Book Review: IPSec, The New Security Standard for the Internet, Intranets, and Virtual Private Networks, Second Edition, by Naganand Doraswamy and Dan Harkins

Prentice Hall PTR

ISBN: 0-13-046189-X

$44.99 US

IPSec, The New Security Standard for the Internet, Intranets, and Virtual Private Networks, Second Edition, is a textbook-style IP security book. The book is comprehensive and written in a completely vendor and platform agnostic way. As such it easily could be the text for a course in IPSec.

The book mostly discusses theory, and no mention of specific implementations is made. This is a little frustrating if you are looking for a way to tie the subject matter in with a real-world implementation.

Discussions in the book range from a brief history of cryptology to OSI layers to the mechanics of IP. The IKE exchange process is covered, as is SA management, a feature critical to a fast IPSec implementation.

As I was reading this book, I was hoping to find a discussion about NAT traversal, an IPSec problem I can relate to, but only two paragraphs were spent indicating it was a problem with solutions forthcoming. Of course, many implementations already have solved this problem.

Probably the hardest thing about IPSec is all the acronyms and abbreviations associated with it—SA, IKE,,PKI, ISAKMP, EXP, HSA and so forth. It is a shame this book does not include a good glossary covering terms unique to IPSec.

For an introduction to the theory of IPSec or if you want to know more about IPSec in a general way, this book is a good choice. A developer with experience in network programming armed with the theory in this book, plus the right crypto libraries and RFCs probably could make a good first pass at an IPSec implementation.