The Virtual Bookcase Reviews of 'Guide to Virtual Private Networks':
Reviewer amazon.com wrote:
What makes Internet Protocol Security Architecture (IPSec) virtual private networks (VPNs) secure? A Guide to Virtual Private Networks does a great job of explaining the processes that--in theory, anyway--do. The book covers the data-handling and security aspects of these VPNs with an eye toward implementing one. You'll find a comprehensive portrait of the technologies that define VPNs governed by the IPSec specification. This book clearly explains how the Internet Security Association and Key Management Protocol (ISAKMP) and the Oakley key-exchange protocol work. It also provides details on how Internet Key Exchange (IKE) works under ISAKMP/Oakley. The workings of all these protocols are explained by dissecting transactions into their individual phases, enabling you to follow what happens and design your VPN to be as efficient and secure as possible. Three VPN implementation scenarios are presented, including individual users accessing a VPN via dial-up connections to the Internet, geographically separate organizational LANs linked to each other across the public network, and an extranet that includes semitrusted customers or suppliers. Each of these scenarios includes information on router and firewall configuration.
Reviewer Rob Slade wrote:
You don't have to look very far to figure out that this book is by
IBM, of IBM, and probably for IBM. All of the authors (even those
that don't rate the front cover) work for IBM, and ... well, lookee
here! IBM just happens to make products that relate to virtual
private networks (VPNs)!
Chapter one is a reasonable overview of the basic concepts behind
VPNs. However, the level of the writing is inconsistent, some parts
of the explanation are a bit confused (they tend to use the term
"tunnel" a lot, even where "circuit" might be more fitting), and
overall one gets the feeling that this should be presented on a big
screen in a dark auditorium, with a suit droning on and on. There is
a tendency to illustrate (with not very illuminating figures) rather
than explain, when it comes to the technical bits. Either that, or
just start to list off protocols.
Encryption is explained fairly well in chapter two. There is some
detail as to the actual operation of some algorithms. (I notice that
DES [Data Encryption Standard] is not among them, and that it is
claimed fully, and not just derivatively, for IBM.) The discussion of
key and algorithm strength is weak, however, and there is no
discussion of the basic problems or concerns of key management.
Chapter three provides format details of the IPsec (Internet Protocol
security) AH (Authentication Header) and ESP (Encapsulating Security
Payload) protocols. References for the appropriate draft documents
are given at the end of the chapter. The Internet Key Exchange (IKE)
(also known as Internet Security Association and Key Management
Protocol [ISAKMP]) is discussed in chapter four. Chapters five to
seven look at scenarios for branch offices, business partners, and
remote access, respectively. There is little new content, and most of
the material could be inferred from the text of earlier chapters.
Showing admirable forbearance, most of the detail of IBM products is
held for the appendices.
While not all parts are particularly readable, the book does, at
least, have the advantage of being short. The fundamental concepts of
VPNs are given, enough so that a technical manager could get a basic
grasp of what was required. Possible attacks, and the complexities of
implementation, are not dealt with very well.
copyright Robert M. Slade, 1999
Add my review for Guide to Virtual Private Networks