Publisher: Cisco Press
In our "2002 Security Year in Review: VPNs and Firewalls" article, David Flynn, Vice President of Marketing at NetScreen pointed out that : "2002 has been the year of marked VPN adoption. As distributed enterprises and service providers recognize the cost savings realized by leveraging the public Internet versus leased lines for data connections, deployments have increased from tens to hundreds of sites." If your organization uses Cisco's products and plans to deploy a Virtual Private Network, this book will help a lot.
About the author
Andrew G. Mason, CCIE #7144, CCDP, CSS-1, is the CEO of three UK-based companies: Mason Technologies, CCStudy.com (resource site for Cisco Certification), and Boxing Orange. Andrew has 11 years experience in the networking industry and is currently consulting for the largest ISP in the UK. He is involved in the design and implementation of complex secure hosted solutions utilizing products from the Cisco Secure family. Andrew also holds CCSA, A+, Network+, CNA, and MCSE+Internet certifications.
An interview with Andrew G. Mason is available here.
Inside the book
The foreword written by Rick Stiffler, Manager of VPN Security Training at Cisco Systems, gives some background information on this publication. In the beginning of 2001, Cisco announced a new family of professional certificates called Cisco Qualified Specialist (CQS) and the first certificate announced was Cisco Security Specialist (CSS1). CSS1 was designed to certify general network security skills, especially intrusion detection, firewalls and VPNs. This book presents the knowledge contained in the instructor-led and e-learning courses that have the same title - Cisco Secure Virtual Private Networks (CSVPN).
Mason's "Cisco Secure Virtual Private Networks" is the book aimed to the intermediate readers, with system administration experience. The novice users who understand the possibilities of VPN, should also find their answers in this book, but mainly the book is meant for the system administrators who are planning to deploy VPN using Cisco's equipment. Also if you are preparing for Cisco's certification, information provided here covers the required objectives for the CSVPN exam #9E0-570.
Virtual Private Networks are the most cost effective solution for establishing a point to point connection between the remote user and organization's network. There are three main types of VPN's: Access, Intranet and Extranet. Access VPNs provide remote access to organization's intranet or extranet over a shared infrastructure, such as ISDN, DSL or cable. Intranet VPNs have the ability of linking organization's headquarters, remote offices and branch offices to an internal network. This is done over a shared infrastructure using dedicated connections. Extranet VPNs connect customers, partners or various communities to the organization's network. This is also done over shared infrastructure and dedicated lines, but the main difference between Intranet and Extranet Vitual Private Networks, is that Intranet VPNs allow access only to the organization's employees.
The book is starting with the Virtual Private Networks fundamentals which cover protocols and basic topics that will be of use in the VPN deploying. IP Security Protocol (IPSec) is a framework of open standards that provides data confidentiality, integrity and authentication between peers and IP layer. As IPSec is used by Cisco IOS for enabling VPNs, overview of this protocol and its operations is presented to the reader. Additionally, this part of the book introduces the readers to Public Key Infrastructure, Certificate Authority and Digital Signatures basics.
The Cisco VPN Family of products is the topic of the second part of this book. Main components of the Cisco's VPN offering include:
- Cisco VPN routers - Use Cisco IOS IPSec support to enable a secure VPN
- Cisco Secure PIX Firewall - Offers a VPN gateway alternative when the security group "owns" the VPN
- Cisco VPN Concentrators series - Offers powerful remote access and site to site VPN capability, easy to manage interface and a VPN client
- Cisco Secure VPN Client - The VPN Client enables secure remote access to Cisco routers and PIX Firewalls; runs on Windows operating system
- Cisco Secure Intrusion Detection System (CSIDS) - Used for monitoring the security of the VPN
- Cisco Secure Scanner - Used for auditing the security of the VPN
- Cisco Secure Policy Manager and Cisco Works 2000 - These provide VPN-wide system management
In the same manner that the third part of the book talked about Cisco IOS IPSec configuration, the fourth and fifth parts are focused on the same configuration and troubleshooting options, but for the Cisco PIX Firewalls and Cisco VPN 3000 Concentrators. The difference is that the VPN Concentrators have an additional "Monitoring and Administration of Cisco VPN 3000 Remote Access Networks" chapter which is self-descriptive.
The final part of Mason's "Cisco Secure Virtual Private Networks" teaches the readers how to configure IPSec features on the combinations of Cisco Routers, firewalls, VPN Concentrators and VPN Clients. Dynamic crypto maps, client configurations, IPSec with Network Address Translation (NAT), tunnel endpoint discovery are some of the topics covered in the last chapter.
What I think of the book
This publication is designed to give the readers basic knowledge of planning, administering and maintaining Virtual Private Networks. It does provide some general VPN related information, but as it is a written reference for the Cisco Secure Virtual Private Networks courses, book will be of a great use to the readers wanting to enable VPN with their Cisco products. The educational value of the book can be seen through a series of questions that are presented after each chapter, and can be used for testing the knowledge of the read material. All the answers are presented in the Appendix of this publication.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.