REVIEW: "VPNs: A Beginner's Guide", John Mairs

[InfoSec News <isn () c4i org>]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKVPNABG.RVW   20020928

[ http://www.amazon.com/exec/obidos/ASIN/0072191813/c4iorg  - WK ]

"VPNs: A Beginner's Guide", John Mairs, 2002, 0-07-219181-3, U$39.99
%A   John Mairs
%C   300 Water Street, Whitby, Ontario   L1N 9B6
%D   2002
%G   0-07-219181-3
%I   McGraw-Hill Ryerson/Osborne
%O   U$39.99 +1-800-565-5758 +1-905-430-5134 fax: 905-430-5020
%P   584 p.
%T   "VPNs: A Beginner's Guide"

Part one deals with networks and security.  The material is not bad;
in fact, it is very good; but it is, possibly, too much information on
topics which are not, really, relevant to virtual private networks
(VPNs).  On the other hand, anyone who is a rank beginner to
networking as well will certainly have a thorough introduction.

Chapter one covers layering architecture and the OSI (Open Systems
Interconnection) model, and the text on encapsulation is definitely
relevant to VPNs.  Network architecture, in chapter two, concentrates
on topology and the physical layer.  There is a detailed reference to
the lower layers of the TCP/IP protocol stack in chapter three. 
Chapter four's explanation of the basics of security is good, absent
some material on threats and parts of risk analysis, but the use of
non-standard language may be confusing.  Threats and attack methods,
in chapter five, is weak: the text lists a variety of network protocol
exploits, concentrating on spoofing, and doesn't really bring out the
concepts.  The explanations of intrusion detection systems and
firewalls, in chapters six and seven respectively, are good overviews.

Part two is supposed to provide the fundamentals of VPNs themselves,
but, rather oddly, does a much poorer job on this central idea than on
the previous and following content.  Chapter eight is on VPN basics,
and nine is on VPN architecture.

Part three covers VPN protocols.  Chapter ten introduces the tunneling
protocols of GRE (Generic Routing Encapsulation) and PPTP (Point-to-
Point Tunneling Protocol).  L2F (Layer 2 Forwarding) and L2TP (Layer 2
Tunneling Protocol), plus a little bit of IPSec, are reviewed in
chapter eleven, although it is not always clear what functions are
supported.

Part four looks at secure communications.  The material on
cryptography, in chapter twelve, is not very good: polyalphabetic
ciphers are *not* examples of transposition, there is some use of non-
standard terminology, the text is simplistic in many areas, and the
discussion of key management with asymmetric systems is quite weak. 
There are similarly feeble explanations and minor errors with respect
to cryptographic algorithms in chapter thirteen.  The discussion of
certificates, in chapter fourteen, is more reasonable, although the
section on PKI (Public Key Infrastructure) is a bit terse.  Chapter
fifteen, on authentication, reprises earlier content on identification
and authentication (chapter four), PAP (Password Authentication
Protocol, chapter ten), CHAP (Challenge Handshake Authentication
Protocol, chapter eleven), but adds discussion of RADIUS, TACACS, and
Kerberos, at varying levels of detail.

Part five delves into the details of IPSec.  Chapter sixteen outlines
the components of IPSec, although it is somewhat disjointed with
repeated returns to the topics of security associations and the
different operating modes.  Key management, in chapter seventeen,
introduces ISAKMP (Internet Security Association and Key Management
Protocol) and IKE (Internet Key Exchange), but does not do so in the
detail with which other protocols have been discussed, and does not
address the weaknesses of the systems.  For some reason the details,
and some other key management and exchange protocols, are in chapter
eighteen (but still limited analysis).  Chapter nineteen does have
good deliberations on IPSec architecture and implementation.

Part six deals with MPLS (Multi-Protocol Label Switching).  Chapter
twenty talks about quality of service, and related technologies.  A
few topics associated with traffic engineering are discussed in
chapter twenty one.  MPLS is proposed as the answer to quality of
service and traffic engineering issues in chapter twenty two.  Chapter
twenty three outlines some of the components of MPLS and finally
explains what MPLS has to do with VPNs, although not in much detail.

With some caveats about certain sections of the book, I can recommend
this both as a reference to a number of VPN technologies, and to some
security related issues with TCP/IP.

copyright Robert M. Slade, 2002   BKVPNABG.RVW   20020928

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    November 25, 2002   November 29,2002    Toronto, ON, Canada
    December 16, 2002   December 20,2002    San Francisco, CA
    February 10, 2003   February 14, 2003   St. Louis, MO




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.