[ISN] REVIEW: "VPNs: A Beginner's Guide", John Mairs

From: InfoSec News (isnat_private)
Date: Sun Nov 24 2002 - 23:57:35 PST

  • Next message: InfoSec News: "[ISN] Marines move toward PKI"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    
    BKVPNABG.RVW   20020928
    
    [ http://www.amazon.com/exec/obidos/ASIN/0072191813/c4iorg  - WK ]
    
    "VPNs: A Beginner's Guide", John Mairs, 2002, 0-07-219181-3, U$39.99
    %A   John Mairs
    %C   300 Water Street, Whitby, Ontario   L1N 9B6
    %D   2002
    %G   0-07-219181-3
    %I   McGraw-Hill Ryerson/Osborne
    %O   U$39.99 +1-800-565-5758 +1-905-430-5134 fax: 905-430-5020
    %P   584 p.
    %T   "VPNs: A Beginner's Guide"
    
    Part one deals with networks and security.  The material is not bad;
    in fact, it is very good; but it is, possibly, too much information on
    topics which are not, really, relevant to virtual private networks
    (VPNs).  On the other hand, anyone who is a rank beginner to
    networking as well will certainly have a thorough introduction.
    
    Chapter one covers layering architecture and the OSI (Open Systems
    Interconnection) model, and the text on encapsulation is definitely
    relevant to VPNs.  Network architecture, in chapter two, concentrates
    on topology and the physical layer.  There is a detailed reference to
    the lower layers of the TCP/IP protocol stack in chapter three. 
    Chapter four's explanation of the basics of security is good, absent
    some material on threats and parts of risk analysis, but the use of
    non-standard language may be confusing.  Threats and attack methods,
    in chapter five, is weak: the text lists a variety of network protocol
    exploits, concentrating on spoofing, and doesn't really bring out the
    concepts.  The explanations of intrusion detection systems and
    firewalls, in chapters six and seven respectively, are good overviews.
    
    Part two is supposed to provide the fundamentals of VPNs themselves,
    but, rather oddly, does a much poorer job on this central idea than on
    the previous and following content.  Chapter eight is on VPN basics,
    and nine is on VPN architecture.
    
    Part three covers VPN protocols.  Chapter ten introduces the tunneling
    protocols of GRE (Generic Routing Encapsulation) and PPTP (Point-to-
    Point Tunneling Protocol).  L2F (Layer 2 Forwarding) and L2TP (Layer 2
    Tunneling Protocol), plus a little bit of IPSec, are reviewed in
    chapter eleven, although it is not always clear what functions are
    supported.
    
    Part four looks at secure communications.  The material on
    cryptography, in chapter twelve, is not very good: polyalphabetic
    ciphers are *not* examples of transposition, there is some use of non-
    standard terminology, the text is simplistic in many areas, and the
    discussion of key management with asymmetric systems is quite weak. 
    There are similarly feeble explanations and minor errors with respect
    to cryptographic algorithms in chapter thirteen.  The discussion of
    certificates, in chapter fourteen, is more reasonable, although the
    section on PKI (Public Key Infrastructure) is a bit terse.  Chapter
    fifteen, on authentication, reprises earlier content on identification
    and authentication (chapter four), PAP (Password Authentication
    Protocol, chapter ten), CHAP (Challenge Handshake Authentication
    Protocol, chapter eleven), but adds discussion of RADIUS, TACACS, and
    Kerberos, at varying levels of detail.
    
    Part five delves into the details of IPSec.  Chapter sixteen outlines
    the components of IPSec, although it is somewhat disjointed with
    repeated returns to the topics of security associations and the
    different operating modes.  Key management, in chapter seventeen,
    introduces ISAKMP (Internet Security Association and Key Management
    Protocol) and IKE (Internet Key Exchange), but does not do so in the
    detail with which other protocols have been discussed, and does not
    address the weaknesses of the systems.  For some reason the details,
    and some other key management and exchange protocols, are in chapter
    eighteen (but still limited analysis).  Chapter nineteen does have
    good deliberations on IPSec architecture and implementation.
    
    Part six deals with MPLS (Multi-Protocol Label Switching).  Chapter
    twenty talks about quality of service, and related technologies.  A
    few topics associated with traffic engineering are discussed in
    chapter twenty one.  MPLS is proposed as the answer to quality of
    service and traffic engineering issues in chapter twenty two.  Chapter
    twenty three outlines some of the components of MPLS and finally
    explains what MPLS has to do with VPNs, although not in much detail.
    
    With some caveats about certain sections of the book, I can recommend
    this both as a reference to a number of VPN technologies, and to some
    security related issues with TCP/IP.
    
    copyright Robert M. Slade, 2002   BKVPNABG.RVW   20020928
    
    -- 
    ======================
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
    Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
        November 25, 2002   November 29,2002    Toronto, ON, Canada
        December 16, 2002   December 20,2002    San Francisco, CA
        February 10, 2003   February 14, 2003   St. Louis, MO
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Nov 25 2002 - 03:45:31 PST