[thirdparty/strongswan.git] / doc / biblio.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML>
<HEAD>
<TITLE>Introduction to FreeS/WAN</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=iso-8859-1">
<STYLE TYPE="text/css"><!--
BODY { font-family: serif }
H1 { font-family: sans-serif }
H2 { font-family: sans-serif }
H3 { font-family: sans-serif }
H4 { font-family: sans-serif }
H5 { font-family: sans-serif }
H6 { font-family: sans-serif }
SUB { font-size: smaller }
SUP { font-size: smaller }
PRE { font-family: monospace }
--></STYLE>
</HEAD>
<BODY>
<A HREF="toc.html">Contents</A>
<A HREF="glossary.html">Previous</A>
<A HREF="rfc.html">Next</A>
<HR>
<H1><A name="biblio">Bibliography for the Linux FreeS/WAN project</A></H1>
<P>For extensive bibliographic links, see the<A href="http://liinwww.ira.uka.de/bibliography/index.html">
 Collection of Computer Science Bibliographies</A></P>
<P>See our<A href="web.html"> web links</A> for material available
 online.</P>
<HR><A name="adams"> Carlisle Adams and Steve Lloyd<CITE> Understanding
 Public Key Infrastructure</CITE>
<BR></A> Macmillan 1999 ISBN 1-57870-166-x
<P>An overview, mainly concentrating on policy and strategic issues
 rather than the technical details. Both authors work for<A href="glossary.html#PKI">
 PKI</A> vendor<A href="http://www.entrust.com/"> Entrust</A>.</P>
<HR><A name="DNS.book"> Albitz, Liu &amp; Loukides<CITE> DNS &amp; BIND</CITE>
 3rd edition
<BR></A> O'Reilly 1998 ISBN 1-56592-512-2
<P>The standard reference on the<A href="glossary.html#DNS"> Domain Name
 Service</A> and<A href="glossary.html#BIND"> Berkeley Internet Name
 Daemon</A>.</P>
<HR><A name="anderson"> Ross Anderson</A>,<CITE> Security Engineering -
 a Guide to Building Dependable Distributed Systems</CITE>
<BR> Wiley, 2001, ISBN 0471389226
<P>Easily the best book for the security professional I have seen.<STRONG>
 Highly recommended</STRONG>. See the<A href="http://www.cl.cam.ac.uk/~rja14/book.html">
 book web page</A>.</P>
<P>This is quite readable, but Schneier's<A href="#secrets"> Secrets and
 Lies</A> might be an easier introduction.</P>
<HR><A name="puzzle"> Bamford<CITE> The Puzzle Palace, A report on NSA,
 Americas's most Secret Agency</CITE>
<BR> Houghton Mifflin 1982 ISBN 0-395-31286-8</A>
<HR> Bamford<CITE> Body of Secrets</CITE>
<P>The sequel.</P>
<HR><A name="bander"> David Bander</A>,<CITE> Linux Security Toolkit</CITE>
<BR> IDG Books, 2000, ISBN: 0764546902
<P>This book has a short section on FreeS/WAN and includes Caldera Linux
 on CD.</P>
<HR><A name="CZR"> Chapman, Zwicky &amp; Russell</A>,<CITE> Building
 Internet Firewalls</CITE>
<BR> O'Reilly 1995 ISBN 1-56592-124-0
<HR><A name="firewall.book"> Cheswick and Bellovin</A><CITE> Firewalls
 and Internet Security: Repelling the Wily Hacker</CITE>
<BR> Addison-Wesley 1994 ISBN 0201633574
<P>A fine book on firewalls in particular and security in general from
 two of AT&amp;T's system adminstrators.</P>
<P>Bellovin has also done a number of<A href="web.html#papers"> papers</A>
 on IPsec and co-authored a<A href="intro.html#applied"> paper</A> on a
 large FreeS/WAN application.</P>
<HR><A name="comer"> Comer<CITE> Internetworking with TCP/IP</CITE>
<BR> Prentice Hall</A>
<UL>
<LI>Vol. I: Principles, Protocols, &amp; Architecture, 3rd Ed. 1995
 ISBN:0-13-216987-8</LI>
<LI>Vol. II: Design, Implementation, &amp; Internals, 2nd Ed. 1994
 ISBN:0-13-125527-4</LI>
<LI>Vol. III: Client/Server Programming &amp; Applications
<UL>
<LI>AT&amp;T TLI Version 1994 ISBN:0-13-474230-3</LI>
<LI>BSD Socket Version 1996 ISBN:0-13-260969-X</LI>
<LI>Windows Sockets Version 1997 ISBN:0-13-848714-6</LI>
</UL>
</LI>
</UL>
<P>If you need to deal with the details of the network protocols, read
 either this series or the<A href="#stevens"> Stevens and Wright</A>
 series before you start reading the RFCs.</P>
<HR><A name="diffie"> Diffie and Landau</A><CITE> Privacy on the Line:
 The Politics of Wiretapping and Encryption</CITE>
<BR> MIT press 1998 ISBN 0-262-04167-7 (hardcover) or 0-262-54100-9
<BR>
<HR><A name="d_and_hark"> Doraswamy and Harkins<CITE> IP Sec: The New
 Security Standard for the Internet, Intranets and Virtual Private
 Networks</CITE>
<BR> Prentice Hall 1999 ISBN: 0130118982</A>
<HR><A name="EFF"> Electronic Frontier Foundation<CITE> Cracking DES:
 Secrets of Encryption Research, Wiretap Politics and Chip Design</CITE>
<BR></A> O'Reilly 1998 ISBN 1-56592-520-3
<P>To conclusively demonstrate that DES is inadequate for continued use,
 the<A href="glossary.html#EFF"> EFF</A> built a machine for just over
 $200,000 that breaks DES encryption in under five days on average,
 under nine in the worst case.</P>
<P>The book provides details of their design and, perhaps even more
 important, discusses why they felt the project was necessary.
 Recommended for anyone interested in any of the three topics mentioned
 in the subtitle.</P>
<P>See also the<A href="http://www.eff.org/descracker.html"> EFF page on
 this project</A> and our discussion of<A href="politics.html#desnotsecure">
 DES insecurity</A>.</P>
<HR> Martin Freiss<CITE> Protecting Networks with SATAN</CITE>
<BR> O'Reilly 1998 ISBN 1-56592-425-8
<BR> translated from a 1996 work in German
<P>SATAN is a Security Administrator's Tool for Analysing Networks. This
 book is a tutorial in its use.</P>
<HR> Gaidosch and Kunzinger<CITE> A Guide to Virtual Private Networks</CITE>
<BR> Prentice Hall 1999 ISBN: 0130839647
<HR><A name="Garfinkel"> Simson Garfinkel</A><CITE> Database Nation: the
 death of privacy in the 21st century</CITE>
<BR> O'Reilly 2000 ISBN 1-56592-653-6
<P>A thoughtful and rather scary book.</P>
<HR><A name="PGP"> Simson Garfinkel</A><CITE> PGP: Pretty Good Privacy</CITE>
<BR> O'Reilly 1995 ISBN 1-56592-098-8
<P>An excellent introduction and user manual for the<A href="glossary.html#PGP">
 PGP</A> email-encryption package. PGP is a good package with a complex
 and poorly-designed user interface. This book or one like it is a must
 for anyone who has to use it at length.</P>
<P>The book covers using PGP in Unix, PC and Macintosh environments,
 plus considerable background material on both the technical and
 political issues around cryptography.</P>
<P>The book is now seriously out of date. It does not cover recent
 developments such as commercial versions since PGP 5, the Open PGP
 standard or GNU PG..</P>
<HR><A name="practical"> Garfinkel and Spafford</A><CITE> Practical Unix
 Security</CITE>
<BR> O'Reilly 1996 ISBN 1-56592-148-8
<P>A standard reference.</P>
<P>Spafford's web page has an excellent collection of<A href="http://www.cs.purdue.edu/coast/hotlist">
 crypto and security links</A>.</P>
<HR><A name="Kahn"> David Kahn</A><CITE> The Codebreakers: the
 Comprehensive History of Secret Communications from Ancient Times to
 the Internet</CITE>
<BR> second edition Scribner 1996 ISBN 0684831309
<P>A history of codes and code-breaking from ancient Egypt to the 20th
 century. Well-written and exhaustively researched.<STRONG> Highly
 recommended</STRONG>, even though it does not have much on computer
 cryptography.</P>
<HR> David Kahn<CITE> Seizing the Enigma, The Race to Break the German
 U-Boat codes, 1939-1943</CITE>
<BR> Houghton Mifflin 1991 ISBN 0-395-42739-8
<HR><A name="kirch"> Olaf Kirch</A><CITE> Linux Network Administrator's
 Guide</CITE>
<BR> O'Reilly 1995 ISBN 1-56592-087-2
<P>Now becoming somewhat dated in places, but still a good introductory
 book and general reference.</P>
<HR><A name="LinVPN"> Kolesnikov and Hatch</A>,<CITE> Building Linux
 Virtual Private Networks (VPNs)</CITE>
<BR> New Riders 2002
<P>This has had a number of favorable reviews, including<A href="http://www.slashdot.org/article.pl?sid=02/02/27/0115214&amp;mode=thread&amp;tid=172">
 this one</A> on Slashdot. The book has a<A href="http://www.buildinglinuxvpns.net/">
 web site</A>.</P>
<HR><A name="RFCs"> Pete Loshin<CITE> Big Book of IPsec RFCs</CITE>
<BR> Morgan Kaufmann 2000 ISBN: 0-12-455839-9</A>
<HR><A name="crypto"> Steven Levy<CITE> Crypto: How the Code Rebels Beat
 the Government -- Saving Privacy in the Digital Age</CITE></A>
<BR> Penguin 2001, ISBN 0-670--85950-8
<P><STRONG>Highly recommended</STRONG>. A fine history of recent (about
 1970-2000) developments in the field, and the related political
 controversies. FreeS/WAN project founder and leader John Gilmore
 appears several times.</P>
<P>The book does not cover IPsec or FreeS/WAN, but this project is very
 much another battle in the same war. See our discussion of the<A href="politics.html">
 politics</A>.</P>
<HR><A name="GTR"> Matyas, Anderson et al.</A><CITE> The Global Trust
 Register</CITE>
<BR> Northgate Consultants Ltd 1998 ISBN: 0953239705
<BR> hard cover edition MIT Press 1999 ISBN 0262511053
<P>From<A href="http://www.cl.cam.ac.uk/Research/Security/Trust-Register">
 their web page:</A></P>
<BLOCKQUOTE> This book is a register of the fingerprints of the world's
 most important public keys; it implements a top-level certification
 authority (CA) using paper and ink rather than in an electronic system.</BLOCKQUOTE>
<HR><A name="handbook"> Menezies, van Oorschot and Vanstone<CITE>
 Handbook of Applied Cryptography</CITE></A>
<BR> CRC Press 1997
<BR> ISBN 0-8493-8523-7
<P>An excellent reference. Read<A href="#schneier"> Schneier</A> before
 tackling this.</P>
<HR> Michael Padlipsky<CITE> Elements of Networking Style</CITE>
<BR> Prentice-Hall 1985 ISBN 0-13-268111-0 or 0-13-268129-3
<P>Probably<STRONG> the funniest technical book ever written</STRONG>,
 this is a vicious but well-reasoned attack on the OSI &quot;seven layer
 model&quot; and all that went with it. Several chapters of it are also
 available as RFCs 871 to 875.</P>
<HR><A name="matrix"> John S. Quarterman</A><CITE> The Matrix: Computer
 Networks and Conferencing Systems Worldwide</CITE>
<BR> Digital Press 1990 ISBN 155558-033-5
<BR> Prentice-Hall ISBN 0-13-565607-9
<P>The best general treatment of computer-mediated communication we have
 seen. It naturally has much to say about the Internet, but also covers
 UUCP, Fidonet and so on.</P>
<HR><A name="ranch"> David Ranch</A><CITE> Securing Linux Step by Step</CITE>
<BR> SANS Institute, 1999
<P><A href="http://www.sans.org/">SANS</A> is a respected organisation,
 this guide is part of a well-known series, and Ranch has previously
 written the useful<A href=" http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#trinityos">
 Trinity OS</A> guide to securing Linux, so my guess would be this is a
 pretty good book. I haven't read it yet, so I'm not certain. It can be
 ordered online from<A href="http://www.sans.org/"> SANS</A>.</P>
<P>Note (Mar 1, 2002): a new edition with different editors in the
 works. Expect it this year.</P>
<HR><A name="schneier"> Bruce Schneier</A><CITE> Applied Cryptography,
 Second Edition</CITE>
<BR> John Wiley &amp; Sons, 1996
<BR> ISBN 0-471-12845-7 hardcover
<BR> ISBN 0-471-11709-9 paperback
<P>A standard reference on computer cryptography. For more recent
 essays, see the<A href="http://www.counterpane.com/"> author's
 company's web site</A>.</P>
<HR><A name="secrets"> Bruce Schneier</A><CITE> Secrets and Lies</CITE>
<BR> Wiley 2000, ISBN 0-471-25311-1
<P>An interesting discussion of security and privacy issues, written
 with more of an &quot;executive overview&quot; approach rather than a narrow
 focus on the technical issues.<STRONG> Highly recommended</STRONG>.</P>
<P>This is worth reading even if you already understand security issues,
 or think you do. To go deeper, follow it with Anderson's<A href="#anderson">
 Security Engineering</A>.</P>
<HR><A name="VPNbook"> Scott, Wolfe and Irwin<CITE> Virtual Private
 Networks</CITE></A>
<BR> 2nd edition, O'Reilly 1999 ISBN: 1-56592-529-7
<P>This is the only O'Reilly book, out of a dozen I own, that I'm
 disappointed with. It deals mainly with building VPNs with various
 proprietary tools --<A href="glossary.html#PPTP"> PPTP</A>,<A href="glossary.html#SSH">
 SSH</A>, Cisco PIX, ... -- and touches only lightly on IPsec-based
 approaches.</P>
<P>That said, it appears to deal competently with what it does cover and
 it has readable explanations of many basic VPN and security concepts.
 It may be exactly what some readers require, even if I find the
 emphasis unfortunate.</P>
<HR><A name="LASG"> Kurt Seifried<CITE> Linux Administrator's Security
 Guide</CITE></A>
<P>Available online from<A href="http://www.securityportal.com/lasg/">
 Security Portal</A>. It has fairly extensive coverage of IPsec.</P>
<HR><A name="Smith"> Richard E Smith<CITE> Internet Cryptography</CITE>
<BR></A> ISBN 0-201-92480-3, Addison Wesley, 1997
<P>See the book's<A href="http://www.visi.com/crypto/inet-crypto/index.html">
 home page</A></P>
<HR><A name="neal"> Neal Stephenson<CITE> Cryptonomicon</CITE></A>
<BR> Hardcover ISBN -380-97346-4, Avon, 1999.
<P>A novel in which cryptography and the net figure prominently.<STRONG>
 Highly recommended</STRONG>: I liked it enough I immediately went out
 and bought all the author's other books.</P>
<P>There is also a paperback edition. Sequels are expected.</P>
<HR><A name="stevens"> Stevens and Wright</A><CITE> TCP/IP Illustrated</CITE>
<BR> Addison-Wesley
<UL>
<LI>Vol. I: The Protocols 1994 ISBN:0-201-63346-9</LI>
<LI>Vol. II: The Implementation 1995 ISBN:0-201-63354-X</LI>
<LI>Vol. III: TCP for Transactions, HTTP, NNTP, and the UNIX Domain
 Protocols 1996 ISBN: 0-201-63495-3</LI>
</UL>
<P>If you need to deal with the details of the network protocols, read
 either this series or the<A href="#comer"> Comer</A> series before you
 start reading the RFCs.</P>
<HR><A name="Rubini"> Rubini</A><CITE> Linux Device Drivers</CITE>
<BR> O'Reilly &amp; Associates, Inc. 1998 ISBN 1-56592-292-1
<HR><A name="Zeigler"> Robert Zeigler</A><CITE> Linux Firewalls</CITE>
<BR> Newriders Publishing, 2000 ISBN 0-7537-0900-9
<P>A good book, with detailed coverage of ipchains(8) firewalls and of
 many related issues.</P>
<HR>
<A HREF="toc.html">Contents</A>
<A HREF="glossary.html">Previous</A>
<A HREF="rfc.html">Next</A>
</BODY>
</HTML>
Commit	Line	Data
997358a6 MW	1	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
	2	<HTML>
	3	<HEAD>
	4	<TITLE>Introduction to FreeS/WAN</TITLE>
	5	<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=iso-8859-1">
	6	<STYLE TYPE="text/css"><!--
	7	BODY { font-family: serif }
	8	H1 { font-family: sans-serif }
	9	H2 { font-family: sans-serif }
	10	H3 { font-family: sans-serif }
	11	H4 { font-family: sans-serif }
	12	H5 { font-family: sans-serif }
	13	H6 { font-family: sans-serif }
	14	SUB { font-size: smaller }
	15	SUP { font-size: smaller }
	16	PRE { font-family: monospace }
	17	--></STYLE>
	18	</HEAD>
	19	<BODY>
	20	<A HREF="toc.html">Contents</A>
	21	<A HREF="glossary.html">Previous</A>
	22	<A HREF="rfc.html">Next</A>
	23	<HR>
	24	<H1><A name="biblio">Bibliography for the Linux FreeS/WAN project</A></H1>
	25	<P>For extensive bibliographic links, see the<A href="http://liinwww.ira.uka.de/bibliography/index.html">
	26	Collection of Computer Science Bibliographies</A></P>
	27	<P>See our<A href="web.html"> web links</A> for material available
	28	online.</P>
	29	<HR><A name="adams"> Carlisle Adams and Steve Lloyd<CITE> Understanding
	30	Public Key Infrastructure</CITE>
	31	<BR></A> Macmillan 1999 ISBN 1-57870-166-x
	32	<P>An overview, mainly concentrating on policy and strategic issues
	33	rather than the technical details. Both authors work for<A href="glossary.html#PKI">
	34	PKI</A> vendor<A href="http://www.entrust.com/"> Entrust</A>.</P>
	35	<HR><A name="DNS.book"> Albitz, Liu & Loukides<CITE> DNS & BIND</CITE>
	36	3rd edition
	37	<BR></A> O'Reilly 1998 ISBN 1-56592-512-2
	38	<P>The standard reference on the<A href="glossary.html#DNS"> Domain Name
	39	Service</A> and<A href="glossary.html#BIND"> Berkeley Internet Name
	40	Daemon</A>.</P>
	41	<HR><A name="anderson"> Ross Anderson</A>,<CITE> Security Engineering -
	42	a Guide to Building Dependable Distributed Systems</CITE>
	43	<BR> Wiley, 2001, ISBN 0471389226
	44	<P>Easily the best book for the security professional I have seen.<STRONG>
	45	Highly recommended</STRONG>. See the<A href="http://www.cl.cam.ac.uk/~rja14/book.html">
	46	book web page</A>.</P>
	47	<P>This is quite readable, but Schneier's<A href="#secrets"> Secrets and
	48	Lies</A> might be an easier introduction.</P>
	49	<HR><A name="puzzle"> Bamford<CITE> The Puzzle Palace, A report on NSA,
	50	Americas's most Secret Agency</CITE>
	51	<BR> Houghton Mifflin 1982 ISBN 0-395-31286-8</A>
	52	<HR> Bamford<CITE> Body of Secrets</CITE>
	53	<P>The sequel.</P>
	54	<HR><A name="bander"> David Bander</A>,<CITE> Linux Security Toolkit</CITE>
	55	<BR> IDG Books, 2000, ISBN: 0764546902
	56	<P>This book has a short section on FreeS/WAN and includes Caldera Linux
	57	on CD.</P>
	58	<HR><A name="CZR"> Chapman, Zwicky & Russell</A>,<CITE> Building
	59	Internet Firewalls</CITE>
	60	<BR> O'Reilly 1995 ISBN 1-56592-124-0
	61	<HR><A name="firewall.book"> Cheswick and Bellovin</A><CITE> Firewalls
	62	and Internet Security: Repelling the Wily Hacker</CITE>
	63	<BR> Addison-Wesley 1994 ISBN 0201633574
	64	<P>A fine book on firewalls in particular and security in general from
65	two of AT&T's system adminstrators.</P>
66	<P>Bellovin has also done a number of<A href="web.html#papers"> papers</A>
67	on IPsec and co-authored a<A href="intro.html#applied"> paper</A> on a
68	large FreeS/WAN application.</P>
69	<HR><A name="comer"> Comer<CITE> Internetworking with TCP/IP</CITE>
70	<BR> Prentice Hall</A>
71	<UL>
72	<LI>Vol. I: Principles, Protocols, & Architecture, 3rd Ed. 1995
73	ISBN:0-13-216987-8</LI>
74	<LI>Vol. II: Design, Implementation, & Internals, 2nd Ed. 1994
75	ISBN:0-13-125527-4</LI>
76	<LI>Vol. III: Client/Server Programming & Applications
77	<UL>
78	<LI>AT&T TLI Version 1994 ISBN:0-13-474230-3</LI>
79	<LI>BSD Socket Version 1996 ISBN:0-13-260969-X</LI>
80	<LI>Windows Sockets Version 1997 ISBN:0-13-848714-6</LI>
81	</UL>
82	</LI>
83	</UL>
84	<P>If you need to deal with the details of the network protocols, read
85	either this series or the<A href="#stevens"> Stevens and Wright</A>
86	series before you start reading the RFCs.</P>
87	<HR><A name="diffie"> Diffie and Landau</A><CITE> Privacy on the Line:
88	The Politics of Wiretapping and Encryption</CITE>
89	<BR> MIT press 1998 ISBN 0-262-04167-7 (hardcover) or 0-262-54100-9
90	<BR>
91	<HR><A name="d_and_hark"> Doraswamy and Harkins<CITE> IP Sec: The New
92	Security Standard for the Internet, Intranets and Virtual Private
93	Networks</CITE>
94	<BR> Prentice Hall 1999 ISBN: 0130118982</A>
95	<HR><A name="EFF"> Electronic Frontier Foundation<CITE> Cracking DES:
96	Secrets of Encryption Research, Wiretap Politics and Chip Design</CITE>
97	<BR></A> O'Reilly 1998 ISBN 1-56592-520-3
98	<P>To conclusively demonstrate that DES is inadequate for continued use,
99	the<A href="glossary.html#EFF"> EFF</A> built a machine for just over
100	$200,000 that breaks DES encryption in under five days on average,
101	under nine in the worst case.</P>
102	<P>The book provides details of their design and, perhaps even more
103	important, discusses why they felt the project was necessary.
104	Recommended for anyone interested in any of the three topics mentioned
105	in the subtitle.</P>
106	<P>See also the<A href="http://www.eff.org/descracker.html"> EFF page on
107	this project</A> and our discussion of<A href="politics.html#desnotsecure">
108	DES insecurity</A>.</P>
109	<HR> Martin Freiss<CITE> Protecting Networks with SATAN</CITE>
110	<BR> O'Reilly 1998 ISBN 1-56592-425-8
111	<BR> translated from a 1996 work in German
112	<P>SATAN is a Security Administrator's Tool for Analysing Networks. This
113	book is a tutorial in its use.</P>
114	<HR> Gaidosch and Kunzinger<CITE> A Guide to Virtual Private Networks</CITE>
115	<BR> Prentice Hall 1999 ISBN: 0130839647
116	<HR><A name="Garfinkel"> Simson Garfinkel</A><CITE> Database Nation: the
117	death of privacy in the 21st century</CITE>
118	<BR> O'Reilly 2000 ISBN 1-56592-653-6
119	<P>A thoughtful and rather scary book.</P>
120	<HR><A name="PGP"> Simson Garfinkel</A><CITE> PGP: Pretty Good Privacy</CITE>
121	<BR> O'Reilly 1995 ISBN 1-56592-098-8
122	<P>An excellent introduction and user manual for the<A href="glossary.html#PGP">
123	PGP</A> email-encryption package. PGP is a good package with a complex
124	and poorly-designed user interface. This book or one like it is a must
125	for anyone who has to use it at length.</P>
126	<P>The book covers using PGP in Unix, PC and Macintosh environments,
127	plus considerable background material on both the technical and
128	political issues around cryptography.</P>
129	<P>The book is now seriously out of date. It does not cover recent
130	developments such as commercial versions since PGP 5, the Open PGP
131	standard or GNU PG..</P>
132	<HR><A name="practical"> Garfinkel and Spafford</A><CITE> Practical Unix
133	Security</CITE>
134	<BR> O'Reilly 1996 ISBN 1-56592-148-8
135	<P>A standard reference.</P>
136	<P>Spafford's web page has an excellent collection of<A href="http://www.cs.purdue.edu/coast/hotlist">
137	crypto and security links</A>.</P>
138	<HR><A name="Kahn"> David Kahn</A><CITE> The Codebreakers: the
139	Comprehensive History of Secret Communications from Ancient Times to
140	the Internet</CITE>
141	<BR> second edition Scribner 1996 ISBN 0684831309
142	<P>A history of codes and code-breaking from ancient Egypt to the 20th
143	century. Well-written and exhaustively researched.<STRONG> Highly
144	recommended</STRONG>, even though it does not have much on computer
145	cryptography.</P>
146	<HR> David Kahn<CITE> Seizing the Enigma, The Race to Break the German
147	U-Boat codes, 1939-1943</CITE>
148	<BR> Houghton Mifflin 1991 ISBN 0-395-42739-8
149	<HR><A name="kirch"> Olaf Kirch</A><CITE> Linux Network Administrator's
150	Guide</CITE>
151	<BR> O'Reilly 1995 ISBN 1-56592-087-2
152	<P>Now becoming somewhat dated in places, but still a good introductory
153	book and general reference.</P>
154	<HR><A name="LinVPN"> Kolesnikov and Hatch</A>,<CITE> Building Linux
155	Virtual Private Networks (VPNs)</CITE>
156	<BR> New Riders 2002
157	<P>This has had a number of favorable reviews, including<A href="http://www.slashdot.org/article.pl?sid=02/02/27/0115214&mode=thread&tid=172">
158	this one</A> on Slashdot. The book has a<A href="http://www.buildinglinuxvpns.net/">
159	web site</A>.</P>
160	<HR><A name="RFCs"> Pete Loshin<CITE> Big Book of IPsec RFCs</CITE>
161	<BR> Morgan Kaufmann 2000 ISBN: 0-12-455839-9</A>
162	<HR><A name="crypto"> Steven Levy<CITE> Crypto: How the Code Rebels Beat
163	the Government -- Saving Privacy in the Digital Age</CITE></A>
164	<BR> Penguin 2001, ISBN 0-670--85950-8
165	<P><STRONG>Highly recommended</STRONG>. A fine history of recent (about
166	1970-2000) developments in the field, and the related political
167	controversies. FreeS/WAN project founder and leader John Gilmore
168	appears several times.</P>
169	<P>The book does not cover IPsec or FreeS/WAN, but this project is very
170	much another battle in the same war. See our discussion of the<A href="politics.html">
171	politics</A>.</P>
172	<HR><A name="GTR"> Matyas, Anderson et al.</A><CITE> The Global Trust
173	Register</CITE>
174	<BR> Northgate Consultants Ltd 1998 ISBN: 0953239705
175	<BR> hard cover edition MIT Press 1999 ISBN 0262511053
176	<P>From<A href="http://www.cl.cam.ac.uk/Research/Security/Trust-Register">
177	their web page:</A></P>
178	<BLOCKQUOTE> This book is a register of the fingerprints of the world's
179	most important public keys; it implements a top-level certification
180	authority (CA) using paper and ink rather than in an electronic system.</BLOCKQUOTE>
181	<HR><A name="handbook"> Menezies, van Oorschot and Vanstone<CITE>
182	Handbook of Applied Cryptography</CITE></A>
183	<BR> CRC Press 1997
184	<BR> ISBN 0-8493-8523-7
185	<P>An excellent reference. Read<A href="#schneier"> Schneier</A> before
186	tackling this.</P>
187	<HR> Michael Padlipsky<CITE> Elements of Networking Style</CITE>
188	<BR> Prentice-Hall 1985 ISBN 0-13-268111-0 or 0-13-268129-3
189	<P>Probably<STRONG> the funniest technical book ever written</STRONG>,
190	this is a vicious but well-reasoned attack on the OSI "seven layer
191	model" and all that went with it. Several chapters of it are also
192	available as RFCs 871 to 875.</P>
193	<HR><A name="matrix"> John S. Quarterman</A><CITE> The Matrix: Computer
194	Networks and Conferencing Systems Worldwide</CITE>
195	<BR> Digital Press 1990 ISBN 155558-033-5
196	<BR> Prentice-Hall ISBN 0-13-565607-9
197	<P>The best general treatment of computer-mediated communication we have
198	seen. It naturally has much to say about the Internet, but also covers
199	UUCP, Fidonet and so on.</P>
200	<HR><A name="ranch"> David Ranch</A><CITE> Securing Linux Step by Step</CITE>
201	<BR> SANS Institute, 1999
202	<P><A href="http://www.sans.org/">SANS</A> is a respected organisation,
203	this guide is part of a well-known series, and Ranch has previously
204	written the useful<A href=" http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#trinityos">
205	Trinity OS</A> guide to securing Linux, so my guess would be this is a
206	pretty good book. I haven't read it yet, so I'm not certain. It can be
207	ordered online from<A href="http://www.sans.org/"> SANS</A>.</P>
208	<P>Note (Mar 1, 2002): a new edition with different editors in the
209	works. Expect it this year.</P>
210	<HR><A name="schneier"> Bruce Schneier</A><CITE> Applied Cryptography,
211	Second Edition</CITE>
212	<BR> John Wiley & Sons, 1996
213	<BR> ISBN 0-471-12845-7 hardcover
214	<BR> ISBN 0-471-11709-9 paperback
215	<P>A standard reference on computer cryptography. For more recent
216	essays, see the<A href="http://www.counterpane.com/"> author's
217	company's web site</A>.</P>
218	<HR><A name="secrets"> Bruce Schneier</A><CITE> Secrets and Lies</CITE>
219	<BR> Wiley 2000, ISBN 0-471-25311-1
220	<P>An interesting discussion of security and privacy issues, written
221	with more of an "executive overview" approach rather than a narrow
222	focus on the technical issues.<STRONG> Highly recommended</STRONG>.</P>
223	<P>This is worth reading even if you already understand security issues,
224	or think you do. To go deeper, follow it with Anderson's<A href="#anderson">
225	Security Engineering</A>.</P>
226	<HR><A name="VPNbook"> Scott, Wolfe and Irwin<CITE> Virtual Private
227	Networks</CITE></A>
228	<BR> 2nd edition, O'Reilly 1999 ISBN: 1-56592-529-7
229	<P>This is the only O'Reilly book, out of a dozen I own, that I'm
230	disappointed with. It deals mainly with building VPNs with various
231	proprietary tools --<A href="glossary.html#PPTP"> PPTP</A>,<A href="glossary.html#SSH">
232	SSH</A>, Cisco PIX, ... -- and touches only lightly on IPsec-based
233	approaches.</P>
234	<P>That said, it appears to deal competently with what it does cover and
235	it has readable explanations of many basic VPN and security concepts.
236	It may be exactly what some readers require, even if I find the
237	emphasis unfortunate.</P>
238	<HR><A name="LASG"> Kurt Seifried<CITE> Linux Administrator's Security
239	Guide</CITE></A>
240	<P>Available online from<A href="http://www.securityportal.com/lasg/">
241	Security Portal</A>. It has fairly extensive coverage of IPsec.</P>
242	<HR><A name="Smith"> Richard E Smith<CITE> Internet Cryptography</CITE>
243	<BR></A> ISBN 0-201-92480-3, Addison Wesley, 1997
244	<P>See the book's<A href="http://www.visi.com/crypto/inet-crypto/index.html">
245	home page</A></P>
246	<HR><A name="neal"> Neal Stephenson<CITE> Cryptonomicon</CITE></A>
247	<BR> Hardcover ISBN -380-97346-4, Avon, 1999.
248	<P>A novel in which cryptography and the net figure prominently.<STRONG>
249	Highly recommended</STRONG>: I liked it enough I immediately went out
250	and bought all the author's other books.</P>
251	<P>There is also a paperback edition. Sequels are expected.</P>
252	<HR><A name="stevens"> Stevens and Wright</A><CITE> TCP/IP Illustrated</CITE>
253	<BR> Addison-Wesley
254	<UL>
255	<LI>Vol. I: The Protocols 1994 ISBN:0-201-63346-9</LI>
256	<LI>Vol. II: The Implementation 1995 ISBN:0-201-63354-X</LI>
257	<LI>Vol. III: TCP for Transactions, HTTP, NNTP, and the UNIX Domain
258	Protocols 1996 ISBN: 0-201-63495-3</LI>
259	</UL>
260	<P>If you need to deal with the details of the network protocols, read
261	either this series or the<A href="#comer"> Comer</A> series before you
262	start reading the RFCs.</P>
263	<HR><A name="Rubini"> Rubini</A><CITE> Linux Device Drivers</CITE>
264	<BR> O'Reilly & Associates, Inc. 1998 ISBN 1-56592-292-1
265	<HR><A name="Zeigler"> Robert Zeigler</A><CITE> Linux Firewalls</CITE>
266	<BR> Newriders Publishing, 2000 ISBN 0-7537-0900-9
267	<P>A good book, with detailed coverage of ipchains(8) firewalls and of
268	many related issues.</P>
269	<HR>
270	<A HREF="toc.html">Contents</A>
271	<A HREF="glossary.html">Previous</A>
272	<A HREF="rfc.html">Next</A>
273	</BODY>
274	</HTML>