http://www.spinellis.gr/pubs/Breview/2001-CR-VPN/html/review.html This is an HTML rendering of a working paper draft that led to a publication. The publication should always be cited in preference to this draft using the following reference:
|
Diomidis Spinellis
Athens University of Economics and Business
Ruixi Yuan and W. Timothy Strayer
Virtual Private Networks: Technologies and Solutions
Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2001
317 pp. ISBN 0-201-70209-6
The wide deployment of the Internet is offering organizations a viable infrastructure for their networking needs providing ubiquitous coverage and cost reductions through economies of scale. However, communications over the public Internet are inherently insecure. A number of technologies can be brought together to construct a virtual private network (VPN): a secure network over the infrastructure of a public network. Yuan and Strayer eloquently describe the disparate technologies underlying the realization of VPNs and outline typical solutions for deploying VPNs throughout the organization. The book can be used as a tutorial on VPN concepts providing a survey of the most important underlying technologies.
The work starts with an overview of fundamental networking and VPN concepts, making it readable even by professionals not versed in the area of networking. Separate chapters introduce the VPN drivers, market, technologies, and solutions, describe the Internet's architecture and security basics, and outline different VPN architectures (site-to-site, remote access, and extranet).
The main body of the book consists of chapters describing each key VPN technology. The basic block for building a VPN is a tunnel: an architectural concept describing the overlay of a virtual network link across an arbitrary physical network topology. The family of Internet protocols known as IPSec is then used to secure the tunnel's contents. The description of VPN technologies ends with a discussion of authentication (two party, and trusted third party based), the public key infrastructures that can provide VPN certificates, and how to arrange and manage VPN access control. All technologies are generically described with a separate section explaining how they apply to VPNs.
The last part of the book describes complete VPN solutions. These come in the form of dedicated gateways that are used to link networks together, or clients that are installed on end-user machines. Both chapters deal with the underlying concepts and refer to explicit products only to illustrate specific points. This keeps the material current in a rapidly changing marketplace, but, on the other hand, makes life more complicated for the network engineer who is looking for comparisons and recommendations to guide him towards the particular VPN solution to adopt. A separate chapter deals with the important issue of VPN network and service management including advice for managing a VPN that is outsourced to a network provider.
The book is professionally composed in all of its aspects (sectioning, typography, illustrations, editing, index, and references). Your reviewer would prefer the technically correct and accurate description of the VPN landscape to be complemented by insight, opinions, and directions which the authors obviously are in a position to provide. As it is "Virtual Private Networks" is a definitive reference for the VPN technologies and solutions.