vpnsite.net

Price : $9.96

 

Product Description

Virtual private networks (VPNs) based on the Internet instead of the traditional leased lines offer organizations of all sizes the promise of a low-cost, secure electronic network. However, using the Internet to carry sensitive information can present serious privacy and security problems. By explaining how VPNs actually work, networking expert Jon Snader shows software engineers and network administrators how to use tunneling, authentication, and encryption to create safe, effective VPNs for any environment. Using an example-driven approach, VPNs Illustrated explores how tunnels and VPNs function by observing their behavior on the wire. By learning to read and interpret various network traces, such as those produced by tcpdump, readers will be able to better understand and troubleshoot VPN and network behavior.Specific topics covered include: *Block and stream symmetric ciphers, such as AES and RC4; and asymmetric ciphers, such as RSA and EIGamal *Message authentication codes, including HMACs *Tunneling technologies based on gtunnel *SSL protocol for building network-to-network VPNs *SSH protocols as drop-in replacements for telnet, ftp, and the BSD r-commands *Lightweight VPNs, including VTun, CIPE, tinc, and OpenVPN *IPsec, including its Authentication Header (AH) protocol, Encapsulating Security Payload (ESP), and IKE (the key management protocol) Packed with details, the text can be used as a handbook describing the functions of the protocols and the message formats that they use. Source code is available for download, and an appendix covers publicly available software that can be used to build tunnels and analyze traffic flow. VPNs Illustrated gives you the knowledge of tunneling and VPN technology you need to understand existing VPN implementations and successfully create your own.

Customer Reviews

Review date : 2006-08-17
VPNs Illustrated is a great book for those wishing to understand network traffic at the packet level. Author Jon C. Snader was inspired by the earlier TCP/IP Illustrated volumes, and tries to reproduce the Tcpdump-style material found in Stevens’ classics. The level of detail found in VPNs Illustrated easily outweighs any problems this book might suffer, so I recommend you read it for in-depth knowledge of VPN traffic.

The book is divided into three parts. Of these, I found Part I ("Background") to be of questionable value. The introduction (ch 1) should not have been a chapter, and ch 2 ("TCP/IP Overview") should be replaced by a reference to existing volumes on TCP/IP. The crypto overview (ch 3) could also be replaced by a reference to other books, although as a non-crypto guy I found it a helpful refresher. The last chapter in part 1 finally gets to more subject-specific information, covering PPP, IP-in-IP, PPPoE, GRE, PPTP, L2TP, and MPLS tunnels. I really liked reading the author’s criticisms of certain protocols like PPTP and L2TP. He should have included Tcpdump traces of MPLS, since the other protocols featured packet data.

Part II included chapters on VPNs (ch 5), SSL (ch 6), SSH (ch 7), and "lightweight" VPNs (ch like VTun, CIPE, Tinc, and OpenVPN. Some of this material is very deep and probably unnecessary for most readers. The author explains messages exchanged by almost all of these protocols, which is information I’ve not seen elsewhere. Some may consider these descriptions obscure, while others (probably researchers and developers) will appreciate the analysis.

Part III covers IPSec. Ch 9 ("IPSec") should be part of ch 10 ("IPSec Architecture"). The remaining sections thoroughly address IPSec (11: AH; 12: ESP; 13: IKE; 14: the future of IPSec). I think chapters 10-13 are the best IPSec material I’ve read. They made more sense than others I’ve seen, although the complexity of IKE made ch 14 difficult to follow.

Throughout VPNs Illustrated, the author is not shy about sharing criticisms of various protocols. This is extremely valuable. He also repeats sound advice on practices to avoid (like static preshared keys) or measures to consider (defeating replay attacks). Because he illustrates so many protocols, he compares and contrasts them to emphasize key points. He also frequently cites authoritative sources like Schneier and Ferguson.

To achieve a fifth star in a second edition, I would like to see the author incorporate my previous suggestions. I would love to see configuration files for all of his examples in the appendices. He can move existing examples out of the main text to improve readability. Every protocol should have a corresponding network trace analysis, and the traces should be posted on a Web site. I would also like to see a summary of his thoughts on what makes a great VPN protocol, and then his ratings for various implementations.

You won’t necessarily be able to implement the VPN software discussed in VPNs Illustrated by simply reading the text. You will gain a great understanding of how they work, or sometimes, don’t work!

Review date : 2005-12-02
I bought this book aiming to gain indepth understanding of VPN technology, but I was disappointed. The key chapter 4, for example, try to explain tunnel concept left and right, but it mixed the general encapsulation and tunnel, and the verbose wording didn’t make it any clear. Using tcpdump trace to explain some of the field is both a blessing and curse, depending on how you look at it - I think the book is sort of strong in specific details but weak in overall conceptual pictures - however most of those details have been better documented in the RFCs.

Another example - when talking about generic tunnel skeleton using FreeBSD as example (ch 4.8), where some code snippets are presented, I feel some background and detailed illustration of flow/drawing is necessary to clear up the concept and why it correlates prevoius sections, but none given.

It may sound a bit harsh: though the author try to emulate Rich Steven’s style and dedicate the book to him, but it is hard for me to say the end product can really live up to Steven’s standard.

Review date : 2005-11-23
NOTE: This book is not for everyone, if you have not invested at least 40 hours looking at network traffic, I would recommend you pass.

This book is zero fluff, it makes you want to spin up your scratch boxes and follow along. In fact I did just that, I have to switch to a new ISP that requires PPoE and I was always curious how that worked, the book gave me just enough of a clue to interpret what was passing in and out of my house.

The world has a new grandmaster of tcpdump and I have seem some pretty good ones over the years. Once I designed a T-shirt for a SANS conference with the hexadecimal output from a tcpdump; only we flipped it so it was running down the shirt and rendered in green, to resemble the matrix.

The packet was a DNS reply. In the additional records we said good things about SANS; after all, gotta market to eat. There was an error intentionally placed into the shirt and we designated a prize for the first attendee to find the error. A student walked by wearing the shirt and the "4500" in the hex field caught one of the instructor’s eye. She followed him around murmuring, it is sideways, UDP, DNS, a reply, there are additional records, wait a minute that pointer entry is wrong. We watched in amazement, when she was done and looked up, the entire SANS faculty bowed to her. Because a mal-formatted packet can kill a packet analyzer the world needs people like Judy and Jon.

This is not a beginner book and Jon expects you to catch the 4500 stuff pretty fast. However, if you have followed the discipline of tcpdump instead of some packet analysis tool that spells out everything this book can take you to the next level.

VPNs Illustrated is rich in diagrams, including packet headers and state diagrams, examples of network traffic, and cartoons that explain the architecture of the system, or network. It is amazingly well edited, my only nit is on page 93, line 1 spacing off by one character.

The book has a strong linux bias, if you are a Windows person, you will be able to follow along for about 60% of the book using Windump, but you will not be able to use the tools or source.

This is the perfect reference for the person that knows networking and wants to really invest in taking it to the next level.

Finally, the dedication to Rich Stevens was over the top and heartfelt appreciated. I will never forget the man who taught me how to read a packet.

Review date : 2005-11-16
Given the complexity of VPN I was hoping to find a book that could explain key technologies in a concise and an organized manner. "VPNs Illustrated" does contain a wealth of technical information, but it failed on both counts.

The book offers unnecessary detail when trying to explain key concepts. It is so disjointed that the author is reduced to constantly referring the reader to other chapters to find information that is needed to understand a specific topic area. For example, the critical topic of IPSec is first introduced during a discussion of L2TP.

The book contains factual errors such as a typo describing "OC4" when the author meant to say OC48.

Overall, I was very disappointed with this text. It needs to be proofread and completely reorganized.

Take it from a programmer who lost seven days of criminal records. Take it from a game designer who tweaked version 1.0 one time too many. Take it from a Windows XP user who has no idea why Bill Gates likes to freeze PCs for no reason.

Just like living a healthy lifestyle requires discipline, you must develop good backup habits. You already know you should, but here is why you don’t:

• Lazy (It’s the number one killer of productivity)
• Busy (anaerobics are great, but don’t neglect the cardio!)
• Over-Confident (sure, you’re young, now?)
• Clueless (you went to McDonald’s again?)

Now, I realize that you are running a business, so you have specialized software to handle different aspects of your business: contact manager, accounting package, schedulers and database managers. Each of these programs have some kind of backup capability.

However, ask yourself one question: what is easier to replace, contact information, or the 15,000 word article you spent two days researching?

Backup Fundamentals

As the previous question should make clear, different files have different anxiety levels attached to them. The first thing you should do is to decide whether it is more important to be able to replicate your current working environment or to be able to retrieve mission-critical files.

Replication

After a total computer failure, the ideal scenario would be to load a few CDs, punch a few buttons, wait about an hour and voil?, your system is ready for you to resume work as if nothing had happened.

There are packages that you can purchase which claim to restore your PC to any particular point in the past. There are also systems for cloning your PC. This whole-earth approach, while effective, is so broad, that it is beyond the scope of this article. At any rate, you’ll still need to recover individual files in a disaster. So, read on.

Mission-Critical Recovery

This dire-sounding phrase (which I made up, because it sounds techno-geek) simply means that you can retrieve your files even after a total disaster. Disasters include mechanical failure, theft, operator error (Oops!), fire, and ? believe it or not ? software upgrades.

Assuming you have decided to focus on mission-critical recovery, your next step is to decide whether the backup plan should revolve around your current working environment and habits, or whether you should adopt new organizational methods to facilitate backups. The choice is up to you. The only thing you should keep in mind is that, if the backup plan is too complicated, you’re not going to bother.

On the one hand, if your work is scattered all over the hard drive and you elect to have a backup plan that revolves around this current plan, it will probably be a time-consuming task to not only set up the initial backup plan, but also to maintain it.

On the other hand, you may have the most efficient organization possible, but if you pair it with an arcane backup plan, you’re probably going to decide it’s too much trouble.

A Plan

In my experience, it has been helpful to take a middle road. My productivity is keyed to my organization, so I can’t just scrap it. However, by researching backup plans and understanding the goals of each solution, I have been able to gradually evolve a plan that works for me. One thing I have never solved to my satisfaction is synchronizing files between workstations. If this is important to you, the best advice I can give is to treat your backup solution as if it were a network drive. This is imaginary, but it helps me to visualize being able to access my files from any computer.

Backups have to solve a host of problems in order to be useful:

• automatic
• archive
• restore
• catalogue and report
• compare
• recycle
• media-independent

Automatic

There is something comforting about knowing your files are backed up on a regular schedule. If you don’t know how to set up task scheduling, it is a good skill to learn.

Archive

In today’s gigabyte world, most backup solutions involve a second hard drive. Even if you can’t imagine ever filling it up with backups, you have to remember, that hard drive is still a mechanical device, subject to failure. Unless it is offsite, it is also subject to the same disasters as the primary drive. You need to archive your backups to a more permanent medium, such as magnetic tape or CD-R.

After you have archived the data, you can reclaim the hard drive space on both drives.

You really should find a place outside of your home to store archives. Use your imagination. I’ve kept backups in a safe-deposit box!

Restore

This is obvious. The most annoying part of restore operations comes when you are attempting to retrieve a file without the original backup software. If the backup is in a popular format such as zip or tar, you may be able to retrieve the needed files. So, keep in mind that proprietary solutions are not the best solutions.

Another aspect of restoration involves the directory structure. Where should the restore file go? You may want to compare versions, so it would be a mistake to overwrite the version on your primary drive. The best solutions leave this choice up to you.

Catalogue and Report

What good is a backup if you can’t find the file when you need it? My all-time favorite is a stand-alone product that has nothing to do with backups. It’s called WhereIsIt and it can store a huge amount of information. No matter where I put a file, if I catalogued it with this package, it will tell me where it is. It has a powerful report generator that can provide all kinds of useful information about catalogued files. Here’s how I use WhereIsIt. Every Saturday, I get a reminder from Outlook to run it. (I believe it has some kind of scripting language with which I could automate the task, but I never bothered. It’s easy enough.) I click the backup button, select the external hard drive and the program does the rest! The catalogue resides on my primary drive for quick access.

Compare

There are many programs that will let you compare two versions of a file. Pick one that will do what you need. As a programmer, I find BeyondCompare to be indispensable. It compares folders to folders or files to files. It allows me to use a built-in FTP program to upload files from my hard drive to the web. (There’s a plan!) The bonus for me is that BeyondCompare will synchronize folders. So, I have set it to automatically backup the contents of My Documents to the external hard drive. This is done once a night, using my infamous Tower of Hanoi backup scheme.

Recycle

You do not have unlimited resources to maintain backups indefinitely. At the least, you will run out of shelf space for your CD-Rs. Your cataloguing and report capabilities will become over-whelmed or, they will become so voluminous as to be nearly useless. In more severe instances, your backup media will become too small to hold the data.

Time is the final arbiter of the value of files on your hard drive. When the file is no longer needed, it can be deleted. This will keep it from taking up valuable backup space. However, determining how long to keep archives is more problematic. When I worked at the police department, the CD-Rs were kept for thirty days and then shredded. This was a simple decision, because every backup was a full backup.

Media-Independent

Remember 100MB Iomega Zip disks? As a replacement for floppy disks, these media were the perfect bridge between miniscule storage and expensive (at the time) compact disc technology. However, the computer world continued to scale up its storage demands and the 100MB became as futile as the floppy. A good backup solution should be flexible enough to write to any medium. In addition, the files should be recoverable even without the presence of the original backup software. In other words, proprietary solutions may not be suitable for mission-critical recovery.

Of course, we don’t live in a perfect world. The best backup solution for me is the SanDisk Cruzer Titanium USB key. It has 512MB of storage and several proprietary packages for backing up my critical files. I am willing to put up with it because I don’t rely solely on the key. At 512MB, it is wholly inadequate to be my primary backup solution.

My media-independent solution is ZipBackup. As the name implies, it creates the popular zip file format. I have many choices between full, incremental and differential backups. With task scheduling, I run this program four times a day.

Information Overload!

You don’t need all that stuff. I do. I am not a freelance writer. You are not a programmer (if you are, you need all that stuff!)

The preceding information just helps you to get a grip on the scope of the wonderful world of backups. Now that you have the background, you can wipe all the minutiae from your short-term memory and focus on the following:

If you are using a PC with drag and drop capabilities, you can backup your work!

You spend all day on your computer. I don’t know if you have any idea that you can drag a folder to the icon for your cd writer. It’s not the easiest way to do things, but it works.

A better way to do this (Windows XP) is to select the files, right-click and highlight Send To and choose the cd writer. You can go all over the hard drive, right-clicking and sending files until you have all of them waiting to go. Then, just follow the wizard’s instructions.

After a couple of days of this drudgery, you may decide to rearrange your file organization to accommodate this new right-click backup solution.

At that point, you’re well on your way to understanding the problems and rewards of backing up.

Mitchell Allen is an advocate for cross-networking: synergistically linking multiple social networks in order to increase membership exposure.

He writes for fun and profit at WritingUp.com

He maintains The Vertical Blog Tunnel Network at the social network, http://www.Ryze.com