Book Review - Building Linux Virtual Private Networks (VPNs)

Networking/Security Forums -> News // Columns // Articles

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Aug 19, 2003 10:16 pm    Post subject: Book Review - Building Linux Virtual Private Networks (VPNs)
    ----
Building Linux Virtual Private Networks (VPNs)

Author(s): Oleg Kolesnikov and Brian Hatch
Website: http://www.buildinglinuxvpns.net/
Publisher: New Riders
Book Specifications:Soft-cover, 385 pages
Category: Linux Administration and Secure Networking
User Level: No prior knowledge of VPNs needed, recommended familiarity with Linux
Suggested Publisher Price: $44.99 USA/ $69.99 CAN/ 34.99 Net UK (inc of VAT)
ISBN: 1-57870-266-6
Amazon.co.uk: Building Linux Virtual Private Networks (VPNs)
Amazon.com: Building Linux Virtual Private Networks (VPNs)



Info from Back: "Building Linux Virtual Private Networks focuses on showing you how to get your Linux VPN up and running as quickly as possible. You will learn VPN theory and fundamentals and will master important techniques and tools needed to design and set up your VPN in a reliable, secure and cost-effective fastion"

Introduction

VPNs have always been an area I've been a bit shaky on, I've sort of understood the theory and set simple host-host VPNs up via Windows wizards but I've never really dug down to the encapsulation and host-network or network-network VPNs (I only know what these terms meant after I read the book Very Happy).

I was looking forward to reading this book so I could really get my head around VPNs, how to set them up, how to choose which protocol/cipher to use and so on.

It's quite a complex area and very important in todays security concious world.

Unlike the other books we have here this book is aimed at a very specific area so I wouldn't expect people who are just generally interested in security to be reading this review.

If you are really into your security and want to cover all aspects then no doubt you'll be looking at VPNs, if you are into security you are into Linux to some degree so this is the book for you. This book is intended to be a practical introduction and reference to bulding VPNs on Linux.

Contents

At the most basic level this book is broken into 3 main sections, Virtual Prviate Networks (introduction), Implementing Standard VPN Protocols (VPN with SSH and PPP, IPSec etc.) and Implementing Nonstandard VPN protocols (VTun, cIPE and so on).

The first section is very complete and runs to 62 pages, it really lets you get a feel for VPNs and all the main technologies and protocols included. It is split into two sub-sections; Introduction to VPNs and VPN fundamentals. This section also outlines the different types of VPNs, why you would use a VPN, network issues and so on.

If you are completely clueless about VPNs you would do well to read this chapter as it would fill in any gaps you have and is easy to read (obviously this only applies to technically minded people familiar with TCP/IP, Linux and encryption at a basic level).

Run down of chapters/sections/contents

Introduction to VPNsVPN FundementalsImplementing Standard VPN ProtocolsImplementing Nonstandard VPN ProtocolsAppendicesFor a very technical book the contents are very well laid out, books concerning Linux tend to dive straight in the deep end and assume previous knowledge. This book really introduces VPNs well, the concepts behind them, when you would and wouldn't want to use them and the advantages of each Protocol. It gives real world examples of remote offices and so on with solutions to show how a VPN could improve the business system.

It has a lot of detail on how a VPN will interact with a firewall and how it should be setup properly in various configurations (on the firewall, parallel to the firewall or behind the firewall). It then covers networking issues including netmasking and routing basics.

As for the technical sections, each section is lengthy enough with all the details needed to set it up, manually and shell scripts are included, although a CD with them on would have been useful but could have pushed the price up.

There is enough detail on every configuration to allow you actually do it in a way which suits your situation. This includes init.d scripts and is not distro specific (e.g in places shows both Debian and Redhat methods of installation).

Style and Detail

Honestly speaking I was actually expecting this book to be terribly boring as it in an area I am interested in, but well it's VPNs, how interesting can it be?

I was pleasantly shocked to find the book is actually very well written, interesting and engaging to read. There is a bit of humour in the writing and it's written in a plain, easy to read but not patronisingly simple manner.

It explains very well the conventions used in the book and gives a chart with the technical level of each chapter at the start, this gives you an idea how the book is going to go and perhaps if you are more advanced with VPNs you could skip straight to the Protocol or section you are interested in.

The introduction and examples are very easy to understand but are technical enough that you can see the justification for them while the technical chapters cover some highly complicated stuff but present it in an easy to read and clear format. The formatting for commands and config file entries is easy to pick out and well explained.

Each protocols section contains gotcha's (common mistakes), advantages and shortfalls.

Conclusion

Overall I grade this book highly, if it had a CD with the scripts and the software mentioned in the book I would have given it a 9. As it stands if you are planning to implement some non-commercial VPNs then this is the book for you. I was interested in this book as a growing security professional I personally felt it was an area I should be more than competent in. This book has given me the confidence that I now understand and can implement practical VPN solutions.

If you are at all interested in VPNs on Linux get this book and well if you are into the whole zen security thing, get this book because really you should know everything you can!

I give it a 8/10



This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.

Keywords: VPN Linux VPN's VPNs Security Encryption Tunnel SSH


Last edited by ShaolinTiger on Sun Jan 18, 2004 8:09 pm; edited 7 times in total

Author: briLocation: Seattle, WA PostPosted: Sun Aug 24, 2003 9:17 pm    Post subject:
    ----
Thanks for taking the time to write a very well thought out review. Glad to see you liked the book.

Quote:
Overall I grade this book highly, if it had a CD with the scripts and the software mentioned in the book I would have given it a 9.


We intentionally did not have a CD with the code or the software. Since all the software is being updated frequently, it would have been out of date by the time you got it. Secondly, all the source code we wrote for the book is available on our website at http://www.buildinglinuxvpns.net, and can be viewed online individually or you can snag the whole .tgz tarball, and it's all released under the GPL. Having it there kept the cost down (adding a CD to the book would raise the price a few bucks, believe it or not) and allows us to keep it updated, for example fixing bugs or adding more comments to the code.

Quote:
I was pleasantly shocked to find the book is actually very well written, interesting and engaging to read. There is a bit of humour in the writing and it's written in a plain, easy to read but not patronisingly simple manner.


That's what we were aiming for. However I'd need to admit that any humour that you find that was funny was written by Oleg. My sleep-deprived attempts at humor didn't even make sense to me, and luckily did not make it to the final copy. Well, except perhaps some PPTP bashing in chapter 7. Hard to pass up that kind of opportunity...

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Mon Aug 25, 2003 12:07 am    Post subject:
    ----
Hi Brian, many thanks for posting.

It's nice to know my work is not in vain Smile

bri wrote:
We intentionally did not have a CD with the code or the software. Since all the software is being updated frequently, it would have been out of date by the time you got it. Secondly, all the source code we wrote for the book is available on our website at http://www.buildinglinuxvpns.net, and can be viewed online individually or you can snag the whole .tgz tarball, and it's all released under the GPL. Having it there kept the cost down (adding a CD to the book would raise the price a few bucks, believe it or not) and allows us to keep it updated, for example fixing bugs or adding more comments to the code.


Well it wasn't so much the software as I know things change so fast that's a fairly futile excercise. It was more from the standpoint of the extensive scripts in the book (setup scripts, init.d scripts etc), which I can't stand typing in from books as it's very easy to make mistakes.

I wasn't aware the book had a site, perhaps I missed it in the intro somewhere. I think it should be made clearer there is a website, what is contained on it and that you can download the tools and scripts mentioned in the book there.

I've updated the review above to include the URL.

I appreciate it would have raised the cost which is a very valid point, but now I know there is a website where I can grab the scripts it's not so much of an issue, and as you say it enables you to add comments and update errata (a good thing!).

Anyway hope to see you around here a bit more.

Cheers

ST

Author: briLocation: Seattle, WA PostPosted: Mon Aug 25, 2003 4:42 am    Post subject:
    ----
ShaolinTiger wrote:

Well it wasn't so much the software as I know things change so fast that's a fairly futile excercise. It was more from the standpoint of the extensive scripts in the book (setup scripts, init.d scripts etc), which I can't stand typing in from books as it's very easy to make mistakes.

I wasn't aware the book had a site, perhaps I missed it in the intro somewhere. I think it should be made clearer there is a website, what is contained on it and that you can download the tools and scripts mentioned in the book there.


It was noted in the beginning of the book in the 'frontmatter'. Now I've only known one person who ever reads that stuff (I don't) so we tried to meantion it in the actual chapters too now and then. However the most obvious place you'd find it is the back cover.

They 'corrected' our URL on the back, changing '.net' to '.com' for us. Guess they thought we had a typo. Wink



Networking/Security Forums -> News // Columns // Articles


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group