[VPN] IPSEC Resources

Joel M Snyder Joel.Snyder at Opus1.COM
Fri Feb 7 12:46:44 EST 2003


The best book on the subject continues to be "IPsec: The New Security
Standard for ..."  Although Harkins and Doraswamy haven't updated it to
really discuss all of the difficult remote access issues (like NAT
traversal) which folks are solving in quasi-proprietary ways, it is the
only lucid and accurate description of the protocols.  I am *really*
hoping that they get together and update it for IKEv2 if-and-when it
ever comes out.

Some folks have recommended Tiller's "A technical guide to IPsec VPNs,"
which is also pretty good.  I read it fairly quickly because it came out
recently and I wanted to see whether it was good enough to recommend to
my students.  I think that it is.

If you buy either, I also recommend getting the "Big Book of IPsec
RFCs."  It's got some nice value-add beyond simply printing out the RFCs
(which is basically what it is)---there's a cross-RFC index, it's nicely
bound, and it's a lot easier to carry around compared to the printouts. 
If you're like me, you like to annotate & dogear, and on-line versions
aren't so good for that...

The other good book on VPNs from a technology point of view, although
not nearly as accurate or in-depth as the other two, is Yuan & Strayer's
"Virtual Private Networks."  They have a very different viewpoint,
including things like management/SNMP and the like, which is more "the
big picture" information.  I sometimes recommend that one to folks who
don't need to understand the issues of DHG2 versus DHG5 but do need a
little technical info to complete their design.

As long as I'm blabbing about VPN books... If you want to learn about
L2TP, Shea's "L2TP" is the clear classic in the field; everything else
discussing L2TP pales in comparison.  Similarly, Rescorla's "SSL and
TLS" is the landmark on that 'vpn' protocol set.  Add to these
Schneier's "Applied Cryptography," and you'll have the technical
background you need.  

Without being unkind to other authors of other VPN books, I'd suggest
that these titles are the ones to focus on for best use of your time & money.

jms


-- 
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
jms at Opus1.COM    http://www.opus1.com/jms    Opus One

Jon Still wrote:
> 
> Folks,
> 
> I'm looking for a good book on IPSEC - really just covering the
> protocols from the ground up, the various modes, transforms etc.  Is
> there any particular tome that you lot can recommend over any other?
> 
> Failing that, are there any good online resources - sadly a lot of the
> ones listed on the vpn.shmoo.com website are now dead links :-/
> 
> Note - I'm not especially looking for product-specific information here
> - just information on the protocol suite (preferably including some of
> the newer stuff like UDP encapsulation), but without having to trawl
> through the 000s of RFCs - yes, I admit it, I'm lazy :)
> 
> Cheers,
> Jon.
> 
> --
> Jon Still                               E-mail: jon at tertial.org
> tertial.org                             Web:    http://www.tertial.org/
> GPG Key: http://xanthein.net/key.asc    Key ID: 0x00493D2B



More information about the VPN mailing list