The authors have produced a good hands-on book for building secure virtual private networks (VPNs). The book has 10 chapters, grouped into three parts. The first two chapters are in Part 1, “Virtual Private Networks,” the next five chapters are in Part 2, “Implementing Standard VPN Protocols,” and the remaining three chapters are in Part 3, “Implementing Nonstandard VPN Protocols.” The book has three appendices and a glossary, as well as index. The authors assume that the reader has a complete knowledge of the Linux operating system, and they base their discussions on this.

Chapter 1 introduces the reader to the concepts and terminology used in VPNs, and immediately presents the reader with a sample VPN. It explains how a VPN may be deployed, and discusses the advantages and disadvantages of using VPNs. The chapter also compares VPNs to other conventional technologies, and advises the reader about when to deploy VPNs. Chapter 2 presents the basic fundamentals of VPNs, and the devices that go into building a secure one. It discusses various issues involved with planning a VPN, and provides several possible VPN scenarios. It also presents several types of firewalls, and explains how VPNs interact with them.

The five chapters that deal with “Implementing Standard VPN Protocols” start with chapter 3, which discusses the technologies involved in connecting two networks in a VPN with the secure shell (SSH) protocol and the point-to-point protocol (PPP). The chapter then explains how a secure VPN can be created using PPP and SSH, and provides scripts that may be used. The next chapter expands the ideas presented in chapter 3 by introducing the transport layer security (TLS) protocol, with its ability to automatically fall back to the secure sockets layer (SSL), specifically SSLv3. The chapter guides the reader through creating a VPN using Stunnel and PPP, either manually or by using the provided script. Chapter 5 discusses the key elements and functionality of the Internet protocol security protocol (IPSec), and chapter 6 describes how to set up an IPSec VPN using Linux’ Free Secure Wide Area Network (FreeS/WAN). The authors explain the details involved in working with the Linux kernel, and describe the necessary supporting software that should be employed for the task. Chapter 7 explains Microsoft’s Point-to-Point Tunneling Protocol (PPTP), just in case a user might have remote Windows client machines on the system when installing the VPN.

Chapters 8, 9, and 10 constitute Part 3 of the book. They cover nonstandard packages for implementing VPNs. Chapter 8 provides an overview of virtual tunnel (VTun), a protocol that provides a flexible method for creating tunnels across untrusted networks. The chapter explains the various types of tunnels that VTun supports, provides the reader with the URL for obtaining the source code, and presents the steps necessary for its compilation. The configuration options available for VTun are also explained. Chapter 9 discusses the Crypto IP Encapsulation (cIPe) package. cIPe is a lightweight package that provides for tunneling of encrypted IP packets over the user datagram protocol (UDP). Its components and their functions are explained, in addition to installation. Its configuration options are also explained. The last chapter describes another package for building VPNs under Linux, called tinc. tinc is also a lightweight package that provides VPN functionality. Its configuration, installation, and use are explained, together with some ideas for troubleshooting errors that might occur.

The first of the three appendices provides “Commercial Solutions,” and lists companies that offer commercial VPN products. The second appendix, “Selecting a Cipher,” evaluates six popular ciphers based on their security, performance, and availability including: triple data encryption standard (3DES), advanced encryption standard (AES) Rijndael, RSA Securities’ RC4, Blowfish, international data encryption algorithm (IDEA), and Entrust Technologies’ CAST. Appendix C presents a glossary of the terms used in the book. The index is concise but complete.

This is a very good book for technicians and for reference. For it to pass as a textbook for teaching VPNs, a little more work would have to be done on its organization.

Review by: William Oblitey