Internet Security Protocols: Protecting IP Traffic - Hardcover

Review

Secure transmission of data over public and semipublic Internet Protocol (IP) networks is essential to organizations that are geographically distributed. Such companies rely on the ability of road warriors to connect transparently to local area network (LAN) resources across the Internet via a virtual private network (VPN), and require fixed resources to be able to communicate securely and inexpensively. Respected networking author Uyless Black explains certain aspects of the state of the art in secure IP data communications in Internet Security Protocols: Protecting IP Traffic. For the most part, he endeavors to explain network-security concepts at a systems-engineering level, leaving the details of implementation of specific environments to more specialized books.

In explaining an aspect of IP security, Black typically opens with a statement of what the protocol or technology at hand is good for, examining how it fits with other elements of IP security and citing relevant standards documents. From there, he moves on to how the technology works, typically with the help of conceptual schematics and packet diagrams. Special features receive focused discussion, and usually you'll find a couple of annotated diagram sequences to help clarify what happens in specific applications of the technology. There also are fine explanations of such widely applicable techniques as public-key cryptography and certification authorities. Read this book for its conceptual clarity; back it up with another security text that addresses the administration-level specifics of your operating environment. --David Wall

Topics covered: Protocols and techniques for securing Internet Protocol (IP) data communications, including Point-to-Point Protocol (PPP) and several of its more secure variants, as well as dial-in security provided by Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), Remote Authentication Dial-In User Service (RADIUS), and Diameter. The IPSec specification is dissected; and there's coverage of Public Key Infrastructures (PKI), although not of Kerberos. Key exchange with Internet Key Exchange (IKE) and Internet Security Association and Key Management Protocol (ISAKMP) is discussed, too.

From the Inside Flap

Preface

This book is one in a series of books called, "Advanced Communications Technologies." As the name of the book implies, the focus is on the Internet architecture and the principal protocols that make up this architecture. The book is an expansion of Advanced Features of the Internet, also part of this series.

The book has been written for this series to act as the introduction to the other more advanced Internet topics. As such, it is written for the person who is new to the Internet protocols, but it assumes the reader has had some experience in data communications.

I hope you find this book a valuable addition to your library.Acknowledgments

I have relied on examples from several organizations and individuals for some of my explanations. I would like to thank Buck Graham once again, who has written TCP/IP Addressing, published by AP Professional. It is the best book on the market on IP addressing and subnet addressing. I would also like to thank the authors of Fast Ethernet, Liam B. Quinn and Richard G. Russell (John Wiley & Sons, Inc), and Internet Routing Architectures, by Bassam Halabi, and published by Cisco Press. I cite these authors in the appropriate parts of the book.

I have relied on the Internet Request for Comments (RFCs), published by the Internet Society, and I thank this organization for making the RFCs available to the public.

For all the Internet standards and draft standards the following applies:

Copyright (c) The Internet Society (1998). All Rights Reserved.

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain itor assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.

The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.