 20, 2002 San Francisco, CA
      February 10, 2003 February 14, 2003 St. Louis, MO
      March 31, 2003 April 4, 2003 Indianapolis, IN
    Your message has been successfully submitted and would be delivered to recipients shortly.