"Building Linux Virtual Private Networks (VPNs)", Oleg
Kolesnikov/Brian Hatch, 2002, 1-57870-266-6, U$44.99/C$69.99/UK#34.99
%A Oleg Kolesnikov oleg@... ok@...
%A Brian Hatch bri@... brian@...
%C 201 W. 103rd Street, Indianapolis, IN 46290
%I Macmillan Computer Publishing (MCP)/New Riders
%O U$44.99/C$69.99/UK#34.99 800-858-7674 317-581-3743 info@...
%P 385 p.
%T "Building Linux Virtual Private Networks (VPNs)"
Like "Practical UNIX and Internet Security" (cf. BKPRUISC.RVW) this
book so thoroughly covers its general field, in this case virtual
private networks (VPNs), that it is useful to security people
regardless of whether or not they use Linux. There are abundant
practical considerations in this work that other volumes ignore.
Part one deals with the basics of VPNs. Chapter one is a good,
readable, realistic introduction (and we will accept the mention of 40
bit DES in IPSec as a typo: it is listed as such in the errata at the
associated website, http://www.buildinglinuxvpns.net)
. The title of
chapter two, VPN fundamentals, is oddly both true and not: the items
mentioned are not factors of VPNs as such, but aspects and
considerations of VPNs that influence network choices, and network
configurations that impel VPN architecture.
Part two covers implementing standard VPN protocols. Chapter three
provides a detailed and clear explanation of PPP (Point-to-Point
Protocol) over SSH (Secure Shell). PPP over SSL (Secure Sockets
Layer)/TLS (Transport Layer Security), in chapter three, outlines the
basics, increased security, and scripts for troubleshooting.
Excellent coverage of IPSec in general, plus some implementation
details in Linux, is in chapter five. Chapter six explains FreeS/WAN
from philosophy to source to configuration. There is good analysis of
the design and weaknesses of PPTP (Point-to-Point Tunnelling Protocol)
and how to run it on Linux, in chapter seven.
Part three examines the implementation of nonstandard VPN protocols.
Chapter eight looks at the design, options, and setup of VTun. The
lightweight cIPe is covered in chapter nine. Designed for user level
rather than kernel operation, as well as more modern and robust
cryptography, tinc is explained in chapter ten.
I have not found, to date, a book that does a better job of explaining
the concepts and operations of virtual private networks. This should
become the classic text.
copyright Robert M. Slade, 2002 BKBLVPNS.RVW 20020916
rslade@... rslade@... slade@... p1@...
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
February 10, 2003 February 14, 2003 St. Louis, MO
March 31, 2003 April 4, 2003 Indianapolis, IN