[ISN] REVIEW: "IPSec: Securing VPNs", Carlton Davis

From: InfoSec News (isnat_private)
Date: Tue Dec 03 2002 - 01:32:33 PST

  • Next message: InfoSec News: "[ISN] ISS Goes Public With Vulnerability Disclosure Guidelines"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    BKIPSECS.RVW   20021001
    [Or you could let C4I.org get the credit from Amazon. - WK  :)
    http://www.amazon.com/exec/obidos/ASIN/0072127570/c4iorg ]
    "IPSec: Securing VPNs", Carlton Davis, 2001, 0-07-212757-0,
    %A   Carlton Davis carltonat_private
    %C   300 Water Street, Whitby, Ontario   L1N 9B6
    %D   2001
    %G   0-07-212757-0
    %I   McGraw-Hill Ryerson/Osborne
    %O   U$49.99/C$79.95/UK#36.99 800-565-5758 fax: 905-430-5020
    %O  http://www.amazon.com/exec/obidos/ASIN/0072127570/robsladesinterne
    %P   404 p.
    %T   "IPSec: Securing VPNs"
    Chapter one is an overview of TCP/IP.  The material is generally good,
    but does demonstrate a possible weakness of the book: we are provided
    with way too much information about a number of areas that are not
    relevant to IPSec.  A similar overabundance of detail (and math)
    describes symmetric cryptography, in chapter two.  Oddly, given the
    level of particulars in other areas, there is no analysis of the
    weakness of double DES (Data Encryption Standard).  Operational
    specifics of the various AES (Advanced Encryption Standard) candidates
    are also included.  The mathematical basis of asymmetric cryptography,
    in chapter three, is not explained as well as symmetric is.  In
    dealing with hashes and message authentication codes, chapter four has
    lots of math and almost no other discussion.  Chapter five provides
    extensive details about X.509 attribute fields, for digital
    certificates, and also has a bit of material on PGP (Pretty Good
    Privacy) and key recovery.  The fields of LDAP (Lightweight Directory
    Access Protocol) are outlined in chapter six.
    Chapter seven finally talks, very briefly, about IPSec architecture,
    repeating (from chapter one) the specifics of the IP header, and
    mentioning some of the components of IPSec.  Chapters eight, nine, and
    ten concentrate of the header structure of AH (Authentication Header),
    ESP (Encapsulating Security Payload), and ISAKMP (Internet Security
    Association Key Management Protocol) packets, albeit chapter ten also
    covers a bit of the handshaking process.  There is very little
    discussion of strengths and weaknesses.  There are lots of details
    related to IKE (Internet Key Exchange) in chapter eleven, but
    surprisingly little information about what it does or how it works. 
    The header structure and options for the compression function, IPComp,
    are given in chapter twelve.  Chapter thirteen is supposed to talk
    about implementation, but has a fairly generic example of a VPN and
    some screen shots from a commercial product.
    Overall, the book contains lots of technical details, but very little
    in the way of explanation, discussion, or analysis.  You would
    probably learn just as much about IPSec by reading the RFCs
    copyright Robert M. Slade, 2002   BKIPSECS.RVW   20021001
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
    Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
        December 16, 2002   December 20, 2002   San Francisco, CA
        February 10, 2003   February 14, 2003   St. Louis, MO
        March 31, 2003      April 4, 2003       Indianapolis, IN
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Dec 03 2002 - 04:26:49 PST