1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
4 <TITLE> Introduction to FreeS/WAN</TITLE>
5 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
8 <A HREF="toc.html">Contents</a>
9 <A HREF="glossary.html">Previous</a>
10 <A HREF="rfc.html">Next</a>
12 <H1><A name="biblio">Bibliography for the Linux FreeS/WAN project</A></H1>
13 <P> For extensive bibliographic links, see the <A href="http://liinwww.ira.uka.de/bibliography/index.html">
14 Collection of Computer Science Bibliographies</A></P>
15 <P> See our <A href="web.html">web links</A> for material available
17 <HR><A name="adams"> Carlisle Adams and Steve Lloyd <CITE>Understanding
18 Public Key Infrastructure</CITE>
19 <BR></A> Macmillan 1999 ISBN 1-57870-166-x
20 <BR> An overview, mainly concentrating on policy and strategic issues
21 rather than the technical details. Both authors work for <A href="glossary.html#PKI">
22 PKI</A> vendor <A href="http://www.entrust.com/">Entrust</A>.
23 <HR><A name="DNS.book"> Albitz, Liu & Loukides <CITE>DNS & BIND</CITE>
25 <BR></A> O'Reilly 1998 ISBN 1-56592-512-2
26 <BR> The standard reference on the <A href="glossary.html#DNS">Domain
27 Name Service</A> and <A href="glossary.html#BIND">Berkeley Internet
29 <HR><A name="puzzle"> Bamford <CITE>The Puzzle Palace, A report on NSA,
30 Americas's most Secret Agency</CITE>
31 <BR> Houghton Mifflin 1982 ISBN 0-395-31286-8</A>
32 <HR><A name="bander"> David Bander, <CITE>Linux Security Toolkit</CITE>
33 <BR> IDG Books, 2000, ISBN: 0764546902
34 <BR> This book has a short section on FreeS/WAN and includes Caldera
36 <HR><A name="CZR"> Chapman, Zwicky & Russell <CITE>Building Internet
38 <BR> O'Reilly 1995 ISBN 1-56592-124-0</A>
39 <HR><A name="firewall2"> Cheswick and Bellovin</A><CITE> Firewalls and
40 Internet Security: Repelling the Wily Hacker</CITE>
41 <BR> Addison-Wesley 1994 ISBN 0201633574
42 <BR> A fine book on firewalls in particular and security in general
43 from two of AT&T's system adminstrators.
44 <P> Bellovin has also done a number of <A href="web.html#papers">papers</A>
45 on IPSEC and co-authored a <A href="intro.html#applied">paper</A> on a
46 large FreeS/WAN application. </P>
47 <HR><A name="comer"> Comer <CITE>Internetworking with TCP/IP</CITE>
48 <BR> Prentice Hall</A>
50 <LI>Vol. I: Principles, Protocols, & Architecture, 3rd Ed. 1995
51 ISBN:0-13-216987-8</LI>
52 <LI>Vol. II: Design, Implementation, & Intervals, 2nd Ed. 1994
53 ISBN:0-13-125527-4</LI>
54 <LI>Vol. III: Client/Server Programming & Applications
56 <LI>AT&T TLI Version 1994 ISBN:0-13-474230-3</LI>
57 <LI>BSD Socket Version 1996 ISBN:0-13-260969-X</LI>
58 <LI>Windows Sockets Version 1997 ISBN:0-13-848714-6</LI>
62 <P>If you need to deal with the details of the network protocols, read
63 either this series or the <A href="#stevens">Stevens and Wright</A>
64 series before you start reading the RFCs. </P>
65 <HR><A name="diffie"> Diffie and Landau</A><CITE> Privacy on the Line:
66 The Politics of Wiretapping and Encryption</CITE>
67 <BR> MIT press 1998 ISBN 0-262-04167-7 (hardcover) or 0-262-54100-9
68 <BR> An <A href="http://www-mitpress.mit.edu/news/diffie/">interview
69 with the authors</A> is available on the web.
70 <HR><A name="d_and_hark"> Doraswamy and Harkins <CITE>IP Sec: The New
71 Security Standard for the Internet, Intranets and Virtual Private
73 <BR> Prentice Hall 1999 ISBN: 0130118982</A>
74 <HR><A name="EFF"> Electronic Frontier Foundation <CITE>Cracking DES:
75 Secrets of Encryption Research, Wiretap Politics and Chip Design</CITE>
76 <BR></A> O'Reilly 1998 ISBN 1-56592-520-3
77 <BR> To conclusively demonstrate that DES is inadequate for continued
78 use, the <A href="glossary.html#EFF">EFF</A> built a machine for just
79 over $200,000 that breaks DES encryption in under five days on
80 average, under nine in the worst case.
81 <P>The book provides details of their design and, perhaps even more
82 important, discusses why they felt the project was necessary.
83 Recommended for anyone interested in any of the three topics mentioned
85 <P>See also the <A href="http://www.eff.org/descracker.html"> EFF page
86 on this project </A> and our discussion of <A href="politics.html#desnotsecure">
87 DES insecurity</A>. </P>
88 <HR> Martin Freiss <CITE>Protecting Networks with SATAN</CITE>
89 <BR> O'Reilly 1998 ISBN 1-56592-425-8
90 <BR> translated from a 1996 work in German
91 <BR> SATAN is a Security Administrator's Tool for Analysing Networks.
92 This book is a tutorial in its use.
93 <HR> Gaidosch and Kunzinger<CITE> A Guide to Virtual Private Networks</CITE>
94 <BR> Prentice Hall 1999 ISBN: 0130839647
95 <HR><A name="Garfinkel"> Simson Garfinkel <CITE>Database Nation: the
96 death of privacy in the 21st century</CITE>
97 <BR> O'Reilly 2000 ISBN 1-56592-653-6
98 <BR> A thoughtful and rather scary book.</A>
99 <HR><A name="PGP"> Simson Garfinkel <CITE>PGP: Pretty Good Privacy</CITE>
100 <BR> O'Reilly 1995 ISBN 1-56592-098-8
101 <BR> An excellent introduction and user manual for the </A><A href="glossary.html#PGP">
102 PGP</A> email-encryption package. PGP is a good package with a complex
103 and poorly-designed user interface. This book or one like it is a must
104 for anyone who has to use it at length.
105 <P>The book covers using PGP in Unix, PC and Macintosh environments,
106 plus considerable background material on both the technical and
107 political issues around cryptography. The only shortcoming is that it
108 does not cover recent developments such as PGP 5 and Open PGP. </P>
109 <HR><A name="practical"> Garfinkel and Spafford <CITE>Practical Unix
111 <BR> O'Reilly 1996 ISBN 1-56592-148-8
112 <BR> A standard reference.
113 <BR> Spafford's web page has an excellent collection of <A href="http://www.cs.purdue.edu/coast/hotlist">
114 crypto and security links</A>.
115 <HR><A name="Kahn"> David Kahn <CITE>The Codebreakers: the
116 Comprehensive History of Secret Communications from Ancient Times to
118 <BR> second edition Scribner 1996 ISBN 0684831309
119 <BR> A history of codes and code-breaking from ancient Egypt to the
120 20th century. Well-written and exhaustively researched. <STRONG>Highly
121 recommended</STRONG>, even though it does not have much on computer
123 <HR> David Kahn <CITE>Seizing the Enigma, The Race to Break the German
124 U-Boat codes, 1939-1943</CITE>
125 <BR> Houghton Mifflin 1991 ISBN 0-395-42739-8
126 <HR><A name="kirch"> Olaf Kirch <CITE>Linux Network Administrator's
128 <BR> O'Reilly 1995 ISBN 1-56592-087-2
129 <BR> Now becoming somewhat dated in places, but still a good
130 introductory book and general reference.</A>
131 <HR><A name="RFCs"> Pete Lashin <CITE>Big Book of IPSEC RFCs</CITE>
132 <BR> Morgan Kaufmann 2000 ISBN: 0-12-455839-9</A>
133 <HR><A name="crypto"> Steven Levy <CITE>Crypto: How the Code Rebels
134 Beat the Government -- Saving Privacy in the Digital Age</CITE></A>
135 <BR> Penguin 2001, ISBN 0-670--85950-8
136 <BR><STRONG> Highly recommended</STRONG>. A fine history of recent
137 (about 1970-2000) developments in the field, and the related political
138 controversies. FreeS/WAN project founder and leader John Gilmore
139 appears several times.
140 <P> The book does not cover IPSEC or FreeS/WAN, but this project is
141 very much another battle in the same war. See our discussion of the <A href="politics.html">
143 <HR><A name="GTR"> Matyas, Anderson et al. <CITE>The Global Trust
145 <BR> Northgate Consultants Ltd 1998 ISBN: 0953239705
146 <BR> hard cover edition due April 1999 MIT Press ISBN 0262511053
147 <BR> From <A href="http://www.cl.cam.ac.uk/Research/Security/Trust-Register">
148 their web page</A>: <BLOCKQUOTE> This book is a register of the
149 fingerprints of the world's most important public keys; it implements
150 a top-level certification authority (CA) using paper and ink rather
151 than in an electronic system.</BLOCKQUOTE>
152 <HR><A name="handbook"> Menezies, van Oorschot and Vanstone <CITE>
153 Handbook of Applied Cryptography</CITE></A>
155 <BR> ISBN 0-8493-8523-7
156 <BR> An excellent reference. Read <A href="#schneier">Schneier</A>
157 before tackling this.
158 <HR><A name="Mourani"> Gerhard Mourani <CITE>Get Acquainted with Linux
159 Security and Optimization System</CITE></A>
160 <BR> Available online as a <A href="http://pages.infinit.net/lotus1/">
161 PDF file</A>. It did not yet cover IPSEC when we last looked.
162 <HR> Michael Padlipsky <CITE>Elements of Networking Style</CITE>
163 <BR> Prentice-Hall 1985 ISBN 0-13-268111-0 or 0-13-268129-3
164 <BR> Probably <STRONG>the funniest technical book ever written</STRONG>
165 , this is a vicious but well-reasoned attack on the OSI "seven layer
166 model" and all that went with it. Several chapters of it are also
167 available as RFCs 871 to 875.
168 <HR><A name="matrix"> John S. Quarterman <CITE>The Matrix: Computer
169 Networks and Conferencing Systems Worldwide</CITE>
170 <BR> Digital Press 1990 ISBN 155558-033-5
171 <BR> Prentice-Hall ISBN 0-13-565607-9
172 <BR> The best general treatment of computer-mediated communication we
173 have seen. It naturally has much to say about the Internet, but also
174 covers UUCP, Fidonet and so on.</A>
175 <HR><A name="ranch"> David Ranch <CITE>Securing Linux Step by Step</CITE>
176 <BR> SANS Institute, 1999
177 <BR></A><A href="http://www.sans.org/"> SANS</A> is a respected
178 organisation, this guide is part of a well-known series, and Ranch has
179 previously written the useful <A href="http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri">
180 Trinity OS</A> guide to securing Linux, so my guess would be this is a
181 pretty good book. I haven't read it yet, so I'm not certain. It can be
182 ordered online from <A href="http://www.sans.org/">SANS</A>.
183 <HR><A name="schneier"> Bruce Schneier <CITE>Applied Cryptography,
184 Second Edition</CITE>
185 <BR> John Wiley & Sons, 1996
186 <BR> ISBN 0-471-12845-7 hardcover
187 <BR> ISBN 0-471-11709-9 paperback
188 <BR> A standard reference on computer cryptography. For more recent
189 essays, see the <A href="http://www.counterpane.com/">author's
190 company's web site</A>.
191 <HR><A name="secrets"> Bruce Schneier <CITE>Secrets and Lies</CITE>
192 <BR> Wiley 2000, ISBN 0-471-25311-1
193 <BR> An interesting discussion of security and privacy issues, written
194 with more of an "executive overview" approach rather than a narrow
195 focus on the technical issues. <STRONG>Highly recommended</STRONG>.
196 <HR><A name="VPNbook"> Scott, Wolfe and Irwin <CITE>Virtual Private
198 <BR> 2nd edition, O'Reilly 1999 ISBN: 1-56592-529-7
199 <BR> This is the only O'Reilly book, out of a dozen I own, that I'm
200 disappointed with. It deals mainly with building VPNs with various
201 proprietary tools -- <A href="glossary.html#PPTP">PPTP</A>, <A href="glossary.html#SSH">
202 SSH</A>, Cisco PIX, ... -- and touches only lightly on IPSEC-based
204 <P>That said, it appears to deal competently with what it does cover
205 and it has readable explanations of many basic VPN and security
206 concepts. It may be exactly what some readers require, even if I find
207 the emphasis unfortunate. </P>
208 <HR><A name="LASG"> Kurt Seifried <CITE>Linux Administrator's Security
210 <BR> Available online from <A href="http://www.securityportal.com/lasg/">
211 Security Portal</A>. It has fairly extensive coverage of IPSEC.
212 <HR><A name="Smith"> Richard E Smith <CITE>Internet Cryptography</CITE>
213 <BR></A> ISBN 0-201-92480-3, Addison Wesley, 1997
214 <BR> See the book's <A href="http://www.visi.com/crypto/inet-crypto/index.html">
216 <HR><A name="neal"> Neal Stephenson <CITE>Cryptonomicon</CITE></A>
217 <BR> Hardcover ISBN -380-97346-4, Avon, 1999.
218 <P> A novel in which cryptography and the net figure prominently. <STRONG>
219 Highly recommended</STRONG>: I liked it enough I immediately went out
220 and bought all the author's other books. </P>
221 <P> There is also a paperback edition. Sequels are expected. </P>
222 <HR><A name="stevens"> Stevens and Wright <CITE>TCP/IP Illustrated</CITE>
223 <BR> Addison-Wesley</A>
225 <LI>Vol. I: The Protocols 1994 ISBN:0-201-63346-9</LI>
226 <LI>Vol. II: The Implementation 1995 ISBN:0-201-63354-X</LI>
227 <LI>Vol. III: TCP for Transactions, HTTP, NNTP, and the UNIX Domain
228 Protocols 1996 ISBN: 0-201-63495-3</LI>
230 <P> If you need to deal with the details of the network protocols, read
231 either this series or the <A href="#comer">Comer</A> series before you
232 start reading the RFCs. </P>
233 <HR><A name="Rubini"> Rubini <CITE>Linux Device Drivers</CITE>
234 <BR> O'Reilly & Associates, Inc. 1998 ISBN 1-56592-292-1</A>
235 <HR><A name="Zeigler"> Robert Zeigler <CITE>Linux Firewalls</CITE>
236 <BR> Newriders Publishing, 2000 ISBN 0-7537-0900-9
237 <BR></A></A></A></A></A></A><HR>
238 <A HREF="toc.html">Contents</a>
239 <A HREF="glossary.html">Previous</a>
240 <A HREF="rfc.html">Next</a>