Readers will find an overview of fundamental VPN concepts and architectures, followed by an in-depth examination of advanced features and functions such as tunneling, authentication, access control, VPN gateways, VPN clients, and VPN network and service management. Specific topics covered include:

• IPsec, featuring the Authentication Header, Encapsulating Security Payload, Internet Key
• Exchange, and implementation details
• PPTP, L2F, L2TP, and MPLS as VPN tunneling protocols
• Two-party and three-party authentication, including RADIUS and Kerberos
• Public key infrastructure (PKI) and its integration into VPN solutions
• Access control policies, mechanisms, and management, and their application to VPNs
• VPN gateway functions, including site-to-site intranet, remote access, and extranet
• Gateway configuration, provisioning, monitoring, and accounting
• Gateway interaction with firewalls and routers
• VPN client implementation issues, including interaction with operating systems
• Client operation issues, including working with NAT, DNS, and link MTU limits
• VPN management architectures and tunnel and security management
• Outsourcing and service provider environments

The book concludes with a forward look at the future of VPNs that examines such issues as security and quality of service (QoS). VPN scenarios throughout the book demonstrate how to put the described techniques and technologies to work in a real-world Virtual Private Network.

The Internet has been around in one form or anotherfor more than three decades now, but it really has been since the middleof the 1990s that the use of the Internet became a daily part of people'slives. Connectivity to the Internet is now imperative for almost all companies,regardless of what their business really is. Individuals can find Internetaccess at school, work, and home, in cafés and kiosks, and in cellphones and PDAs. Staying connected has become an obsession.

The focus has shifted from being connected to being securelyconnected. It is one thing to have Internet access, but without security,the usefulness of the connectivity is rather limited. People want to havethe reach of the Internet, but they should not have to compromise theirprivacy or expose proprietary resources.

Fortunately, all of the ingredients are present for constructinga private network on top of a public one. The challenge comes in puttingthe technologies together so that the result is a viable and secure virtualprivate network.

This book provides a comprehensive guide to the technologiesused to enable VPNs, the VPN products built from these technologies, andthe combinations of various components to provide practical VPN solutions.

VPN technologies and solutions are still rapidly evolving.This book describes the current state of the art in this field. But thingschange quickly, so when appropriate, we have attempted to point out thecontinued effort in the industry to develop new technologies and solutions.

Audience

This book is intended for a broad range of readers interestedin virtual private networks.

For network engineers and managers, this book serves asa practical guide to the technologies and solutions. It discusses issuesto be considered in designing and implementing a VPN.

For VPN software and hardware developers, it provides the necessary background material to understand the functions to be developed and the rationale behind them.

For IT managers and executives, this book sets the overallcontext of VPNs and provides the means for assessing various implementationsfrom equipment vendors and service offerings from service providers.

For students and educators, this book can be used as areference text for a course in network security or electronic commerce.

Book Organization

This book is organized in three parts. Part I--VPN Fundamentals--consistsof three chapters: Introduction, Basic Concepts, and VPN Architectures.Chapter 1 introduces the concept of VPN and how it permits flexibilityin facilitating private communication in a public network. We also classifythe relevant technologies into four distinct categories. Chapter 2 setsVPNs in context by briefly reviewing the development of the Internet andhow security has been thrust to the forefront. It also reviews the basicIP networking and cryptography concepts that pertain to VPNs. Chapter 3presents VPN architectures in two ways. The first approach is based ondesigning VPN around practical networking solutions: site-to-site intranet,extranet, and remote access. The second approach focuses on the differenttraffic aggregation points where security services are applied.

Part II--VPN Technologies--consists of five chapters:Tunnels, IPsec, Authentication, Public Key Infrastructure, and Access Control.Chapter 4 is concerned with the most important technology category--tunneling.We investigate the many different tunneling technologies that are importantin VPN solutions. Chapter 5 concentrates on IPsec, the security protocolfor IP standardized by the IETF and, in our opinion, the VPN tunnelingtechnology that will be most prevalent going forward. Chapter 6 describesauthentication in a broad context first a nd then describes the varioustwo-party and three-party schemes that widely applied in networking. Themost important three-party scheme--PKI--is then presented in Chapter 7.In Chapter 8, we look at access control technologies, an often overlookedbut vital aspect of VPNs. We describe how access policies can be presented,managed, and enforced in a networked environment.

Part III--VPN Solutions--consists of four chapters: VPNGateways, VPN Clients, VPN Network and Service Management, and VPN Directions:Beyond Connectivity. This part describes how the various technology componentscan be assembled to create practical VPN solutions. Chapter 9 starts withthe roles played by a VPN gateway, then derives the requirements imposedon the gateway, and finally describes the various functions that shouldbe implemented. It also presents a concrete design example. Chapter 10details the many issues of VPN clients, some similar to VPN gateways andsome different. Chapter 11 presents the needs and approaches for performingcontinued management of VPNs from the viewpoints of both a network anda service. Finally, we discuss the future directions of VPNs in Chapter12 and how important it is to realize that networking is the means, notthe goal, and to look beyond simple connectivity in the networking arena.

How to Read the Book

There are two ways to read this book. For novices, werecommend completing Part I before proceeding to either Part II or PartIII. For readers already knowledgeable in networking and security, eachchapter is self-contained and can be read separately.

Readers are encouraged to read Chapters 4 and 5 togetherto obtain a fuller grasp on the concept of tunneling and IPsec as a layer-threetunneling technology. Similarly, Chapters 6 and 7 deal with authentication,with Chapter 7 exploring public key infrastructures in detail. It is alsoa good idea to review how a certain technology is introduced in Part IIbefore seeing how it is applied to a VPN solution in Part III.

Ruixi Yuan
Tim Strayer

Boston, Massachusetts
March 2001

0201702096P04242001


Reader review(s):

Clearly written book on underlying technologies for VPNs, June 12, 2001
This book is a great starting point for understanding the business reasons for implementing VPNs and the underlying technology. Although the book gets moderately technical it is written in such a manner that it can be understood by business process owners who have exposure to technology, as well as IT professionals who need to understand the network and security aspects of virtual private networks.

The focus of the book is the underlying technologies more than VPN solutions, and the emphasis is on VPN security infrastructure and services. Part I covers what VPNs are, how they can be employed as solutions to business requirements, and a basic overview of the concepts and technologies. I like the clear way the authors present this material, and the fact that it is completely accessible to non-technical readers.

Part II delves deeper into each facet of the underlying technology, covering the major topics: tunneling, IPsec, authentication, PKI, and access control. This part of the book will quickly get a network specialist up-to-speed on security services provided by VPNs, and goes deep enough to give a clear understanding of the security infrastructure in language that a network specialist will be comfortable with. It is also an excellent resource for system architects who need to see the big picture and fully understand how this technology set fits into an coherent architecture. It is especially valuable to architects and IS/IT professionals from other technical domains who are working in the health care industry because the infrastructure and services discussed are directly applicable to HIPAA requirements.

VPN solutions discussed in Part III is a wide survey of the components needed to implement a VPN. The chapter on VPN clients is must reading for anyone who is designing or implementing a VPN solution, as is the chapter on network and service management. Both of these chapters address issues that I have not come across in other books. For example, some of the issues with MS Windows VPN clients are potential "gotchas" that you need to be aware of in order to implement a completely secure (and supportable) VPN.

Overall: this book provides a high-level view with enough technical detail to give you a good understanding of the capabilities and limitations of virtual private networks. The writing is clear and readable, and the book is amply illustrated. Moreover, both authors work for BBN, which has been a key force in the evolution of the Internet for over 30 years the book has an air of authority and credibility that is rare in other books of this genre. I give it five stars for explaining a complex technology and for never losing sight of the business reasons for a VPN.

Not "Virtual Private Networks Illustrated," but still useful, September 23, 2001
I am a senior engineer for network security operations who uses a VPN every day. I read "Virtual Private Networks: Technologies and Solutions" (VPN:TS) to gain a better understanding of this key component of modern networking. While VPN:TS is not the VPN equivalent of Rich Stevens' "TCP/IP Illustrated," it's the best general-purpose VPN book I've read.

Thanks to the book's logical arrangement, precise wording, and short length (281 pages of text), VPN:TS is a fast read. (I finished it in a little more than one day.) It offers clear diagrams of various architectures and protocol headers. VPN:TS is technology neutral, preferring to describe principles and protocols instead of products. Consequently, those looking for a how-to manual for configuring Cisco router or Checkpoint Firewall-based VPNs should look elsewhere. I welcomed this approach, since I have no need for information on popular VPN implementations!

VPN:TS struck me as more than a book about virtual private networks. Because little time was spent elaborating product configurations, the authors discussed related networking topics. These included chapters on cryptography, authentication, PKI, access control, and network management. VPN:TS also describes the relationship between Multiprotocol Label Switching (MPLS) and Quality of Service (QoS). Readers familiar with all of these topics might not appreciate this material, but I enjoyed it.

I was disappointed that VPN:TS did not offer any traces to demonstrate various protocols in action. I believe the authors should have demonstrated building a sample VPN solution, complete with example configuration files and installation steps. An open source project like Linux FreeS/WAN or BSD KAME would have been ideal. This demonstration would have allowed discussions of troubleshooting common client/server obstacles.

VPN:TS is not the sort of reference book to place next to your router, firewall, or laptop. It's best suited to learning general VPN design and deployment. Those seeking technical implementation details will have to look elsewhere. Those who want to learn the role of VPNs in the wider networking realm will appreciate VPN:TS.

(Disclaimer: I received a free review copy from the publisher.)

Excellent VPN reference..., August 24, 2001
This book gets my nod as one of the best VPN books currently available. Most of the early VPN books have been awful, written totally from the business perspective -- i.e., why I need a VPN, or why VPNs are good. These author have apparently actually built some VPNs and write for someone who actually needs to build a VPN. Here, a reader can acquire an understanding and appreciation of such issues as products; protocols; the relationship between VPN tunnels, IPsec, and NAT; the relationship between the VPN server and firewall; etc., etc. I give this book my highest recommendation -- namely, I would spend my own money on this book!

clearly written, August 10, 2001
The strength of this book is its clarity, which is achieved through topic selection, proper organization of topics, and different explanation of key concepts according to context. Coverage is wide. Meant for those who know networking and either want to learn about or implement VPNs. Btw the book is in English.