BKIMPIPS.RVW 991029 "Implementing IPsec", Elizabeth Kaufman/Andrew Newman, 1999, 0-471-34467-2, U$49.99 %A Elizabeth Kaufman %A Andrew Newman %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 1999 %G 0-471-34467-2 %I John Wiley & Sons, Inc. %O U$49.99 416-236-4433 fax: 416-236-4448 rlangloi@wiley.com %P 271 p. %T "Implementing IPsec: Making Security Work on VPNs, Intranets, and Extranets" This book starts with a rough, and even aggressive, manner. It continues the same way. But what makes for a rather abrasive introduction also makes for a very practical and solid guide to designing, evaluating, and thinking about network security. Chapter one is brief, really only an overview of the structure of the book. Part one actually starts in the next chapter, and looks at what you need to know going in. Chapter two looks at the basic information you need before you even start to consider security, and provides a highly practical guide to documenting the network. (Oh, sure, you *all* have fully documented networks. No, thank you, I don't want to buy any bridges.) Security should, of course, start with a policy, but chapter three outlines a real-world approach when you don't have one. The law is an underappreciated factor in implementing security, and a highly instructive run through of related aspects is presented in chapter four. Part two reviews the essentials of the technology. Chapter five covers the Internet Protocol, and the security weaknesses built into what it does. Cryptography cannot be covered in a single chapter, but I was a bit surprised that there is not even a discussion of relative strengths in the basics that are explained in chapter six. Keys and key management are discussed reasonably well in chapter seven. Part three looks at implementation considerations. Chapter eight gives an extremely helpful, if somewhat depressing, look at possible problems and inherent conflicts. Chapter nine offers some useful pointers, but is more about the generic types of implementations. Part four gets down to the brass tacks of buying. Chapter ten gives some rough pointers on how to evaluate vendors. But the really useful stuff is in chapter eleven, which provides the details, with explanations, for an entire RFP. RFC 2401 is printed as an appendix. The authors are not out to produce a fun read, but they have a very nice sense of sarcasm--and know when to use it. Subtle digs pop up in the text frequently, and are generally right on target. The humour included in the work is germane to the topic, and helps to highlight and render memorable important basic concepts. As the authors are at pains to point out, IPsec is by no means a mature technology. Security practitioners, and network managers, are fortunate to have such a guide to avoiding the worst mistakes as they take the first steps into a new area. copyright Robert M. Slade, 1999 BKIMPIPS.RVW 991029