BKVPNABG.RVW 20020928 "VPNs: A Beginner's Guide", John Mairs, 2002, 0-07-219181-3, U$39.99 %A John Mairs %C 300 Water Street, Whitby, Ontario L1N 9B6 %D 2002 %G 0-07-219181-3 %I McGraw-Hill Ryerson/Osborne %O U$39.99 +1-800-565-5758 +1-905-430-5134 fax: 905-430-5020 %O http://www.amazon.com/exec/obidos/ASIN/0072191813/robsladesinterne %P 584 p. %T "VPNs: A Beginner's Guide" Part one deals with networks and security. The material is not bad; in fact, it is very good; but it is, possibly, too much information on topics which are not, really, relevant to virtual private networks (VPNs). On the other hand, anyone who is a rank beginner to networking as well will certainly have a thorough introduction. Chapter one covers layering architecture and the OSI (Open Systems Interconnection) model, and the text on encapsulation is definitely relevant to VPNs. Network architecture, in chapter two, concentrates on topology and the physical layer. There is a detailed reference to the lower layers of the TCP/IP protocol stack in chapter three. Chapter four's explanation of the basics of security is good, absent some material on threats and parts of risk analysis, but the use of non-standard language may be confusing. Threats and attack methods, in chapter five, is weak: the text lists a variety of network protocol exploits, concentrating on spoofing, and doesn't really bring out the concepts. The explanations of intrusion detection systems and firewalls, in chapters six and seven respectively, are good overviews. Part two is supposed to provide the fundamentals of VPNs themselves, but, rather oddly, does a much poorer job on this central idea than on the previous and following content. Chapter eight is on VPN basics, and nine is on VPN architecture. Part three covers VPN protocols. Chapter ten introduces the tunneling protocols of GRE (Generic Routing Encapsulation) and PPTP (Point-to- Point Tunneling Protocol). L2F (Layer 2 Forwarding) and L2TP (Layer 2 Tunneling Protocol), plus a little bit of IPSec, are reviewed in chapter eleven, although it is not always clear what functions are supported. Part four looks at secure communications. The material on cryptography, in chapter twelve, is not very good: polyalphabetic ciphers are *not* examples of transposition, there is some use of non- standard terminology, the text is simplistic in many areas, and the discussion of key management with asymmetric systems is quite weak. There are similarly feeble explanations and minor errors with respect to cryptographic algorithms in chapter thirteen. The discussion of certificates, in chapter fourteen, is more reasonable, although the section on PKI (Public Key Infrastructure) is a bit terse. Chapter fifteen, on authentication, reprises earlier content on identification and authentication (chapter four), PAP (Password Authentication Protocol, chapter ten), CHAP (Challenge Handshake Authentication Protocol, chapter eleven), but adds discussion of RADIUS, TACACS, and Kerberos, at varying levels of detail. Part five delves into the details of IPSec. Chapter sixteen outlines the components of IPSec, although it is somewhat disjointed with repeated returns to the topics of security associations and the different operating modes. Key management, in chapter seventeen, introduces ISAKMP (Internet Security Association and Key Management Protocol) and IKE (Internet Key Exchange), but does not do so in the detail with which other protocols have been discussed, and does not address the weaknesses of the systems. For some reason the details, and some other key management and exchange protocols, are in chapter eighteen (but still limited analysis). Chapter nineteen does have good deliberations on IPSec architecture and implementation. Part six deals with MPLS (Multi-Protocol Label Switching). Chapter twenty talks about quality of service, and related technologies. A few topics associated with traffic engineering are discussed in chapter twenty one. MPLS is proposed as the answer to quality of service and traffic engineering issues in chapter twenty two. Chapter twenty three outlines some of the components of MPLS and finally explains what MPLS has to do with VPNs, although not in much detail. With some caveats about certain sections of the book, I can recommend this both as a reference to a number of VPN technologies, and to some security related issues with TCP/IP. copyright Robert M. Slade, 2002 BKVPNABG.RVW 20020928