From the perennial favorite publishing house of O'Reilly & Associates comes a small, simple book by the name of Virtual Private Networks that should be required reading for anyone interested in joining the IT industry.
A bold claim you say? Not so if you take a look at the growing industry trend of implementing VPNs to securely connect remote clients to corporate networks. But who in the industry actually has time to work their way back to the basics to learn the fundamentals of a relatively newer technology? Very few of us, that's who. Fortunately, O'Reilly has released its second edition of a book that will make this education painless and, best of all, quick.
My first reaction hit me very quickly. This book is not just for those wanting to learn about the technology. It is also for those in the midst of trying to decide whether or not their company should employ a VPN.
As the first chapter title asks: "Why build a Virtual Private Network?" The first chapter delivers a clear, concise answer to this often-befuddling question. Within this chapter some solid, fundamental questions are answered. First and foremost, "What does a VPN do?" Although I've heard VPNs described a hundred different ways, for some reason this book makes it seem so easy to understand.
“A virtual private network is a way to simulate a private network over a public network, such as the Internet.” Okay, so that's making it a bit too oversimplified. Reading on, however, you'll see that the authors (Charlie Scott, Paul Wolfe, and Mike Erwin) flesh out their definition. “It is called 'virtual' because it depends on the use of virtual connections—that is, temporary connections that have no real physical presence but consist of packets routed over various machines on the Internet on an ad hoc basis.”
Other highlights of this opening chapter include a more in-depth look at security risks and how VPN technology solves these security issues. Within these sections, the authors dig into the realms of firewalls, authentication, encryption, and tunneling.
The meat of things
Once we get beyond the “what is” aspects of chapter one, the O'Reilly book begins to really dig deep. Chapter two is especially helpful in your VPN education. Here you will find an outstanding description of the various types of VPN technologies available (packet restriction, packet filtering routers, bastion hosts, DMZ, and proxy servers), as well as a fine explanation of cryptographic algorithms and cryptosystems.
Probably the strongest aspect of this text is the way it deals with protocols. Beginning in chapter two, the authors spell out the heart of VPN technologies. From a full description of IPSec (I loved this sentence: "Over the years, as vendor after vendor labored over reinventing wheels, trying to hide IP packets in a secure protocol, people began to wonder why the TCP/IP protocol itself wasn't updated to support authentication and encryption") to its extensive coverage of Point-to-Point Tunneling Protocol (PPTP), this book makes the understanding of VPNs a well-rounded (liberal arts-like) education.
Speaking of protocols, one of the most noteworthy aspects of the O'Reilly VPN text is the attempt to keep things standard. As you read through this book, you will often notice subtle references to the OSI Layer model. Take for instance this section from chapter four, “Implementing Layer 2 Connections”:
"All of these tunneling protocols operate by tunneling Layer 2 of the OSI Reference Model from communications protocols, also known as the Data Link Layer, over IP." Anyone in the midst of studying for the Cisco Certified Network Associate (CCNA) certification will appreciate this passage and the attempt to keep the point of reference standard.
Writing across the board
Anyone who has read a helping of O'Reilly books (or has taken a look at their catalog) knows that they have a penchant for things UNIX/Linux. This being said, it is also fairly well known that most corporations (and I must confess to a smidge of rising bile as I write this) rely heavily on Microsoft technology for their VPNs. With this in mind, the authors do a fantastic job of spanning cross-platform issues with VPN technologies. Dealing with everything from Remote Access Server (RAS) to the DEC AltaVista Tunnel to Cisco PIX to UNIX and (my favorite) Linux, this brief 196-page book (minus the appendices) leaves very little unsaid.
Of course, as most enterprises are using one MS technology or another, the authors tend to dwell a bit more on these issues.
A breakdown of the chapters looks like this:
- “Why Build a Virtual Private Network?”
- “Basic VPN Technologies”
- “Wide Area, Remote Access, and the VPN”
- “Implementing Layer 2 Connections”
- “Configuring and Testing Layer 2 Connections”
- “Implementing the AltaVista Tunnel 98”
- “Configuring and Testing the AltaVista Tunnel”
- “Creating a VPN with the UNIX Secure Shell”
- “The Cisco PIX Firewall”
- “Managing and Maintaining Your VPN”
- “A VPN Scenario”
- “Appendix A: Emerging Internet Technologies”
- “Resources, Online and Otherwise”
The one disappointment
Of course, few books (if any) are perfect. The one fault I have with this book (and this stems from an obvious bias) is that it lacks any configuration or setup guidelines for using Linux (or any UNIX variant) as a standard VPN server or client. Sure, there is a bit of a nod to our favorite *NIX variants with Secure Shell, but the UNIX flavors make for outstanding VPN servers, and by nearly shrugging off these solutions, they are limiting their audience.
If you are looking to understand VPN technology, do yourself a favor and purchase O'Reilly's Virtual Private Networks. This book is a lightning-fast read, and the information is assimilated with the same speed.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.