http://www.spinellis.gr/pubs/Breview/2001-CR-VPN/html/review.html
This is an HTML rendering of a working paper draft that led to a publication. The publication should always be cited in preference to this draft using the following reference:

The document's metadata is available in BibTeX format.

Find the publication on Google Scholar

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Diomidis Spinellis Publications


Copyright © 2001 by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept, ACM Inc., fax +1 (212) 869-0481, or permissions@acm.org.

Book review: Virtual Private Networks: Technologies and Solutions

Diomidis Spinellis
Athens University of Economics and Business

Ruixi Yuan and W. Timothy Strayer
Virtual Private Networks: Technologies and Solutions
Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2001
317 pp. ISBN 0-201-70209-6

The wide deployment of the Internet is offering organizations a viable infrastructure for their networking needs providing ubiquitous coverage and cost reductions through economies of scale. However, communications over the public Internet are inherently insecure. A number of technologies can be brought together to construct a virtual private network (VPN): a secure network over the infrastructure of a public network. Yuan and Strayer eloquently describe the disparate technologies underlying the realization of VPNs and outline typical solutions for deploying VPNs throughout the organization. The book can be used as a tutorial on VPN concepts providing a survey of the most important underlying technologies.

The work starts with an overview of fundamental networking and VPN concepts, making it readable even by professionals not versed in the area of networking. Separate chapters introduce the VPN drivers, market, technologies, and solutions, describe the Internet's architecture and security basics, and outline different VPN architectures (site-to-site, remote access, and extranet).

The main body of the book consists of chapters describing each key VPN technology. The basic block for building a VPN is a tunnel: an architectural concept describing the overlay of a virtual network link across an arbitrary physical network topology. The family of Internet protocols known as IPSec is then used to secure the tunnel's contents. The description of VPN technologies ends with a discussion of authentication (two party, and trusted third party based), the public key infrastructures that can provide VPN certificates, and how to arrange and manage VPN access control. All technologies are generically described with a separate section explaining how they apply to VPNs.

The last part of the book describes complete VPN solutions. These come in the form of dedicated gateways that are used to link networks together, or clients that are installed on end-user machines. Both chapters deal with the underlying concepts and refer to explicit products only to illustrate specific points. This keeps the material current in a rapidly changing marketplace, but, on the other hand, makes life more complicated for the network engineer who is looking for comparisons and recommendations to guide him towards the particular VPN solution to adopt. A separate chapter deals with the important issue of VPN network and service management including advice for managing a VPN that is outsourced to a network provider.

The book is professionally composed in all of its aspects (sectioning, typography, illustrations, editing, index, and references). Your reviewer would prefer the technically correct and accurate description of the VPN landscape to be complemented by insight, opinions, and directions which the authors obviously are in a position to provide. As it is "Virtual Private Networks" is a definitive reference for the VPN technologies and solutions.