For extensive bibliographic links, see the Collection of Computer Science Bibliographies
See our web links for material available online.
An overview, mainly concentrating on policy and strategic issues rather than the technical details. Both authors work for PKI vendor Entrust.
The standard reference on the Domain Name Service and Berkeley Internet Name Daemon.
Easily the best book for the security professional I have seen. Highly recommended. See the book web page.
This is quite readable, but Schneier's Secrets and Lies might be an easier introduction.
The sequel.
This book has a short section on FreeS/WAN and includes Caldera Linux on CD.
A fine book on firewalls in particular and security in general from two of AT&T's system adminstrators.
Bellovin has also done a number of papers on IPsec and co-authored a paper on a large FreeS/WAN application.
If you need to deal with the details of the network protocols, read either this series or the Stevens and Wright series before you start reading the RFCs.
To conclusively demonstrate that DES is inadequate for continued use, the EFF built a machine for just over $200,000 that breaks DES encryption in under five days on average, under nine in the worst case.
The book provides details of their design and, perhaps even more important, discusses why they felt the project was necessary. Recommended for anyone interested in any of the three topics mentioned in the subtitle.
See also the EFF page on this project and our discussion of DES insecurity.
SATAN is a Security Administrator's Tool for Analysing Networks. This book is a tutorial in its use.
A thoughtful and rather scary book.
An excellent introduction and user manual for the PGP email-encryption package. PGP is a good package with a complex and poorly-designed user interface. This book or one like it is a must for anyone who has to use it at length.
The book covers using PGP in Unix, PC and Macintosh environments, plus considerable background material on both the technical and political issues around cryptography.
The book is now seriously out of date. It does not cover recent developments such as commercial versions since PGP 5, the Open PGP standard or GNU PG..
A standard reference.
Spafford's web page has an excellent collection of crypto and security links.
A history of codes and code-breaking from ancient Egypt to the 20th century. Well-written and exhaustively researched. Highly recommended, even though it does not have much on computer cryptography.
Now becoming somewhat dated in places, but still a good introductory book and general reference.
This has had a number of favorable reviews, including this one on Slashdot. The book has a web site.
Highly recommended. A fine history of recent (about 1970-2000) developments in the field, and the related political controversies. FreeS/WAN project founder and leader John Gilmore appears several times.
The book does not cover IPsec or FreeS/WAN, but this project is very much another battle in the same war. See our discussion of the politics.
From their web page:
This book is a register of the fingerprints of the world's most important public keys; it implements a top-level certification authority (CA) using paper and ink rather than in an electronic system.
An excellent reference. Read Schneier before tackling this.
Probably the funniest technical book ever written, this is a vicious but well-reasoned attack on the OSI "seven layer model" and all that went with it. Several chapters of it are also available as RFCs 871 to 875.
The best general treatment of computer-mediated communication we have seen. It naturally has much to say about the Internet, but also covers UUCP, Fidonet and so on.
SANS is a respected organisation, this guide is part of a well-known series, and Ranch has previously written the useful Trinity OS guide to securing Linux, so my guess would be this is a pretty good book. I haven't read it yet, so I'm not certain. It can be ordered online from SANS.
Note (Mar 1, 2002): a new edition with different editors in the works. Expect it this year.
A standard reference on computer cryptography. For more recent essays, see the author's company's web site.
An interesting discussion of security and privacy issues, written with more of an "executive overview" approach rather than a narrow focus on the technical issues. Highly recommended.
This is worth reading even if you already understand security issues, or think you do. To go deeper, follow it with Anderson's Security Engineering.
This is the only O'Reilly book, out of a dozen I own, that I'm disappointed with. It deals mainly with building VPNs with various proprietary tools -- PPTP, SSH, Cisco PIX, ... -- and touches only lightly on IPsec-based approaches.
That said, it appears to deal competently with what it does cover and it has readable explanations of many basic VPN and security concepts. It may be exactly what some readers require, even if I find the emphasis unfortunate.
Available online from Security Portal. It has fairly extensive coverage of IPsec.
See the book's home page
A novel in which cryptography and the net figure prominently. Highly recommended: I liked it enough I immediately went out and bought all the author's other books.
There is also a paperback edition. Sequels are expected.
If you need to deal with the details of the network protocols, read either this series or the Comer series before you start reading the RFCs.
A good book, with detailed coverage of ipchains(8) firewalls and of many related issues.