Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "VPNs: A Beginner's Guide", John Mairs

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKVPNABG.RVW 20020928 VPNs: A Beginner s Guide , John Mairs, 2002, 0-07-219181-3, U$39.99 %A John Mairs %C 300 Water Street, Whitby, Ontario L1N 9B6
    Message 1 of 1 , Nov 22, 2002
      BKVPNABG.RVW 20020928

      "VPNs: A Beginner's Guide", John Mairs, 2002, 0-07-219181-3, U$39.99
      %A John Mairs
      %C 300 Water Street, Whitby, Ontario L1N 9B6
      %D 2002
      %G 0-07-219181-3
      %I McGraw-Hill Ryerson/Osborne
      %O U$39.99 +1-800-565-5758 +1-905-430-5134 fax: 905-430-5020
      %P 584 p.
      %T "VPNs: A Beginner's Guide"

      Part one deals with networks and security. The material is not bad;
      in fact, it is very good; but it is, possibly, too much information on
      topics which are not, really, relevant to virtual private networks
      (VPNs). On the other hand, anyone who is a rank beginner to
      networking as well will certainly have a thorough introduction.

      Chapter one covers layering architecture and the OSI (Open Systems
      Interconnection) model, and the text on encapsulation is definitely
      relevant to VPNs. Network architecture, in chapter two, concentrates
      on topology and the physical layer. There is a detailed reference to
      the lower layers of the TCP/IP protocol stack in chapter three.
      Chapter four's explanation of the basics of security is good, absent
      some material on threats and parts of risk analysis, but the use of
      non-standard language may be confusing. Threats and attack methods,
      in chapter five, is weak: the text lists a variety of network protocol
      exploits, concentrating on spoofing, and doesn't really bring out the
      concepts. The explanations of intrusion detection systems and
      firewalls, in chapters six and seven respectively, are good overviews.

      Part two is supposed to provide the fundamentals of VPNs themselves,
      but, rather oddly, does a much poorer job on this central idea than on
      the previous and following content. Chapter eight is on VPN basics,
      and nine is on VPN architecture.

      Part three covers VPN protocols. Chapter ten introduces the tunneling
      protocols of GRE (Generic Routing Encapsulation) and PPTP (Point-to-
      Point Tunneling Protocol). L2F (Layer 2 Forwarding) and L2TP (Layer 2
      Tunneling Protocol), plus a little bit of IPSec, are reviewed in
      chapter eleven, although it is not always clear what functions are

      Part four looks at secure communications. The material on
      cryptography, in chapter twelve, is not very good: polyalphabetic
      ciphers are *not* examples of transposition, there is some use of non-
      standard terminology, the text is simplistic in many areas, and the
      discussion of key management with asymmetric systems is quite weak.
      There are similarly feeble explanations and minor errors with respect
      to cryptographic algorithms in chapter thirteen. The discussion of
      certificates, in chapter fourteen, is more reasonable, although the
      section on PKI (Public Key Infrastructure) is a bit terse. Chapter
      fifteen, on authentication, reprises earlier content on identification
      and authentication (chapter four), PAP (Password Authentication
      Protocol, chapter ten), CHAP (Challenge Handshake Authentication
      Protocol, chapter eleven), but adds discussion of RADIUS, TACACS, and
      Kerberos, at varying levels of detail.

      Part five delves into the details of IPSec. Chapter sixteen outlines
      the components of IPSec, although it is somewhat disjointed with
      repeated returns to the topics of security associations and the
      different operating modes. Key management, in chapter seventeen,
      introduces ISAKMP (Internet Security Association and Key Management
      Protocol) and IKE (Internet Key Exchange), but does not do so in the
      detail with which other protocols have been discussed, and does not
      address the weaknesses of the systems. For some reason the details,
      and some other key management and exchange protocols, are in chapter
      eighteen (but still limited analysis). Chapter nineteen does have
      good deliberations on IPSec architecture and implementation.

      Part six deals with MPLS (Multi-Protocol Label Switching). Chapter
      twenty talks about quality of service, and related technologies. A
      few topics associated with traffic engineering are discussed in
      chapter twenty one. MPLS is proposed as the answer to quality of
      service and traffic engineering issues in chapter twenty two. Chapter
      twenty three outlines some of the components of MPLS and finally
      explains what MPLS has to do with VPNs, although not in much detail.

      With some caveats about certain sections of the book, I can recommend
      this both as a reference to a number of VPN technologies, and to some
      security related issues with TCP/IP.

      copyright Robert M. Slade, 2002 BKVPNABG.RVW 20020928

      rslade@... rslade@... slade@... p1@...
      Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
      Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
      November 25, 2002 November 29,2002 Toronto, ON, Canada
      December 16, 2002 December 20,2002 San Francisco, CA
      February 10, 2003 February 14, 2003 St. Louis, MO
    Your message has been successfully submitted and would be delivered to recipients shortly.