BKBLVPNS.RVW 20020916 "Building Linux Virtual Private Networks (VPNs)", Oleg Kolesnikov/Brian Hatch, 2002, 1-57870-266-6, U$44.99/C$69.99/UK#34.99 %A Oleg Kolesnikov oleg@buildinglinuxvpns.net ok@cc.gatech.edu %A Brian Hatch bri@buildinglinuxvpns.net brian@onsight.com %C 201 W. 103rd Street, Indianapolis, IN 46290 %D 2002 %G 1-57870-266-6 %I Macmillan Computer Publishing (MCP)/New Riders %O U$44.99/C$69.99/UK#34.99 800-858-7674 317-581-3743 info@mcp.com %O http://www.amazon.com/exec/obidos/ASIN/1578702666/robsladesinterne %P 385 p. %T "Building Linux Virtual Private Networks (VPNs)" Like "Practical UNIX and Internet Security" (cf. BKPRUISC.RVW) this book so thoroughly covers its general field, in this case virtual private networks (VPNs), that it is useful to security people regardless of whether or not they use Linux. There are abundant practical considerations in this work that other volumes ignore. Part one deals with the basics of VPNs. Chapter one is a good, readable, realistic introduction (and we will accept the mention of 40 bit DES in IPSec as a typo: it is listed as such in the errata at the associated website, http://www.buildinglinuxvpns.net). The title of chapter two, VPN fundamentals, is oddly both true and not: the items mentioned are not factors of VPNs as such, but aspects and considerations of VPNs that influence network choices, and network configurations that impel VPN architecture. Part two covers implementing standard VPN protocols. Chapter three provides a detailed and clear explanation of PPP (Point-to-Point Protocol) over SSH (Secure Shell). PPP over SSL (Secure Sockets Layer)/TLS (Transport Layer Security), in chapter three, outlines the basics, increased security, and scripts for troubleshooting. Excellent coverage of IPSec in general, plus some implementation details in Linux, is in chapter five. Chapter six explains FreeS/WAN from philosophy to source to configuration. There is good analysis of the design and weaknesses of PPTP (Point-to-Point Tunnelling Protocol) and how to run it on Linux, in chapter seven. Part three examines the implementation of nonstandard VPN protocols. Chapter eight looks at the design, options, and setup of VTun. The lightweight cIPe is covered in chapter nine. Designed for user level rather than kernel operation, as well as more modern and robust cryptography, tinc is explained in chapter ten. I have not found, to date, a book that does a better job of explaining the concepts and operations of virtual private networks. This should become the classic text. copyright Robert M. Slade, 2002 BKBLVPNS.RVW 20020916