Ask the Expert: Network Security
I have a quick question for you. My ultimate goal is to become certified in Network and Information Security. Before I can master these topics, I feel I have to learn about IP Security (IPSec), how it’s used on modern networks, and how to set IPSec up and implement the kinds of controls it can deliver. Are there specific certifications and/or courseware that you recommend to learn more about IPSec? If not, perhaps you can recommend another strategy?
- Jeremy K, Reston, VA
Indeed, there are plenty of individual (and often, slightly different) implementations of IPSec, but AFAIK there’s only one current version of the governing specifications. That’s why I’d recommend reading and learning the RFCs that govern IPSec, as well as tackling any of a number of great books on this topic. If you visit any of the various RFC repositories (for example, the RFC page at Ohio State University at http://www.cis.ohio-state.edu/cs/Services/rfc/index.html), you can find the relevant documents by using “IPSec” as a search string in the index or keyword searches available there.
As for IPSec books, a quick online search shows me 7 titles that address this subject, some of which I’ve seen or read, and others unfamiliar to me. Of this crop, I recommend the following titles as good places to start:
· Pete Loshin: The Big Book of IPSec RFCs: Internet Security Architecture, Morgan Kaufman, 1999, ISBN: 0124558399, List Price: $34.95. Saves the work of printing the RFCs and presents them in a compact, indexed format.
· Nagand Doraswamy and Dan Harkins: IPSec: The New Security Standard…, Prentice Hall PTR, 1999, ISBN: 0130118982, List Price: $44.99. A good introduction and overview, but light on details and specifics.
· Sheila Frankel: Demystifying the IPSec Puzzle, Artech House, 2001, ISBN: 1580530796, List Price: $75.00. A meatier, more comprehensive treatment but not well-suited for neophytes or those not interested in minutae.
As for IPSec’s high level capabilities, they are best described as “tunnel mode” and “end to end mode” where tunnel mode uses what are essentially router-to-router or gateway-to-gateway IPSec links, and where end to end mode describes security associations (SAs) set up between individual clients, or between clients and servers.
Of course, this is just the tip of a very big berg of technical information. HTH, and good luck with your efforts. You’re right: there IS a lot to learn on IPSec. I’m still learning about it myself.