REVIEW - Virtual Private Networks

Title:

Virtual Private Networks

Author:

Charlie Scott, Paul Wolfe, Mike Erwin

ISBN:

1565925297

Publisher:

O'Reilly (1999)

Pages:

211pp

Reviewer:

Adrian Wontroba

Reviewed:

April 2000

Rating:

★★★☆☆

this should be a considerable aid to anybody faced with implementing a VPN

A Virtual Private Network (VPN) is a secure private network, run over a public network, for example, the Internet.

Traditionally, if you wanted a secure Wide Area Network (WAN) you bought, expensively, private leased lines between your sites and were very careful about what equipment, where, could connect to the notoriously insecure and hostile Internet. As the business needs for connectivity, bandwidth and supporting remote access for road warriors and tele-workers increase, so do the costs of upgrading and supporting the WAN approach. VPNs, replacing WAN private lines with dedicated and dialup Internet connections, potentially offer reduced costs and problems in some areas and the opposite in others. VPN technology is quite young and is evolving rapidly. Various competing, proprietary, incompatible, commercial and free products exist. Most VPN solutions will use a mixture of products.

This book, after a quick tour of some of the underlying concepts and technologies, presents quite detailed background information and implementation instructions for the following four approaches. In each case this should be a considerable aid to anybody faced with implementing a VPN using the approach.

  • Point to Point Tunnelling Protocol Basically, secure Internet access to Microsoft RAS servers for Microsoft Windows, Apple Macintosh and LINUX. I know that a FreeBSD port exists of the LINUX PPTP product.
  • The COMPAQ (ex Digital Equipment Corporation) AltaVista Tunnel, for Windows and (Digital) UNIX servers with Windows and MacOS clients.
  • The UNIX Secure Shell (SSH). Potentially free to obtain and use. Needs an ideally dedicated UNIX box at each location. The example given was for LINUX, but other flavours may / should be viable.
  • The Cisco PIX firewall. Drop in technology and one of the first commercial dedicated near turnkey solutions. Expect similar products to appear from other suppliers.
The book concludes with brief but useful chapters on VPN management and maintenance, a real multi-approach solution and appendices touching on IPv6, IPSec, S/WAN, the IETF and information sources.

Overall, I found it interesting and of benefit, largely because I started out thinking that I needed a VPN, but the book convinced me that I didn't! A much less favourable review from a very more expert UKUUG reviewer may be found athttp://www.ukuug.org/newsletter/83/n83-03.shtml.


Book cover image courtesy of Open Library.