IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks
| 2003-03-13 00:00:00 | | 0 | Protocols
IPSec, the suite of protocols for securing any sort of traffic that moves over an Internet Protocol (IP) network, promises big things for online business. IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks catalogs the specifications that compose this suite and explain how they fit into intranets, virtual private networks (VPNs), and the Internet.
Authors Doraswamy and Harkins first treat IPSec as a system, explaining how its component parts work together to provide flexible security. Their approach to this task makes sense: They first explain why standard IP packets aren't secure; then they show how the IPSec improvements make secure transactions possible. Readers get full descriptions of how various network entities talk to one another. Where appropriate, concepts that aren't specific to IPSec are explained, including IPv4 and IPv6 packet structures and addressing schemes. There's some information on cryptography too.
IPSec's parts are explained individually: the Authentication Header (AH), Encapsulating Security Payload (ESP), Internet Key Exchange (IKE), and ISAKMP/Oakley protocols are detailed with lots of prose, supplemented with a smattering of packet diagrams and conceptual sketches. Sections on implementing IPSec protocols on networks remain fairly abstract and don't mention actual products, but should prove useful to programmers designing their own network security products around the IPSec specifications. --David Wall
User review
Got basic VPN background? Yes? This is your book
Ideally, you should understand basic crypto and have played around with VPNs before reading this book. Have you configured local, gateway, and Road Warrior VPNs before? If so, this book is ideally suited for review and for filling in any gaps in your knowledge. There are some grammatical errors, but nothing serious. Some illustrations, particularly those in the Deployment Scenarios section, don't mesh with the text and require correction to make sense. There is enough information in the text to resolve these errors and pencil in corrections, but isn't this supposed to be a second edition? Speaking of mesh, I was surprised to see no mention of the highly useful mesh equation n(n-1)/2 anywhere. Instead, a more junior-level illustration is used. A combination of both would have been more appropriate for this book. Overall, this is a useful book that will take your basic knowledge of IPSEC to the next level.
4 stars, as the book nevertheless is a productive discussion with two knowledgeable practitioners of IPSEC.
User review
Not much more useful than the RFCs
I looked at this book when I was just starting out working on IPsec. I had read the RFCs once but felt I needed a good book since the IPsec protocol is pretty complex and the RFCs are not very well written. I did not buy this book but scanned it thoroughly in a bookstore. The book seems to repeat what the IPsec RFCs say without adding more to it. There are very few figures in the book to explain the concepts. I ended up buying `Demystifying the IPsec Puzzle` by Sheila Frankel which is a much better book.
User review
A good book for IPSec beginners and refreshers
Before reading this book I think it is good if you have a basic understanding of IPSec topics and terms. In any case, the book explains quite well the basic principles of IPSec and the associated things such as hashing and encryption algorithms (doesn't go too much into details on these ones though,,.)
The chapter where I lost the thread was ISAKMP and IKE.
Maybe it's me, but I think this was pretty confusing way of explaining it.
Although most likely not the only book I would read about IPSec - it is certainly a good book as introduction into IPSec and many things are explained very well which I didn't find in some other books.
User review
BS
This book is a hardbound POC. The authors don't know the hell they are talking about. All the high level talks are good for nothing.
User review
Alan Kavanagh
This book is a good recap on IPSec if you have not been working with IPSec for some time. I recommend this book for begineers to IPSec implementators and it is a good reference book to have handy. The first few sections explain the basics of IPSec and are very well detailed without getting into the specifics. However, the sections on IKE are not well explained and it lacks real detail of IKE implementations and no good diagrams.
I found this book an excellent recap of IPSec as i have not worked with IPSec for almost 3 years, and instead the book gives good and concise information but is mostly in a synopsis format and lacks the real meat.