Virtual Private Networks: Technologies and Solutions [Paperback]

Ruixi Yuan (Author), W. Timothy Strayer (Author)

Book Description

ISBN-10: 0201702096 | ISBN-13: 978-0201702095 | Publication Date: May 4, 2001 | Edition: 1

VPNs enable any enterprise to utilize the Internet as its own secure private network. In this book, two leading VPN implementers offer a start-to-finish, hands-on guide to constructing and operating secure VPNs. Going far beyond the theory found in most books, Ruixi Yuan and Tim Strayer present best practices for every aspect of VPN deployment, including tunneling, IPsec, authentication, public key infrastructure, and network/service management. Strayer and Yuan begin with a detailed overview of the fundamental concepts and architectures associated with enterprise VPNs, including site-to-site VPNs, remote access VPNs, and extranets. They compare all options for establishing VPN tunnels across the Internet, including PPTP, L2F, and L2TP. Next, they present in-depth coverage of implementing IPsec; establishing two-party or trusted third-party authentication; building a robust public key infrastructure; and managing access control. The book includes expert coverage of VPN gateway configuration, provisioning, and management; Windows and other VPN clients; and network/service management, including SLAs and network operations centers. Finally, the authors preview the future of VPNs, showing how they may be enhanced to provide greater quality of service and network intelligence. For all networking and IT professionals, security specialists, consultants, vendors, and service providers responsible for building or operating VPNs.

Editorial Reviews

Amazon.com Review

Virtual Private Networks (VPNs) take advantage of the Internet's low-cost data communications capabilities by sending network traffic (internal network traffic, of the sort traditionally sent over private data links) through the public data cloud. The money savings, however, comes with the need to make sure that the potentially sensitive information is properly protected during its trip through open channels. Virtual Private Networks: Technologies and Solutions examines this engineering challenge in heavily researched and thickly referenced detail, providing network architects with tons of information about the problems that exist, the technologies that have been developed to solve those problems, and the products vendors offer to implement those technologies.

Authors Ruixi Yuan and Timothy Strayer take a scholarly approach: Each topic is introduced, and new terms described, as the functions of each piece in VPN systems are explained. Books and papers relevant to the topic are referenced frequently, along with standards documents, and the book uses pseudocode and mathematical expressions to explain encryption and authentication. If you study the book--along with the other publications-carefully, you'll be rewarded with a deep understanding of how to build a good VPN. --David Wall

Topics covered: The state of the art in virtual private networks (VPNs), with special coverage of tunneling (via PPTP, L2F, L2TP, IPsec, and MPLS), the IPsec protocol, authentication, public key infrastructure (PKI), gateways, and clients. VPNs for static links as well as for remote access solutions are covered.

From the Back Cover

Virtual private networks have become an essential part of today's business networks, as they provide a cost-effective means of assuring private internal and external communications over the shared Internet infrastructure. Virtual Private Networks: Technologies and Solutions is a comprehensive, practical guide to VPNs. This book presents the various technology components, concrete solutions, and best practices you need to deploy and manage a highly successful VPN.

Readers will find an overview of fundamental VPN concepts and architectures, followed by an in-depth examination of advanced features and functions such as tunneling, authentication, access control, VPN gateways, VPN clients, and VPN network and service management. Specific topics covered include:

• IPsec, featuring the Authentication Header, Encapsulating Security Payload, Internet Key
• Exchange, and implementation details
• PPTP, L2F, L2TP, and MPLS as VPN tunneling protocols
• Two-party and three-party authentication, including RADIUS and Kerberos
• Public key infrastructure (PKI) and its integration into VPN solutions
• Access control policies, mechanisms, and management, and their application to VPNs
• VPN gateway functions, including site-to-site intranet, remote access, and extranet
• Gateway configuration, provisioning, monitoring, and accounting
• Gateway interaction with firewalls and routers
• VPN client implementation issues, including interaction with operating systems
• Client operation issues, including working with NAT, DNS, and link MTU limits
• VPN management architectures and tunnel and security management
• Outsourcing and service provider environments

The book concludes with a forward look at the future of VPNs that examines such issues as security and quality of service (QoS). VPN scenarios throughout the book demonstrate how to put the described techniques and technologies to work in a real-world Virtual Private Network.

0201702096B04232001

See all Editorial Reviews

Product Details

• Paperback: 336 pages
• Publisher: Addison-Wesley Professional; 1 edition (May 4, 2001)
• Language: English
• ISBN-10: 0201702096
• ISBN-13: 978-0201702095
• Product Dimensions: 9.6 x 7.5 x 0.7 inches
• Shipping Weight: 1.3 pounds (View shipping rates and policies)
• Average Customer Review: 4.6 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #1,687,159 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

26 of 26 people found the following review helpful:

4.0 out of 5 stars Not "Virtual Private Networks Illustrated," but still useful, September 23, 2001

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Virtual Private Networks: Technologies and Solutions (Paperback)

I am a senior engineer for network security operations who uses a VPN every day. I read "Virtual Private Networks: Technologies and Solutions" (VPN:TS) to gain a better understanding of this key component of modern networking. While VPN:TS is not the VPN equivalent of Rich Stevens' "TCP/IP Illustrated," it's the best general-purpose VPN book I've read.

Thanks to the book's logical arrangement, precise wording, and short length (281 pages of text), VPN:TS is a fast read. (I finished it in a little more than one day.) It offers clear diagrams of various architectures and protocol headers. VPN:TS is technology neutral, preferring to describe principles and protocols instead of products. Consequently, those looking for a how-to manual for configuring Cisco router or Checkpoint Firewall-based VPNs should look elsewhere. I welcomed this approach, since I have no need for information on popular VPN implementations!

VPN:TS struck me as more than a book about virtual private networks. Because little time was spent elaborating product configurations, the authors discussed related networking topics. These included chapters on cryptography, authentication, PKI, access control, and network management. VPN:TS also describes the relationship between Multiprotocol Label Switching (MPLS) and Quality of Service (QoS). Readers familiar with all of these topics might not appreciate this material, but I enjoyed it.

I was disappointed that VPN:TS did not offer any traces to demonstrate various protocols in action. I believe the authors should have demonstrated building a sample VPN solution, complete with example configuration files and installation steps. An open source project like Linux FreeS/WAN or BSD KAME would have been ideal. This demonstration would have allowed discussions of troubleshooting common client/server obstacles.

VPN:TS is not the sort of reference book to place next to your router, firewall, or laptop. It's best suited to learning general VPN design and deployment. Those seeking technical implementation details will have to look elsewhere. Those who want to learn the role of VPNs in the wider networking realm will appreciate VPN:TS.

(Disclaimer: I received a free review copy from the publisher.)

12 of 13 people found the following review helpful:

5.0 out of 5 stars Clearly written book on underlying technologies for VPNs, June 12, 2001

By 

Mike Tarrani "www.tarrani.com" (Deltona, FL USA) - See all my reviews
(COMMUNITY FORUM 04)    (REAL NAME)   

This review is from: Virtual Private Networks: Technologies and Solutions (Paperback)

This book is a great starting point for understanding the business reasons for implementing VPNs and the underlying technology. Although the book gets moderately technical it is written in such a manner that it can be understood by business process owners who have exposure to technology, as well as IT professionals who need to understand the network and security aspects of virtual private networks.

The focus of the book is the underlying technologies more than VPN solutions, and the emphasis is on VPN security infrastructure and services. Part I covers what VPNs are, how they can be employed as solutions to business requirements, and a basic overview of the concepts and technologies. I like the clear way the authors present this material, and the fact that it is completely accessible to non-technical readers.

Part II delves deeper into each facet of the underlying technology, covering the major topics: tunneling, IPsec, authentication, PKI, and access control. This part of the book will quickly get a network specialist up-to-speed on security services provided by VPNs, and goes deep enough to give a clear understanding of the security infrastructure in language that a network specialist will be comfortable with. It is also an excellent resource for system architects who need to see the big picture and fully understand how this technology set fits into an coherent architecture. It is especially valuable to architects and IS/IT professionals from other technical domains who are working in the health care industry because the infrastructure and services discussed are directly applicable to HIPAA requirements.

VPN solutions discussed in Part III is a wide survey of the components needed to implement a VPN. The chapter on VPN clients is must reading for anyone who is designing or implementing a VPN solution, as is the chapter on network and service management. Both of these chapters address issues that I have not come across in other books. For example, some of the issues with MS Windows VPN clients are potential "gotchas" that you need to be aware of in order to implement a completely secure (and supportable) VPN.

Overall: this book provides a high-level view with enough technical detail to give you a good understanding of the capabilities and limitations of virtual private networks. The writing is clear and readable, and the book is amply illustrated. Moreover, both authors work for BBN, which has been a key force in the evolution of the Internet for over 30 years the book has an air of authority and credibility that is rare in other books of this genre. I give it five stars for explaining a complex technology and for never losing sight of the business reasons for a VPN.

7 of 8 people found the following review helpful:

5.0 out of 5 stars Excellent VPN reference..., August 24, 2001

By 

Gary C. Kessler (Burlington, VT USA) - See all my reviews
(REAL NAME)   

This review is from: Virtual Private Networks: Technologies and Solutions (Paperback)

This book gets my nod as one of the best VPN books currently available. Most of the early VPN books have been awful, written totally from the business perspective -- i.e., why I need a VPN, or why VPNs are good. These author have apparently actually built some VPNs and write for someone who actually needs to build a VPN. Here, a reader can acquire an understanding and appreciation of such issues as products; protocols; the relationship between VPN tunnels, IPsec, and NAT; the relationship between the VPN server and firewall; etc., etc. I give this book my highest recommendation -- namely, I would spend my own money on this book!