IPSec (2nd Edition) [Paperback]

Naganand Doraswamy (Author), Dan Harkins (Author)

Book Description

Publication Date: March 23, 2003 | ISBN-10: 013046189X | ISBN-13: 978-0130461896 | Edition: 2

IPSec, Second Edition is the most authoritative, comprehensive, accessible, and up-to-date guide to IPSec technology. Two leading authorities cover all facets of IPSec architecture, implementation, and deployment; review important technical advances since IPSec was first standardized; and present new case studies demonstrating end-to-end IPSec security. New coverage also includes in-depth guidance on policies, updates on IPSec enhancements for large-scale enterprise environments, and much more.

Editorial Reviews

Amazon.com Review

IPSec, the suite of protocols for securing any sort of traffic that moves over an Internet Protocol (IP) network, promises big things for online business. IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks catalogs the specifications that compose this suite and explain how they fit into intranets, virtual private networks (VPNs), and the Internet.

Authors Doraswamy and Harkins first treat IPSec as a system, explaining how its component parts work together to provide flexible security. Their approach to this task makes sense: They first explain why standard IP packets aren't secure; then they show how the IPSec improvements make secure transactions possible. Readers get full descriptions of how various network entities talk to one another. Where appropriate, concepts that aren't specific to IPSec are explained, including IPv4 and IPv6 packet structures and addressing schemes. There's some information on cryptography too.

IPSec's parts are explained individually: the Authentication Header (AH), Encapsulating Security Payload (ESP), Internet Key Exchange (IKE), and ISAKMP/Oakley protocols are detailed with lots of prose, supplemented with a smattering of packet diagrams and conceptual sketches. Sections on implementing IPSec protocols on networks remain fairly abstract and don't mention actual products, but should prove useful to programmers designing their own network security products around the IPSec specifications. --David Wall --This text refers to an out of print or unavailable edition of this title.

From the Inside Flap

Preface

The Internet connects millions of people around the world and allows for immediate communication and access to a seemingly limitless amount of information. Data, video, voice, almost every single type of communication, travels across the Internet. Some of this communication is private.

The language of the Internet is IP, the Internet Protocol. Everything can, and does, travel over IP. One thing IP does not provide, though, is security. IP packets can be forged, modified, and inspected en route. IPSec is a suite of protocols that seemlessly integrate security into IP and provide data source authentication, data integrity, confidentiality, and protection against replay attacks.

With IPSec the power of the Internet can be exploited to its fullest potential:

Communication is the lifeblood of business. Without a guarantee that a customerÕs order is authentic it is difficult to bill for a service. Without a guarantee that confidential information will remain confidential it is impossible for businesses to grow and partnerships to be formed.

Unless there is a guarantee that records and information can remain confidential, the health care industry cannot utilize the Internet to expand its services and cut its costs.

Personal services, such as home banking, securities trading, and insurance can be greatly simplified and expanded if these transactions can be done securely.

The growth of the Internet is truly dependent on security and the only technique for Internet security that works with all forms of Internet traffic is IPSec. IPSec runs over the current version of IP, IPv4, and also the next generation of IP, IPv6. In addition, IPSec can protect any protocol that runs on top of IP such as TCP, UDP, and ICMP. IPSec is truly the most extensible and complete network security solution.

IPSec enables end-to-end security so that every single piece of information sent to or from a computer can be secured. It can also be deployed inside the network to form Virtual Private Networks where two distinct and disparate networks become one by connecting them with a tunnel secured by IPSec.

This book discusses the architecture, design, implementation, and use of IPSec. Each of the protocols in the suite commonly referred to as ÒIPSecÓ (the Authentication Header, the Encapsulating Security Payload, and the Internet Key Exchange) is examined in detail. Common deployments of IPSec are discussed and future work on problem areas is identified.This book is intended for an audience with an interest in network security as well as those who will be implementing secure solutions using IPSec, including building VPNs, e-commerce, and end-to-end security. Cryptography and networking basics are discussed in early chapters for those who are neither cryptography nor networking professionals.Organization

This book is split into three parts: overview, detailed analysis, and implementation and deployment issues.

Part One is comprised of the first three chapters. Chapter One discusses the basic cryptographic building blocks upon which IPSec is built. Symmetric and public key cryptography and their use for both encryption and authentication are explained. Chapter Two discusses the basics of TCP/IP and the advantages and disadvantages of implementing security at various layers in the TCP/IP protocol stack. Chapter Three is an overview of IPSec. The IPSec Architecture is discussed and each of the protocolsÑAH, ESP, and IKEÑand their interrelationship is touched upon.

Part Two consists of chapters Four through Seven. Chapter Four is a detailed discussion of the IPSec Architecture. The basic concepts of IPSec, the different modes, selectors, security associations, and security policy are discussed. Chapters Five and Six discuss in detail the two protocols used to protect IP, the Encapsulating Security Payload and the Authentication Header, respectively. Construction and placement of protocol headers is discussed as are input and output processing rules. Chapter Seven is an in-depth discussion of the Internet Key Exchange. The different phases of negotiation, the different exchanges, the various authentication methods, and all the negotiable options are explained.

Part Three is Chapters Eight through Eleven. Chapter Eight is a discussion of policy and its implication on IPSec. An architecture to support IPSec policy and a policy module is presented. Chapter Nine presents the issues surrounding the implementation of IPSec in a TCP/IP stack, in a platform-independent manner. Chapter Ten discusses different IPSec deployments: end-to-end security, virtual private networks, and the Òroad warriorÓ situation. Chapter Eleven discusses future work items for the IPSec community. These include integrating network layer compression with IPSec, extending IPSec to multicast traffic, issues associated with key recovery, IPSec interaction with the Layer Two Tunneling Protocol (L2TP), and public-key infrastructures. --This text refers to an out of print or unavailable edition of this title.

See all Editorial Reviews

Product Details

• Paperback: 288 pages
• Publisher: Prentice Hall; 2 edition (March 23, 2003)
• Language: English
• ISBN-10: 013046189X
• ISBN-13: 978-0130461896
• Product Dimensions: 9.2 x 7 x 0.6 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 3.8 out of 5 stars  See all reviews (18 customer reviews)
• Amazon Best Sellers Rank: #255,878 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

15 of 17 people found the following review helpful:

5.0 out of 5 stars IPSec implementation, June 28, 2000

By A Customer

This review is from: Ipsec: The New Security Standard for the Inter- net, Intranets, and Virtual Private Networks (Hardcover)

This book was short but had very detailed information on the new emerging IPSec protocol. I am an IP Security Engineer for Nortel Networks and have found that this book as some very useful information when it comes to troubleshooting IPSec in a VPN solution.

I would recommend this book to anyone who needs to have an understanding of the IPSec architecture or even if you are just getting into security.

13 of 15 people found the following review helpful:

2.0 out of 5 stars Not much more useful than the RFCs, July 2, 2003

By 

Puneet Sood "psood74" (NJ) - See all my reviews
(REAL NAME)   

This review is from: Ipsec: The New Security Standard for the Inter- net, Intranets, and Virtual Private Networks (Hardcover)

I looked at this book when I was just starting out working on IPsec. I had read the RFCs once but felt I needed a good book since the IPsec protocol is pretty complex and the RFCs are not very well written. I did not buy this book but scanned it thoroughly in a bookstore. The book seems to repeat what the IPsec RFCs say without adding more to it. There are very few figures in the book to explain the concepts. I ended up buying "Demystifying the IPsec Puzzle" by Sheila Frankel which is a much better book.

9 of 10 people found the following review helpful:

3.0 out of 5 stars Good, Concise & Specific for IPSec, May 13, 2001

By 

Rico Tsang (Hong Kong) - See all my reviews

This review is from: Ipsec: The New Security Standard for the Inter- net, Intranets, and Virtual Private Networks (Hardcover)

This is not a thick book, just about two hundred not including the index. It's targeted at IPSec including architecture, Authentication Header (AH), Encapsulating Security Payload (ESP), Internet Key Exchange (IKE). I read the book page by page but got stuck in IKE. Maybe more explanation & examples can help readers to fully understand the mechanism of IKE.

After I finished the book, I got the feeling that I need another IPSec book to clear up my confusion..... BTW, this is my first book on IPSec!!