Technology and Society

Book Reviews
What's New
Privacy & Individual Rights
Commerce, Security, & the Law
Net Culture, Art, & Literature
International Affairs & National Security
Ethics, Rhetoric, & Metaphysics
Science Fiction

Other Resources
Other Book Review Sites

Title: Virtual Private Networks
Authors: Charlie Scott, Paul Wolfe, and Mike Erwin
Publisher: O'Reilly
Copyright: 1998
ISBN: 1-56592-319-7
Pages: 177
Price: $29.95
Rating: 83%
I was excited to see a book on virtual private networks (VPNs) so early in the game. Technologies to tunnel encrypted information over open networks are relatively new (though tunneling TCP/IP over proprietary protocols is not) and I eagerly anticipated a book on the subject from a publisher of O'Reilly's caliber. Virtual Private Networks is a good first take on the subject, though there are relatively few products and case histories for the authors to draw upon in their discussions.

Virtual Private Networks opens by motivating the need for VPNs, with brief references to the familiar threats of packet sniffing, IP spoofing, and network intrusions. I was glad to see the authors didn't try to pad the book by going into too much detail in these and other areas familiar to their target audience of experienced network administrators. One area where a bit more detail up front would have been helpful, however, is the "A Brief History of Cryptography" section beginning on p. 31. The authors rush through an overview of secret key encryption, public key encryption, and hash functions in two confusing paragraphs that snapped the flow of the manuscript. They fixed the problem on p. 34 with detailed discussions on cryptosystems, but I was concerned about the quality of the section for the intervening pages. The introductory discussion on firewalls is much better than its crypto counterpart.

The book picks up as it goes along, though. Parts that stand out are the chapters on VPNs' interaction with remote access and wide area networks (WANs), implementing the point-to-point tunneling protocol, and configuring Cisco's PIX firewall. The WAN discussion is particularly solid. The authors also walk the reader through configuring other VPN technologies, including those for personal users, but the information could probably be obtained through the documentation accompanying the products. The chapters will help administrators compare products without purchasing them, however.

I don't mean to sound too harsh; Scott, Wolfe, and Erwin (and their editor, Andy Oram) took on a tough job when they agreed to this project. The team was faced with writing about a brand new subject that had several of its most important aspects partially covered in other O'Reilly books. I can sympathize with the authors' struggle to include only non-duplicative material and look forward to the second edition of Virtual Private Networks.

Curtis D. Frye (  is the editor and chief reviewer of Technology and Society Book Reviews.  He worked for four years as a defense industry analyst at The MITRE Corporation in McLean, VA, and is the author of Privacy-Enhanced Business, from Quorum Books.