IPSec / Edition 2

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $11.90
Usually ships in 1-2 business days
(Save 73%)
Other sellers (Paperback)
  • All (11) from $11.90   
  • New (5) from $34.86   
  • Used (6) from $11.90   

Overview

IPSec, Second Edition is the most authoritative, comprehensive, accessible, and up-to-date guide to IPSec technology. Two leading authorities cover all facets of IPSec architecture, implementation, and deployment; review important technical advances since IPSec was first standardized; and present new case studies demonstrating end-to-end IPSec security. New coverage also includes in-depth guidance on policies, updates on IPSec enhancements for large-scale enterprise environments, and much more.
Read More Show Less

Product Details

  • ISBN-13: 9780130461896
  • Publisher: Prentice Hall
  • Publication date: 3/13/2003
  • Series: Prentice Hall PTR Internet Infrastructure Series
  • Edition description: REV
  • Edition number: 2
  • Pages: 288
  • Sales rank: 931,638
  • Product dimensions: 7.00 (w) x 9.05 (h) x 0.78 (d)

Meet the Author

NAGANAND DORASWAMY is a senior principal engineer at Nortel Networks in Billerica, MA and an active participant in the IETF and key industry panels on VPNs and IP security. He was a network security architect at Bay Networks (currently Nortel Networks) and is currently working on next-generation router architectures and protocols. He was the technical lead for IP Security at FTP Software.

DAN HARKINS, formerly a senior software engineer in the Network Protocol Security Group at Cisco Systems, is currently a Senior Scientist at Network-Alchemy in Santa Cruz, CA and is active in several IETF working groups. He wrote IPSec's standard Internet Key Exchange (IKE) key management protocol.

Read More Show Less

Read an Excerpt

Preface

The Internet connects millions of people around the world and allows for immediate communication and access to a seemingly limitless amount of information. Data, video, and voice, almost every single type of communication, travels across the Internet. Some of this communication is private.

The language of the Internet is IP, the Internet Protocol. Everything can, and does, travel over IP. One thing IP does not provide, though, is security. IP packets can be forged, modified, and inspected en route. IPSec is a suite of protocols that seamlessly integrate security into IP and provide data source authentication, data integrity, confidentiality, and protection against replay attacks.

With IPSec, the power of the Internet can be exploited to its fullest potential.

Communication is the lifeblood of business. Without a guarantee that a customer's order is authentic, it is difficult to bill for a service. Without a guarantee that confidential information will remain confidential, it is impossible for businesses to grow and partnerships to be formed.

Unless there is a guarantee that records and information can remain confidential, the health care industry cannot utilize the Internet to expand its services and cut its costs.

Personal services, such as home banking, securities trading, and insurance can be greatly simplified and expanded if these transactions can be done securely.

The growth of the Internet is truly dependent on security, and the only technique for Internet security that works with all forms of Internet traffic is IPSec. IPSec runs over the current version of IP, IPv4, and also the next generation of IP, IPv6. In addition, IPSec can protect any protocol that runs on top of IP such as TCP, UDP, and ICMP. IPSec is truly the most extensible and complete network security solution.

IPSec enables end-to-end security so that every single piece of information sent to or from a computer can be secured. It can also be deployed inside a network to form Virtual Private Networks (VPNs) where two distinct and disparate networks become one by connecting them with a tunnel secured by IPSec.

This book discusses the architecture, design, implementation, and use of IPSec. Each of the protocols in the suite commonly referred to as "IPSec" (the Authentication Header, Encapsulating Security Payload, and Internet Key Exchange) is examined in detail. Common deployments of IPSec are discussed and future work on problem areas is identified.

This book is intended for an audience with an interest in network security as well as those who will be implementing secure solutions using IPSec, including building VPNs and e-commerce, and providing end-to-end security. Cryptography and networking basics are discussed in early chapters for those who are neither cryptography nor networking professionals.

Organization

This book is split into three parts: overview, detailed analysis, and implementation and deployment issues.

Part One is composed of the first three chapters. Chapter 1 discusses the basic cryptographic building blocks upon which IPSec is built. Symmetric and public-key cryptography and their use for both encryption and authentication are explained. Chapter 2 discusses the basics of TCP/IP and the advantages and disadvantages of implementing security at various layers in the TCP/IP protocol stack. Chapter 3 is an overview of IPSec. The IPSec architecture is discussed and each of the protocols—AH, ESP, and IKE—and their interrelationship is touched upon.

Part Two consists of Chapters 4 through 7. Chapter 4 is a detailed discussion of the IPSec architecture. The basic concepts of IPSec, the different modes, selectors, Security Associations, and security policy, are discussed. Chapters 5 and 6 discuss in detail the two protocols used to protect IP, the Encapsulating Security Payload and the Authentication Header, respectively. Construction and placement of protocol headers are discussed as are input and output processing rules. Chapter 7 is an in-depth discussion of the Internet Key Exchange. The different phases of negotiation, the different exchanges, the various authentication methods, and all the negotiable options are explained.

Part Three is made up of Chapters 8 through 12. Chapter 8 is a discussion of policy and its implication on IPSec. An architecture to support IPSec policy and a policy module is presented. Chapter 9 presents the issues surrounding the implementation of IPSec in a TCP/IP stack, in a platform-independent manner. Chapter 10 discusses different IPSec deployments: end-to-end security, VPNs, and the "road warrior" situation. Chapter 11 discusses how IPSec is deployed to protect a network. Chapter 12 discusses future work items for the IPSec community. These include integrating network layer compression with IPSec, extending IPSec to multicast traffic, issues associated with key recovery, IPSec interaction with the Layer Two Tunneling Protocol (L2TP), and public-key infrastructures.

Read More Show Less

Table of Contents

Preface.

I. OVERVIEW.

1. Cryptographic History and Techniques.

Secrets in History. Rise of the Internet. Internet Security. Cryptographic Building Blocks. Crypto Concepts. More Information.

2. TCP/IP Overview.

Introduction to TCP/IP. Addressing. Domain Name System. Security-at What Level?

3. IP Security Overview.

The Architecture. Encapsulating Security Payload (ESP). Authentication Header (AH). Internet Key Exchange.

II. DETAILED ANALYSIS.

4. IPSec Architecture.

The IPSec Roadmap. IPSec Implementation. IPSec Modes. Security Associations. IPSec Processing. Fragmentation. ICMP.

5. The Encapsulating Security Payload (ESP).

The ESP Header. ESP Modes. ESP Processing.

6. The Authentication Header (AH).

The AH Header. AH Modes. AH Processing.

7. The Internet Key Exchange.

ISAKMP. IKE. The IPSec DOI. Summary.

III. DEPLOYMENT ISSUES.

8. Policy.

Policy Definition Requirement. Policy Representation and Distribution. Policy Management System. Deployment. Setting Up the Policy.

9. IPSec Implementation.

Implementation Architecture. IPSec Protocol Processing. Fragmentation and PMTU. ICMP Processing.

10. IP Security in Action.

End-to-End Security.

11. Deployment Scenarios (Using IPsec to Secure the Network).

Site-to-Site Policies. Remote Access Policies. Four Office Company Example. Multiple Company Extranet Example. Outsourcing Networks. Summary.

12. IPSec Futures.

Compression. Multicast. Key Recovery. L2TP. Public Key Infrastructure.

Bibliography.

Index.

Read More Show Less

Preface

Preface

The Internet connects millions of people around the world and allows for immediate communication and access to a seemingly limitless amount of information. Data, video, and voice, almost every single type of communication, travels across the Internet. Some of this communication is private.

The language of the Internet is IP, the Internet Protocol. Everything can, and does, travel over IP. One thing IP does not provide, though, is security. IP packets can be forged, modified, and inspected en route. IPSec is a suite of protocols that seamlessly integrate security into IP and provide data source authentication, data integrity, confidentiality, and protection against replay attacks.

With IPSec, the power of the Internet can be exploited to its fullest potential.

Communication is the lifeblood of business. Without a guarantee that a customer's order is authentic, it is difficult to bill for a service. Without a guarantee that confidential information will remain confidential, it is impossible for businesses to grow and partnerships to be formed.

Unless there is a guarantee that records and information can remain confidential, the health care industry cannot utilize the Internet to expand its services and cut its costs.

Personal services, such as home banking, securities trading, and insurance can be greatly simplified and expanded if these transactions can be done securely.

The growth of the Internet is truly dependent on security, and the only technique for Internet security that works with all forms of Internet traffic is IPSec. IPSec runs over the current version of IP, IPv4, and also the next generation of IP, IPv6. In addition, IPSec can protect any protocol that runs on top of IP such as TCP, UDP, and ICMP. IPSec is truly the most extensible and complete network security solution.

IPSec enables end-to-end security so that every single piece of information sent to or from a computer can be secured. It can also be deployed inside a network to form Virtual Private Networks (VPNs) where two distinct and disparate networks become one by connecting them with a tunnel secured by IPSec.

This book discusses the architecture, design, implementation, and use of IPSec. Each of the protocols in the suite commonly referred to as "IPSec" (the Authentication Header, Encapsulating Security Payload, and Internet Key Exchange) is examined in detail. Common deployments of IPSec are discussed and future work on problem areas is identified.

This book is intended for an audience with an interest in network security as well as those who will be implementing secure solutions using IPSec, including building VPNs and e-commerce, and providing end-to-end security. Cryptography and networking basics are discussed in early chapters for those who are neither cryptography nor networking professionals.

Organization

This book is split into three parts: overview, detailed analysis, and implementation and deployment issues.

Part One is composed of the first three chapters. Chapter 1 discusses the basic cryptographic building blocks upon which IPSec is built. Symmetric and public-key cryptography and their use for both encryption and authentication are explained. Chapter 2 discusses the basics of TCP/IP and the advantages and disadvantages of implementing security at various layers in the TCP/IP protocol stack. Chapter 3 is an overview of IPSec. The IPSec architecture is discussed and each of the protocols--AH, ESP, and IKE--and their interrelationship is touched upon.

Part Two consists of Chapters 4 through 7. Chapter 4 is a detailed discussion of the IPSec architecture. The basic concepts of IPSec, the different modes, selectors, Security Associations, and security policy, are discussed. Chapters 5 and 6 discuss in detail the two protocols used to protect IP, the Encapsulating Security Payload and the Authentication Header, respectively. Construction and placement of protocol headers are discussed as are input and output processing rules. Chapter 7 is an in-depth discussion of the Internet Key Exchange. The different phases of negotiation, the different exchanges, the various authentication methods, and all the negotiable options are explained.

Part Three is made up of Chapters 8 through 12. Chapter 8 is a discussion of policy and its implication on IPSec. An architecture to support IPSec policy and a policy module is presented. Chapter 9 presents the issues surrounding the implementation of IPSec in a TCP/IP stack, in a platform-independent manner. Chapter 10 discusses different IPSec deployments: end-to-end security, VPNs, and the "road warrior" situation. Chapter 11 discusses how IPSec is deployed to protect a network. Chapter 12 discusses future work items for the IPSec community. These include integrating network layer compression with IPSec, extending IPSec to multicast traffic, issues associated with key recovery, IPSec interaction with the Layer Two Tunneling Protocol (L2TP), and public-key infrastructures.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)