BKAGTVPN.RVW 990321 "A Guide to Virtual Private Networks", Martin W. Murhammer et al, 1998, 0-13-083964-7 %A Martin W. Murhammer %A Tim A. Bourne %A Tamas Gaidosch %A Charles Kunzinger %A Laura Rademacher %A Andreas Weinfurter %C One Lake St., Upper Saddle River, NJ 07458 %D 1998 %G 0-13-083964-7 %I Prentice Hall %O 800-576-3800 416-293-3621 fax: 201-236-7131 %P 174 p. %T "A Guide to Virtual Private Networks" You don't have to look very far to figure out that this book is by IBM, of IBM, and probably for IBM. All of the authors (even those that don't rate the front cover) work for IBM, and ... well, lookee here! IBM just happens to make products that relate to virtual private networks (VPNs)! Chapter one is a reasonable overview of the basic concepts behind VPNs. However, the level of the writing is inconsistent, some parts of the explanation are a bit confused (they tend to use the term "tunnel" a lot, even where "circuit" might be more fitting), and overall one gets the feeling that this should be presented on a big screen in a dark auditorium, with a suit droning on and on. There is a tendency to illustrate (with not very illuminating figures) rather than explain, when it comes to the technical bits. Either that, or just start to list off protocols. Encryption is explained fairly well in chapter two. There is some detail as to the actual operation of some algorithms. (I notice that DES [Data Encryption Standard] is not among them, and that it is claimed fully, and not just derivatively, for IBM.) The discussion of key and algorithm strength is weak, however, and there is no discussion of the basic problems or concerns of key management. Chapter three provides format details of the IPsec (Internet Protocol security) AH (Authentication Header) and ESP (Encapsulating Security Payload) protocols. References for the appropriate draft documents are given at the end of the chapter. The Internet Key Exchange (IKE) (also known as Internet Security Association and Key Management Protocol [ISAKMP]) is discussed in chapter four. Chapters five to seven look at scenarios for branch offices, business partners, and remote access, respectively. There is little new content, and most of the material could be inferred from the text of earlier chapters. Showing admirable forbearance, most of the detail of IBM products is held for the appendices. While not all parts are particularly readable, the book does, at least, have the advantage of being short. The fundamental concepts of VPNs are given, enough so that a technical manager could get a basic grasp of what was required. Possible attacks, and the complexities of implementation, are not dealt with very well. copyright Robert M. Slade, 1999 BKAGTVPN.RVW 990321