1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
|
<html>
<head>
<meta http-equiv="Content-Type" content="text/html">
<title>FreeS/WAN bibliography</title>
<meta name="keywords"
content="Linux, IPsec, VPN, security, FreeSWAN, bibliography">
<!--
Written by Sandy Harris for the Linux FreeS/WAN project
Freely distributable under the GNU General Public License
More information at www.freeswan.org
Feedback to users@lists.freeswan.org
CVS information:
RCS ID: $Id: biblio.html,v 1.1 2004/03/15 20:35:24 as Exp $
Last changed: $Date: 2004/03/15 20:35:24 $
Revision number: $Revision: 1.1 $
CVS revision numbers do not correspond to FreeS/WAN release numbers.
-->
</head>
<body>
<h1><a name="biblio">Bibliography for the Linux FreeS/WAN project</a></h1>
<p>For extensive bibliographic links, see the <a
href="http://liinwww.ira.uka.de/bibliography/index.html">Collection of
Computer Science Bibliographies</a></p>
<p>See our <a href="web.html">web links</a> for material available online.</p>
<hr>
<a name="adams">Carlisle Adams and Steve Lloyd <cite>Understanding Public Key
Infrastructure</cite><br>
</a>Macmillan 1999 ISBN 1-57870-166-x
<p>An overview, mainly concentrating on policy and strategic issues rather
than the technical details. Both authors work for <a
href="glossary.html#PKI">PKI</a> vendor <a
href="http://www.entrust.com/">Entrust</a>.</p>
<hr>
<a name="DNS.book">Albitz, Liu & Loukides <cite>DNS & BIND</cite> 3rd
edition<br>
</a> O'Reilly 1998 ISBN 1-56592-512-2
<p>The standard reference on the <a href="glossary.html#DNS">Domain Name
Service</a> and <a href="glossary.html#BIND">Berkeley Internet Name
Daemon</a>.</p>
<hr>
<a name="anderson">Ross Anderson</a>, <cite>Security Engineering - a Guide to
Building Dependable Distributed Systems</cite><br>
Wiley, 2001, ISBN 0471389226
<p>Easily the best book for the security professional I have seen.
<strong>Highly recommended</strong>. See the <a
href="http://www.cl.cam.ac.uk/~rja14/book.html">book web page</a>.</p>
<p>This is quite readable, but Schneier's <a href="#secrets">Secrets and
Lies</a> might be an easier introduction.</p>
<hr>
<a name="puzzle">Bamford <cite>The Puzzle Palace, A report on NSA, Americas's
most Secret Agency</cite><br>
Houghton Mifflin 1982 ISBN 0-395-31286-8</a>
<hr>
Bamford <cite>Body of Secrets</cite>
<p>The sequel.</p>
<hr>
<a name="bander">David Bander</a>, <cite>Linux Security Toolkit</cite><br>
IDG Books, 2000, ISBN: 0764546902
<p>This book has a short section on FreeS/WAN and includes Caldera Linux on
CD.</p>
<hr>
<a name="CZR">Chapman, Zwicky & Russell</a>, <cite>Building Internet
Firewalls</cite><br>
O'Reilly 1995 ISBN 1-56592-124-0
<hr>
<a name="firewall.book">Cheswick and Bellovin</a> <cite>Firewalls and
Internet Security: Repelling the Wily Hacker</cite><br>
Addison-Wesley 1994 ISBN 0201633574
<p>A fine book on firewalls in particular and security in general from two of
AT&T's system adminstrators.</p>
<p>Bellovin has also done a number of <a href="web.html#papers">papers</a> on
IPsec and co-authored a <a href="intro.html#applied">paper</a> on a large
FreeS/WAN application.</p>
<hr>
<a name="comer">Comer <cite>Internetworking with TCP/IP</cite><br>
Prentice Hall</a>
<ul>
<li>Vol. I: Principles, Protocols, & Architecture, 3rd Ed. 1995
ISBN:0-13-216987-8</li>
<li>Vol. II: Design, Implementation, & Internals, 2nd Ed. 1994
ISBN:0-13-125527-4</li>
<li>Vol. III: Client/Server Programming & Applications
<ul>
<li>AT&T TLI Version 1994 ISBN:0-13-474230-3</li>
<li>BSD Socket Version 1996 ISBN:0-13-260969-X</li>
<li>Windows Sockets Version 1997 ISBN:0-13-848714-6</li>
</ul>
</li>
</ul>
<p>If you need to deal with the details of the network protocols, read either
this series or the <a href="#stevens">Stevens and Wright</a> series before
you start reading the RFCs.</p>
<hr>
<a name="diffie">Diffie and Landau</a> <cite>Privacy on the Line: The
Politics of Wiretapping and Encryption</cite><br>
MIT press 1998 ISBN 0-262-04167-7 (hardcover) or 0-262-54100-9<br>
<hr>
<a name="d_and_hark">Doraswamy and Harkins <cite>IP Sec: The New Security
Standard for the Internet, Intranets and Virtual Private Networks</cite><br>
Prentice Hall 1999 ISBN: 0130118982</a>
<hr>
<a name="EFF"> Electronic Frontier Foundation <cite>Cracking DES: Secrets of
Encryption Research, Wiretap Politics and Chip Design</cite><br>
</a> O'Reilly 1998 ISBN 1-56592-520-3
<p>To conclusively demonstrate that DES is inadequate for continued use, the
<a href="glossary.html#EFF">EFF</a> built a machine for just over $200,000
that breaks DES encryption in under five days on average, under nine in the
worst case.</p>
<p>The book provides details of their design and, perhaps even more
important, discusses why they felt the project was necessary. Recommended for
anyone interested in any of the three topics mentioned in the subtitle.</p>
<p>See also the <a href="http://www.eff.org/descracker.html"> EFF page on
this project </a> and our discussion of <a
href="politics.html#desnotsecure">DES insecurity</a>.</p>
<hr>
Martin Freiss <cite>Protecting Networks with SATAN</cite><br>
O'Reilly 1998 ISBN 1-56592-425-8<br>
translated from a 1996 work in German
<p>SATAN is a Security Administrator's Tool for Analysing Networks. This book
is a tutorial in its use.</p>
<hr>
Gaidosch and Kunzinger<cite> A Guide to Virtual Private Networks</cite><br>
Prentice Hall 1999 ISBN: 0130839647
<hr>
<a name="Garfinkel">Simson Garfinkel</a> <cite>Database Nation: the death of
privacy in the 21st century</cite><br>
O'Reilly 2000 ISBN 1-56592-653-6
<p>A thoughtful and rather scary book.</p>
<hr>
<a name="PGP">Simson Garfinkel</a> <cite>PGP: Pretty Good Privacy</cite><br>
O'Reilly 1995 ISBN 1-56592-098-8
<p>An excellent introduction and user manual for the <a
href="glossary.html#PGP">PGP</a> email-encryption package. PGP is a good
package with a complex and poorly-designed user interface. This book or one
like it is a must for anyone who has to use it at length.</p>
<p>The book covers using PGP in Unix, PC and Macintosh environments, plus
considerable background material on both the technical and political issues
around cryptography.</p>
<p>The book is now seriously out of date. It does not cover recent
developments such as commercial versions since PGP 5, the Open PGP standard
or GNU PG..</p>
<hr>
<a name="practical">Garfinkel and Spafford</a> <cite>Practical Unix
Security</cite><br>
O'Reilly 1996 ISBN 1-56592-148-8
<p>A standard reference.</p>
<p>Spafford's web page has an excellent collection of<a
href="http://www.cs.purdue.edu/coast/hotlist"> crypto and security
links</a>.</p>
<hr>
<a name="Kahn">David Kahn</a> <cite>The Codebreakers: the Comprehensive
History of Secret Communications from Ancient Times to the Internet</cite><br>
second edition Scribner 1996 ISBN 0684831309
<p>A history of codes and code-breaking from ancient Egypt to the 20th
century. Well-written and exhaustively researched. <strong>Highly
recommended</strong>, even though it does not have much on computer
cryptography.</p>
<hr>
David Kahn <cite>Seizing the Enigma, The Race to Break the German U-Boat
codes, 1939-1943</cite><br>
Houghton Mifflin 1991 ISBN 0-395-42739-8
<hr>
<a name="kirch">Olaf Kirch</a> <cite>Linux Network Administrator's
Guide</cite><br>
O'Reilly 1995 ISBN 1-56592-087-2
<p>Now becoming somewhat dated in places, but still a good introductory book
and general reference.</p>
<hr>
<a name="LinVPN">Kolesnikov and Hatch</a>, <cite>Building Linux Virtual
Private Networks (VPNs)</cite><br>
New Riders 2002
<p>This has had a number of favorable reviews, including <a
href="http://www.slashdot.org/article.pl?sid=02/02/27/0115214&mode=thread&tid=172">this
one</a> on Slashdot. The book has a <a
href="http://www.buildinglinuxvpns.net/">web site</a>.</p>
<hr>
<a name="RFCs">Pete Loshin <cite>Big Book of IPsec RFCs</cite><br>
Morgan Kaufmann 2000 ISBN: 0-12-455839-9</a>
<hr>
<a name="crypto">Steven Levy <cite>Crypto: How the Code Rebels Beat the
Government -- Saving Privacy in the Digital Age</cite></a><br>
Penguin 2001, ISBN 0-670--85950-8
<p><strong>Highly recommended</strong>. A fine history of recent (about
1970-2000) developments in the field, and the related political
controversies. FreeS/WAN project founder and leader John Gilmore appears
several times.</p>
<p>The book does not cover IPsec or FreeS/WAN, but this project is very much
another battle in the same war. See our discussion of the <a
href="politics.html">politics</a>.</p>
<hr>
<a name="GTR">Matyas, Anderson et al.</a> <cite>The Global Trust
Register</cite><br>
Northgate Consultants Ltd 1998 ISBN: 0953239705<br>
hard cover edition MIT Press 1999 ISBN 0262511053
<p>From<a href="http://www.cl.cam.ac.uk/Research/Security/Trust-Register">
their web page:</a></p>
<blockquote>
This book is a register of the fingerprints of the world's most important
public keys; it implements a top-level certification authority (CA) using
paper and ink rather than in an electronic system.</blockquote>
<hr>
<a name="handbook">Menezies, van Oorschot and Vanstone <cite>Handbook of
Applied Cryptography</cite></a><br>
CRC Press 1997<br>
ISBN 0-8493-8523-7
<p>An excellent reference. Read <a href="#schneier">Schneier</a> before
tackling this.</p>
<hr>
Michael Padlipsky <cite>Elements of Networking Style</cite><br>
Prentice-Hall 1985 ISBN 0-13-268111-0 or 0-13-268129-3
<p>Probably <strong>the funniest technical book ever written</strong>, this
is a vicious but well-reasoned attack on the OSI "seven layer model" and all
that went with it. Several chapters of it are also available as RFCs 871 to
875.</p>
<hr>
<a name="matrix">John S. Quarterman</a> <cite>The Matrix: Computer Networks
and Conferencing Systems Worldwide</cite><br>
Digital Press 1990 ISBN 155558-033-5<br>
Prentice-Hall ISBN 0-13-565607-9
<p>The best general treatment of computer-mediated communication we have
seen. It naturally has much to say about the Internet, but also covers UUCP,
Fidonet and so on.</p>
<hr>
<a name="ranch">David Ranch</a> <cite>Securing Linux Step by Step</cite><br>
SANS Institute, 1999
<p><a href="http://www.sans.org/">SANS</a> is a respected organisation, this
guide is part of a well-known series, and Ranch has previously written the
useful <a
href=" http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#trinityos">Trinity
OS</a> guide to securing Linux, so my guess would be this is a pretty good
book. I haven't read it yet, so I'm not certain. It can be ordered online
from <a href="http://www.sans.org/">SANS</a>.</p>
<p>Note (Mar 1, 2002): a new edition with different editors in the works.
Expect it this year.</p>
<hr>
<a name="schneier">Bruce Schneier</a> <cite>Applied Cryptography, Second
Edition</cite><br>
John Wiley & Sons, 1996<br>
ISBN 0-471-12845-7 hardcover<br>
ISBN 0-471-11709-9 paperback
<p>A standard reference on computer cryptography. For more recent essays, see
the <a href="http://www.counterpane.com/">author's company's web site</a>.</p>
<hr>
<a name="secrets">Bruce Schneier</a><cite> Secrets and Lies</cite><br>
Wiley 2000, ISBN 0-471-25311-1
<p>An interesting discussion of security and privacy issues, written with
more of an "executive overview" approach rather than a narrow focus on the
technical issues. <strong>Highly recommended</strong>.</p>
<p>This is worth reading even if you already understand security issues, or
think you do. To go deeper, follow it with Anderson's <a
href="#anderson">Security Engineering</a>.</p>
<hr>
<a name="VPNbook">Scott, Wolfe and Irwin <cite>Virtual Private
Networks</cite></a><br>
2nd edition, O'Reilly 1999 ISBN: 1-56592-529-7
<p>This is the only O'Reilly book, out of a dozen I own, that I'm
disappointed with. It deals mainly with building VPNs with various
proprietary tools -- <a href="glossary.html#PPTP">PPTP</a>, <a
href="glossary.html#SSH">SSH</a>, Cisco PIX, ... -- and touches only lightly
on IPsec-based approaches.</p>
<p>That said, it appears to deal competently with what it does cover and it
has readable explanations of many basic VPN and security concepts. It may be
exactly what some readers require, even if I find the emphasis
unfortunate.</p>
<hr>
<a name="LASG">Kurt Seifried <cite>Linux Administrator's Security
Guide</cite></a>
<p>Available online from <a
href="http://www.securityportal.com/lasg/">Security Portal</a>. It has fairly
extensive coverage of IPsec.</p>
<hr>
<a name="Smith">Richard E Smith <cite>Internet Cryptography</cite><br>
</a>ISBN 0-201-92480-3, Addison Wesley, 1997
<p>See the book's <a
href="http://www.visi.com/crypto/inet-crypto/index.html">home page</a></p>
<hr>
<a name="neal">Neal Stephenson <cite>Cryptonomicon</cite></a><br>
Hardcover ISBN -380-97346-4, Avon, 1999.
<p>A novel in which cryptography and the net figure prominently.
<strong>Highly recommended</strong>: I liked it enough I immediately went out
and bought all the author's other books.</p>
<p>There is also a paperback edition. Sequels are expected.</p>
<hr>
<a name="stevens">Stevens and Wright</a> <cite>TCP/IP Illustrated</cite><br>
Addison-Wesley
<ul>
<li>Vol. I: The Protocols 1994 ISBN:0-201-63346-9</li>
<li>Vol. II: The Implementation 1995 ISBN:0-201-63354-X</li>
<li>Vol. III: TCP for Transactions, HTTP, NNTP, and the UNIX Domain
Protocols 1996 ISBN: 0-201-63495-3</li>
</ul>
<p>If you need to deal with the details of the network protocols, read either
this series or the <a href="#comer">Comer</a> series before you start reading
the RFCs.</p>
<hr>
<a name="Rubini">Rubini</a> <cite>Linux Device Drivers</cite><br>
O'Reilly & Associates, Inc. 1998 ISBN 1-56592-292-1
<hr>
<a name="Zeigler">Robert Zeigler</a> <cite>Linux Firewalls</cite><br>
Newriders Publishing, 2000 ISBN 0-7537-0900-9
<p>A good book, with detailed coverage of ipchains(8) firewalls and of many
related issues.</p>
</body>
</html>
|