]>
Commit | Line | Data |
---|---|---|
997358a6 MW |
1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> |
2 | <HTML> | |
3 | <HEAD> | |
4 | <TITLE>Introduction to FreeS/WAN</TITLE> | |
5 | <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=iso-8859-1"> | |
6 | <STYLE TYPE="text/css"><!-- | |
7 | BODY { font-family: serif } | |
8 | H1 { font-family: sans-serif } | |
9 | H2 { font-family: sans-serif } | |
10 | H3 { font-family: sans-serif } | |
11 | H4 { font-family: sans-serif } | |
12 | H5 { font-family: sans-serif } | |
13 | H6 { font-family: sans-serif } | |
14 | SUB { font-size: smaller } | |
15 | SUP { font-size: smaller } | |
16 | PRE { font-family: monospace } | |
17 | --></STYLE> | |
18 | </HEAD> | |
19 | <BODY> | |
20 | <A HREF="toc.html">Contents</A> | |
21 | <A HREF="glossary.html">Previous</A> | |
22 | <A HREF="rfc.html">Next</A> | |
23 | <HR> | |
24 | <H1><A name="biblio">Bibliography for the Linux FreeS/WAN project</A></H1> | |
25 | <P>For extensive bibliographic links, see the<A href="http://liinwww.ira.uka.de/bibliography/index.html"> | |
26 | Collection of Computer Science Bibliographies</A></P> | |
27 | <P>See our<A href="web.html"> web links</A> for material available | |
28 | online.</P> | |
29 | <HR><A name="adams"> Carlisle Adams and Steve Lloyd<CITE> Understanding | |
30 | Public Key Infrastructure</CITE> | |
31 | <BR></A> Macmillan 1999 ISBN 1-57870-166-x | |
32 | <P>An overview, mainly concentrating on policy and strategic issues | |
33 | rather than the technical details. Both authors work for<A href="glossary.html#PKI"> | |
34 | PKI</A> vendor<A href="http://www.entrust.com/"> Entrust</A>.</P> | |
35 | <HR><A name="DNS.book"> Albitz, Liu & Loukides<CITE> DNS & BIND</CITE> | |
36 | 3rd edition | |
37 | <BR></A> O'Reilly 1998 ISBN 1-56592-512-2 | |
38 | <P>The standard reference on the<A href="glossary.html#DNS"> Domain Name | |
39 | Service</A> and<A href="glossary.html#BIND"> Berkeley Internet Name | |
40 | Daemon</A>.</P> | |
41 | <HR><A name="anderson"> Ross Anderson</A>,<CITE> Security Engineering - | |
42 | a Guide to Building Dependable Distributed Systems</CITE> | |
43 | <BR> Wiley, 2001, ISBN 0471389226 | |
44 | <P>Easily the best book for the security professional I have seen.<STRONG> | |
45 | Highly recommended</STRONG>. See the<A href="http://www.cl.cam.ac.uk/~rja14/book.html"> | |
46 | book web page</A>.</P> | |
47 | <P>This is quite readable, but Schneier's<A href="#secrets"> Secrets and | |
48 | Lies</A> might be an easier introduction.</P> | |
49 | <HR><A name="puzzle"> Bamford<CITE> The Puzzle Palace, A report on NSA, | |
50 | Americas's most Secret Agency</CITE> | |
51 | <BR> Houghton Mifflin 1982 ISBN 0-395-31286-8</A> | |
52 | <HR> Bamford<CITE> Body of Secrets</CITE> | |
53 | <P>The sequel.</P> | |
54 | <HR><A name="bander"> David Bander</A>,<CITE> Linux Security Toolkit</CITE> | |
55 | <BR> IDG Books, 2000, ISBN: 0764546902 | |
56 | <P>This book has a short section on FreeS/WAN and includes Caldera Linux | |
57 | on CD.</P> | |
58 | <HR><A name="CZR"> Chapman, Zwicky & Russell</A>,<CITE> Building | |
59 | Internet Firewalls</CITE> | |
60 | <BR> O'Reilly 1995 ISBN 1-56592-124-0 | |
61 | <HR><A name="firewall.book"> Cheswick and Bellovin</A><CITE> Firewalls | |
62 | and Internet Security: Repelling the Wily Hacker</CITE> | |
63 | <BR> Addison-Wesley 1994 ISBN 0201633574 | |
64 | <P>A fine book on firewalls in particular and security in general from | |
65 | two of AT&T's system adminstrators.</P> | |
66 | <P>Bellovin has also done a number of<A href="web.html#papers"> papers</A> | |
67 | on IPsec and co-authored a<A href="intro.html#applied"> paper</A> on a | |
68 | large FreeS/WAN application.</P> | |
69 | <HR><A name="comer"> Comer<CITE> Internetworking with TCP/IP</CITE> | |
70 | <BR> Prentice Hall</A> | |
71 | <UL> | |
72 | <LI>Vol. I: Principles, Protocols, & Architecture, 3rd Ed. 1995 | |
73 | ISBN:0-13-216987-8</LI> | |
74 | <LI>Vol. II: Design, Implementation, & Internals, 2nd Ed. 1994 | |
75 | ISBN:0-13-125527-4</LI> | |
76 | <LI>Vol. III: Client/Server Programming & Applications | |
77 | <UL> | |
78 | <LI>AT&T TLI Version 1994 ISBN:0-13-474230-3</LI> | |
79 | <LI>BSD Socket Version 1996 ISBN:0-13-260969-X</LI> | |
80 | <LI>Windows Sockets Version 1997 ISBN:0-13-848714-6</LI> | |
81 | </UL> | |
82 | </LI> | |
83 | </UL> | |
84 | <P>If you need to deal with the details of the network protocols, read | |
85 | either this series or the<A href="#stevens"> Stevens and Wright</A> | |
86 | series before you start reading the RFCs.</P> | |
87 | <HR><A name="diffie"> Diffie and Landau</A><CITE> Privacy on the Line: | |
88 | The Politics of Wiretapping and Encryption</CITE> | |
89 | <BR> MIT press 1998 ISBN 0-262-04167-7 (hardcover) or 0-262-54100-9 | |
90 | <BR> | |
91 | <HR><A name="d_and_hark"> Doraswamy and Harkins<CITE> IP Sec: The New | |
92 | Security Standard for the Internet, Intranets and Virtual Private | |
93 | Networks</CITE> | |
94 | <BR> Prentice Hall 1999 ISBN: 0130118982</A> | |
95 | <HR><A name="EFF"> Electronic Frontier Foundation<CITE> Cracking DES: | |
96 | Secrets of Encryption Research, Wiretap Politics and Chip Design</CITE> | |
97 | <BR></A> O'Reilly 1998 ISBN 1-56592-520-3 | |
98 | <P>To conclusively demonstrate that DES is inadequate for continued use, | |
99 | the<A href="glossary.html#EFF"> EFF</A> built a machine for just over | |
100 | $200,000 that breaks DES encryption in under five days on average, | |
101 | under nine in the worst case.</P> | |
102 | <P>The book provides details of their design and, perhaps even more | |
103 | important, discusses why they felt the project was necessary. | |
104 | Recommended for anyone interested in any of the three topics mentioned | |
105 | in the subtitle.</P> | |
106 | <P>See also the<A href="http://www.eff.org/descracker.html"> EFF page on | |
107 | this project</A> and our discussion of<A href="politics.html#desnotsecure"> | |
108 | DES insecurity</A>.</P> | |
109 | <HR> Martin Freiss<CITE> Protecting Networks with SATAN</CITE> | |
110 | <BR> O'Reilly 1998 ISBN 1-56592-425-8 | |
111 | <BR> translated from a 1996 work in German | |
112 | <P>SATAN is a Security Administrator's Tool for Analysing Networks. This | |
113 | book is a tutorial in its use.</P> | |
114 | <HR> Gaidosch and Kunzinger<CITE> A Guide to Virtual Private Networks</CITE> | |
115 | <BR> Prentice Hall 1999 ISBN: 0130839647 | |
116 | <HR><A name="Garfinkel"> Simson Garfinkel</A><CITE> Database Nation: the | |
117 | death of privacy in the 21st century</CITE> | |
118 | <BR> O'Reilly 2000 ISBN 1-56592-653-6 | |
119 | <P>A thoughtful and rather scary book.</P> | |
120 | <HR><A name="PGP"> Simson Garfinkel</A><CITE> PGP: Pretty Good Privacy</CITE> | |
121 | <BR> O'Reilly 1995 ISBN 1-56592-098-8 | |
122 | <P>An excellent introduction and user manual for the<A href="glossary.html#PGP"> | |
123 | PGP</A> email-encryption package. PGP is a good package with a complex | |
124 | and poorly-designed user interface. This book or one like it is a must | |
125 | for anyone who has to use it at length.</P> | |
126 | <P>The book covers using PGP in Unix, PC and Macintosh environments, | |
127 | plus considerable background material on both the technical and | |
128 | political issues around cryptography.</P> | |
129 | <P>The book is now seriously out of date. It does not cover recent | |
130 | developments such as commercial versions since PGP 5, the Open PGP | |
131 | standard or GNU PG..</P> | |
132 | <HR><A name="practical"> Garfinkel and Spafford</A><CITE> Practical Unix | |
133 | Security</CITE> | |
134 | <BR> O'Reilly 1996 ISBN 1-56592-148-8 | |
135 | <P>A standard reference.</P> | |
136 | <P>Spafford's web page has an excellent collection of<A href="http://www.cs.purdue.edu/coast/hotlist"> | |
137 | crypto and security links</A>.</P> | |
138 | <HR><A name="Kahn"> David Kahn</A><CITE> The Codebreakers: the | |
139 | Comprehensive History of Secret Communications from Ancient Times to | |
140 | the Internet</CITE> | |
141 | <BR> second edition Scribner 1996 ISBN 0684831309 | |
142 | <P>A history of codes and code-breaking from ancient Egypt to the 20th | |
143 | century. Well-written and exhaustively researched.<STRONG> Highly | |
144 | recommended</STRONG>, even though it does not have much on computer | |
145 | cryptography.</P> | |
146 | <HR> David Kahn<CITE> Seizing the Enigma, The Race to Break the German | |
147 | U-Boat codes, 1939-1943</CITE> | |
148 | <BR> Houghton Mifflin 1991 ISBN 0-395-42739-8 | |
149 | <HR><A name="kirch"> Olaf Kirch</A><CITE> Linux Network Administrator's | |
150 | Guide</CITE> | |
151 | <BR> O'Reilly 1995 ISBN 1-56592-087-2 | |
152 | <P>Now becoming somewhat dated in places, but still a good introductory | |
153 | book and general reference.</P> | |
154 | <HR><A name="LinVPN"> Kolesnikov and Hatch</A>,<CITE> Building Linux | |
155 | Virtual Private Networks (VPNs)</CITE> | |
156 | <BR> New Riders 2002 | |
157 | <P>This has had a number of favorable reviews, including<A href="http://www.slashdot.org/article.pl?sid=02/02/27/0115214&mode=thread&tid=172"> | |
158 | this one</A> on Slashdot. The book has a<A href="http://www.buildinglinuxvpns.net/"> | |
159 | web site</A>.</P> | |
160 | <HR><A name="RFCs"> Pete Loshin<CITE> Big Book of IPsec RFCs</CITE> | |
161 | <BR> Morgan Kaufmann 2000 ISBN: 0-12-455839-9</A> | |
162 | <HR><A name="crypto"> Steven Levy<CITE> Crypto: How the Code Rebels Beat | |
163 | the Government -- Saving Privacy in the Digital Age</CITE></A> | |
164 | <BR> Penguin 2001, ISBN 0-670--85950-8 | |
165 | <P><STRONG>Highly recommended</STRONG>. A fine history of recent (about | |
166 | 1970-2000) developments in the field, and the related political | |
167 | controversies. FreeS/WAN project founder and leader John Gilmore | |
168 | appears several times.</P> | |
169 | <P>The book does not cover IPsec or FreeS/WAN, but this project is very | |
170 | much another battle in the same war. See our discussion of the<A href="politics.html"> | |
171 | politics</A>.</P> | |
172 | <HR><A name="GTR"> Matyas, Anderson et al.</A><CITE> The Global Trust | |
173 | Register</CITE> | |
174 | <BR> Northgate Consultants Ltd 1998 ISBN: 0953239705 | |
175 | <BR> hard cover edition MIT Press 1999 ISBN 0262511053 | |
176 | <P>From<A href="http://www.cl.cam.ac.uk/Research/Security/Trust-Register"> | |
177 | their web page:</A></P> | |
178 | <BLOCKQUOTE> This book is a register of the fingerprints of the world's | |
179 | most important public keys; it implements a top-level certification | |
180 | authority (CA) using paper and ink rather than in an electronic system.</BLOCKQUOTE> | |
181 | <HR><A name="handbook"> Menezies, van Oorschot and Vanstone<CITE> | |
182 | Handbook of Applied Cryptography</CITE></A> | |
183 | <BR> CRC Press 1997 | |
184 | <BR> ISBN 0-8493-8523-7 | |
185 | <P>An excellent reference. Read<A href="#schneier"> Schneier</A> before | |
186 | tackling this.</P> | |
187 | <HR> Michael Padlipsky<CITE> Elements of Networking Style</CITE> | |
188 | <BR> Prentice-Hall 1985 ISBN 0-13-268111-0 or 0-13-268129-3 | |
189 | <P>Probably<STRONG> the funniest technical book ever written</STRONG>, | |
190 | this is a vicious but well-reasoned attack on the OSI "seven layer | |
191 | model" and all that went with it. Several chapters of it are also | |
192 | available as RFCs 871 to 875.</P> | |
193 | <HR><A name="matrix"> John S. Quarterman</A><CITE> The Matrix: Computer | |
194 | Networks and Conferencing Systems Worldwide</CITE> | |
195 | <BR> Digital Press 1990 ISBN 155558-033-5 | |
196 | <BR> Prentice-Hall ISBN 0-13-565607-9 | |
197 | <P>The best general treatment of computer-mediated communication we have | |
198 | seen. It naturally has much to say about the Internet, but also covers | |
199 | UUCP, Fidonet and so on.</P> | |
200 | <HR><A name="ranch"> David Ranch</A><CITE> Securing Linux Step by Step</CITE> | |
201 | <BR> SANS Institute, 1999 | |
202 | <P><A href="http://www.sans.org/">SANS</A> is a respected organisation, | |
203 | this guide is part of a well-known series, and Ranch has previously | |
204 | written the useful<A href=" http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#trinityos"> | |
205 | Trinity OS</A> guide to securing Linux, so my guess would be this is a | |
206 | pretty good book. I haven't read it yet, so I'm not certain. It can be | |
207 | ordered online from<A href="http://www.sans.org/"> SANS</A>.</P> | |
208 | <P>Note (Mar 1, 2002): a new edition with different editors in the | |
209 | works. Expect it this year.</P> | |
210 | <HR><A name="schneier"> Bruce Schneier</A><CITE> Applied Cryptography, | |
211 | Second Edition</CITE> | |
212 | <BR> John Wiley & Sons, 1996 | |
213 | <BR> ISBN 0-471-12845-7 hardcover | |
214 | <BR> ISBN 0-471-11709-9 paperback | |
215 | <P>A standard reference on computer cryptography. For more recent | |
216 | essays, see the<A href="http://www.counterpane.com/"> author's | |
217 | company's web site</A>.</P> | |
218 | <HR><A name="secrets"> Bruce Schneier</A><CITE> Secrets and Lies</CITE> | |
219 | <BR> Wiley 2000, ISBN 0-471-25311-1 | |
220 | <P>An interesting discussion of security and privacy issues, written | |
221 | with more of an "executive overview" approach rather than a narrow | |
222 | focus on the technical issues.<STRONG> Highly recommended</STRONG>.</P> | |
223 | <P>This is worth reading even if you already understand security issues, | |
224 | or think you do. To go deeper, follow it with Anderson's<A href="#anderson"> | |
225 | Security Engineering</A>.</P> | |
226 | <HR><A name="VPNbook"> Scott, Wolfe and Irwin<CITE> Virtual Private | |
227 | Networks</CITE></A> | |
228 | <BR> 2nd edition, O'Reilly 1999 ISBN: 1-56592-529-7 | |
229 | <P>This is the only O'Reilly book, out of a dozen I own, that I'm | |
230 | disappointed with. It deals mainly with building VPNs with various | |
231 | proprietary tools --<A href="glossary.html#PPTP"> PPTP</A>,<A href="glossary.html#SSH"> | |
232 | SSH</A>, Cisco PIX, ... -- and touches only lightly on IPsec-based | |
233 | approaches.</P> | |
234 | <P>That said, it appears to deal competently with what it does cover and | |
235 | it has readable explanations of many basic VPN and security concepts. | |
236 | It may be exactly what some readers require, even if I find the | |
237 | emphasis unfortunate.</P> | |
238 | <HR><A name="LASG"> Kurt Seifried<CITE> Linux Administrator's Security | |
239 | Guide</CITE></A> | |
240 | <P>Available online from<A href="http://www.securityportal.com/lasg/"> | |
241 | Security Portal</A>. It has fairly extensive coverage of IPsec.</P> | |
242 | <HR><A name="Smith"> Richard E Smith<CITE> Internet Cryptography</CITE> | |
243 | <BR></A> ISBN 0-201-92480-3, Addison Wesley, 1997 | |
244 | <P>See the book's<A href="http://www.visi.com/crypto/inet-crypto/index.html"> | |
245 | home page</A></P> | |
246 | <HR><A name="neal"> Neal Stephenson<CITE> Cryptonomicon</CITE></A> | |
247 | <BR> Hardcover ISBN -380-97346-4, Avon, 1999. | |
248 | <P>A novel in which cryptography and the net figure prominently.<STRONG> | |
249 | Highly recommended</STRONG>: I liked it enough I immediately went out | |
250 | and bought all the author's other books.</P> | |
251 | <P>There is also a paperback edition. Sequels are expected.</P> | |
252 | <HR><A name="stevens"> Stevens and Wright</A><CITE> TCP/IP Illustrated</CITE> | |
253 | <BR> Addison-Wesley | |
254 | <UL> | |
255 | <LI>Vol. I: The Protocols 1994 ISBN:0-201-63346-9</LI> | |
256 | <LI>Vol. II: The Implementation 1995 ISBN:0-201-63354-X</LI> | |
257 | <LI>Vol. III: TCP for Transactions, HTTP, NNTP, and the UNIX Domain | |
258 | Protocols 1996 ISBN: 0-201-63495-3</LI> | |
259 | </UL> | |
260 | <P>If you need to deal with the details of the network protocols, read | |
261 | either this series or the<A href="#comer"> Comer</A> series before you | |
262 | start reading the RFCs.</P> | |
263 | <HR><A name="Rubini"> Rubini</A><CITE> Linux Device Drivers</CITE> | |
264 | <BR> O'Reilly & Associates, Inc. 1998 ISBN 1-56592-292-1 | |
265 | <HR><A name="Zeigler"> Robert Zeigler</A><CITE> Linux Firewalls</CITE> | |
266 | <BR> Newriders Publishing, 2000 ISBN 0-7537-0900-9 | |
267 | <P>A good book, with detailed coverage of ipchains(8) firewalls and of | |
268 | many related issues.</P> | |
269 | <HR> | |
270 | <A HREF="toc.html">Contents</A> | |
271 | <A HREF="glossary.html">Previous</A> | |
272 | <A HREF="rfc.html">Next</A> | |
273 | </BODY> | |
274 | </HTML> |