[UKUUG Logo] Copyright © 1995-2004 UKUUG Ltd

UKUUG


Previous Next

Reviews

ASP in a Nutshell

A. Keyton Weissinger
O'Reilly & Associates, Inc., February 1999
426 pp
ISBN 1-56592-490-8

(Reviewed by Jim Webber)

Aside from the universally awful use of frames on web sites, the only other web technology issue which even raises anything like the same level of contention is Active Server Pages. Now politics aside even I would have to concede that the accepted use of the ASP technology has not quite reached its full potential. The concept of encapsulating both client and server side scripts within the web page to which they belong, rather than foolishly separating those components as is the CGI approach, is conceptually a good idea. So why have ASPs become known simply as "those web pages that don't work?" and can O'Reilly's offering make a difference?

Being personally involved with ASP writing myself, I would certainly hope so. I am continually sickened by my web browser reporting faults in scripts that it is running and offering to help me to debug them. So what does the O'Reilly book give me that I really, really want?

Well, the first thing that strikes you about the book, in common with other Nutshell titles, is the layout. No wasteful wide margins or annoying icons to provide distraction. No, the Nutshell books are always well presented typographically, and the structure of the books is usually spot-on. ASP in a Nutshell is no different. It is very well laid out and the overall structure of the book is logical and mostly impeccable. Use of illustrations is minimal and highly effective, no room for spurious pages of how a web browser looks here. As with other Nutshell titles, ASP in a Nutshell has handy thumb-markers on the edge of each page so that locating a pertinent section, combined with the excellent chapter structure, is straightforward.

The content and layout of this script is equally on a par with its presentation. I found the thread of the book to be very clear and thorough, taking the reader from an introduction to ASP technology and the notion of scripting in the first chapter, through to porting CGI applications to ASP and cross-platform issues towards the end. The in-between bits aren't lacking either. So, getting over my euphoria for a moment, what does this book actually offer? Lots.

An introduction to the technology at a very high level of abstraction, gives the reader a good feeling about what is happening at the sever/page level, followed by a chapter on writing with scripting languages for both client and server side scripting. Following the introduction for the next two sections of the book, the reader is presented with a reference of the objects that are available to the programmer working with ASPs, and copious well written examples of code showing how those objects can be used. The book finishes with three appendices covering porting, and configuration of ASP technology on different platforms. All this in 400 concise and well written pages make ASP in a Nutshell my preference over similar titles. Assuming the usual price advantage of the Nutshell books applies, this little gem trounces the opposition, containing a whole lot of information at less than half the price. If you're going to really do ASP properly, this is an essential tool by your side - after all you wouldn't consider doing HTML without a text editor would you?


Beginning Linux Programming

Neil Matthew & Richard Stones
Wrox Press Ltd.

(Review by Simon Cozens)

In Beginning Linux Programming, Wrox Press have given this critic a rare gift: the chance to say something nice about a book! Although the appellation "Beginning" maybe a little misleading, this is perhaps the most useful and the most comprehensive book on the subject I've seen in a long time.

The book starts with two fairly basic chapters on Linux and on shell programming, presumably in order to cover aspects not familiar to programmers coming from non-UNIX backgrounds. The material here, as throughout the book is concise, yet comprehensive, and well backed up with solid examples . If there was a criticism here, it might be that there were too many examples, which could obscure exactly what they were set up to demonstrate. However, for the most part, a good balance is struck, and the less confident programmer will feel reassured.

After this, we begin a whistle-stop tour of Linux programming in C. The authors assume basic knowledge of the language, but nothing too strenuous, and gently take the reader through all the necessary functions and structures specific to Linux.

The chapters on C are particularly noteworthy because they begin exactly where most C tutorials leave off; in many tutorials, one is left with a sense of understanding the language but maybe not knowing how to apply it, or how to build up a fully-fledged application in it. Beginning Linux Programming, on the other hand, demonstrates and explains useful, real-world applications of the topics under discussion, even though one or two of the examples appear pathologically contrived. (Would you really want to implement a CD database application in a shared memory client-server architecture? I don't think so, somehow...)

Right in the middle of the C section, which covers everything from simple file IO right through terminals, curses, socket networking and System V IPC, are two extremely useful chapters on development and debugging tools, something which can be sadly lacking in programming tutorials. These not only explain project management with make, but also cover minimum essential use of RCS, writing manual pages, (a rare and exceedingly welcome section!) gdb, lint, and some of the more common function call, profiling and memory debugging tools. (Maybe a little on autoconf and similar systems would be useful here, although there is a portability section in the Appendix.)

After this, you'd think there'd be not much else to talk about, but then comes a masterly (if a little crammed) chapter on Tcl; more of a reference than a tutorial, but still extremely useful, and followed fairly predictably, by a basic course in Tk widget programming.

The final two chapters seem to be filling in time; an introduction to HTML doesn't really seem to be within the scope of a Linux programming tutorial, but is still well explained and well presented, and follows on naturally to a brief chapter on CGI programming. (In C, though, of all languages! Why...?)

The book is certainly not for the absolute beginner, and some may find the pace a little hectic, but a lot of ground is covered, and is covered with a natural style, a clear presentation, a lot of well thought-out and explained examples, and perhaps most importantly, a definite understanding of, and respect for, traditional UNIX and Linux philosophy and culture. It's certainly worth the cover price for the C section in itself; no other book I have seen comes close to the diversity and clarity of subject matter in Beginning Linux Programming.

In short, this is exactly the sort of book I wish I'd had a few years ago. If you can read C, but aren't confident enough to write any Linux programs for yourself in it, buy Beginning Linux Programming at once. Even for the experienced Linux programmer, there are enough little titbits of information in this book to make this book worthwhile for everyone.

PS: Wrox will soon be bringing out a 2nd Edition of Beginning Linux Programming, which should include a chapter on Perl programming, something that this edition sadly lacks.


Perl Resource Kit - Win 32 edition

O'Reilly & Associates, Inc.
£99.95
ISBN 1-56592-409-6

(Reviewed by Adrian Wontroba)

In Brief

Perl 5.005 for Win32 systems, WWW server API support, ActiveX support, a large chunk of the CPAN archive, a graphical debugger, 1,500+ pages of useful documentation.

What you get

On paper
Perl Utilities Guide, Brian Jepson, 279 pp
Installation. Package Management. Perl overview. Perl development, including basic Perl, this is in just 50 pages, so if you don't know Perl, you'll really need to buy other books. Web Server APIs (ISAPI and WSAPI, mod_perl for Apache), Perlscript - an ActiveX scripting engine allowing the incorporation of Perl within an ActiveX scripting host. Writing extensions for Perl. Perl and Component Object Model objects. Where to find the updated Perl FAQ. Active Server Pages reference material. Perl Utilities (perldoc and friends).
Programming with Perl Modules, Erik Olson, 350 pp
Shows how to use some of the more popular Perl modules, including some Win32 and NT specific ones. A useful adjunct to the Module Reference manuals. Some Perl documentation is a bit, ahh, terse (8-) Introduces the Comprehensive Perl Archive Network and describes how to develop a module fit for CPAN, and how to submit it.
The Perl Module Reference Volumes 1 and 2, David Futato, 1106 pp
The POD (Plain Old Documentation) for a large number of Perl modules in the CPAN archive. Yes, if you get the modules you can print, and do other things, to the documentation, but printed copies can be useful. While the modules documented were proved to build and install by the providers, there is no guarantee that they actually work.
A sample copy of the Perl Journal
People deeply interested in Perl might like to subscribe to this. The articles range from the informative to the funny (this was the Spring 1998 edition).
On CD

Installation

Read Chapter 2 of the Utilities Guide - and then it is easy.

Updates

Licencing

While Perl source may be free, this collection definitely isn't. You get a single machine licence, with a clause allowing the primary user of a desktop machine to also install it on a notebook under some circumstances. Despite this, there is provision for network installation. O'Reilly will presumably sell additional licence packs.

Support

Use

Well, its Perl. Pure Perl things work. The Visual Package Manager uses a special purpose web server, written of course in Perl - which is a rather good installation test (8-). Some UNIX constructs are not supported (alarm, fork, SysV IPC etc.). I'm using Perl for data reduction on a NT system. My need to do this arose shortly after I saw the review copy in Mick's office. I'd hoped to use it to analyse NT PerfMon data or output files. To my delight, I found a module which read NT performance data from the kernel. To my despair it didn't work (its dll may be out of date). To my shame, I have not yet downloaded newer versions of the packages from the ActiveState web site. I've toyed with it on a Windows98 notebook, where it works well. I have not tried any GUI modules (there is a Tk interface).

The ActiveState debugger is a delight, and is invoked with the perl -d command.

Recommendation

Good if you need a comprehensive Perl implementation for Win32, and can afford it.

Protecting Networks with SATAN

Martin Freiss, translated by Robert Bach
O'Reilly & Associates, Inc.
112 pp
ISBN 1-56592-425-8

(Reviewed by Adrian Wontroba)

Many of us will remember the storm over the 1995 release of this useful tool by Wietse Venema and Dan Farmer. SATAN's full name is Security Administrator's Tool for Analysing Networks, which succinctly describes what it does - inspect a network for known security weaknesses and report upon them. These vulnerabilities are reputedly widely known in cracking circles, and ought to be known to system administrators. Like any sharp tool, it can be abused. Users should bear in mind the concluding words in SAMBA's README file - SATAN was written to improve Internet security. Don't put our work to shame.

This short, well written book appears to be aimed at people who are relative novices to network security, and should be useful to them. In its 112 pages it:


Managing Usenet

Henry Spencer & David Lawrence
492 pp, £24.50
ISBN 1-56592-198-4

(Reviewed by Adrian Wontroba)

Flashed as "An Administrators Guide to Netnews", this is a distillation of the knowledge of two of the worlds' acknowledged News Experts. Henry Spencer is one of the developers of C News, and may be better known to ACCU members as the author of the Ten Commandments. David Lawrence ("tale") has extensive News administration experience, including moderating news.announce.newgroups.

If the preceeding paragraph means nothing to you, this book has little relevance. However, if you are, or are about to become, a news administrator, it is likely to be of great use to you, and deserves a place on your bookshelf. It is crammed with information for news administrators, particularly those who have to set up a C News or INN system for the first time. It is unlikely to be of much utility to people who just read news.

The topics covered include:


Apache: the Definitive Guide, Second Edition

Ben Laurie & Peter Laurie
O'Reilly & Associates, March 1999
369 pages, £23.50 including CD-ROM
ISBN 1-56592-528-9

and

Writing Apache Modules

Lincoln Stein & Doug MacEachern
O'Reilly & Associates, March 1999
724 pages, £23.50
ISBN 1-56592-567-x

(Reviews by Andrew Cormack)

The Apache web server has had a major release and a complete re-write since the first edition of its Guide, and this new edition of the book has had a similarly thorough revision. The basic structure remains the same as before. Newcomers to Apache can begin at the first page and follow the development of a web site from scratch. Each section introduces a new requirement, explains how to implement it and then documents the new configuration directives introduced. The path from compiling a server with a four-line configuration file to multiple virtual hosts using encrypted communications could not be made much easier.

The new edition has been made more useful as a reference for experienced administrators too, thanks to the inclusion of directives missing from the original and a better index. There is also a reference card which lists the syntax of directives along with a host of other useful information: standard mime types and extensions, server side includes, CGI variables and HTTP status codes. The card covers version 1.3.4 of the server; the rest of the book and its CD-ROM use the slightly older 1.3.3 though there are only minor changes to the interface. However both are now known to have security flaws and any production server should use a more up to date version downloaded from the Apache web site.

Apache can now run under Microsoft Windows as well as UNIX, though the authors consider the former operating system to be fit only for testing and "not an adequate platform for running a web server that has any need for security". Since most of the Apache code is common to both versions the main differences are in installation and only a few features have to be implemented differently. Where necessary the Guide describes the flavours separately though there are occasional errors where sections of text are repeated incorrectly. Not surprisingly, the Windows version is excluded from the chapter on security!

The new edition has had few dramatic changes, but a great deal of polishing. There are some new or expanded sections, for example on suexec and cookies, but the overall impression is of a sound and reliable product, like the software it describes. More than 60% of all web sites now run Apache or one of its derivatives; the change in the Apache world is nicely illustrated by the fact that in the encryption chapter it is the political detail, not the technical, which became out of date while the book was being printed!

The Guide keeps the two chapters on the Apache application programming interface from the first edition. This documentation was sufficient for experienced software developers, but writing Apache modules has been made much easier, first by the addition of a Perl API and now by the appearance of a whole book on the topic. The authors could hardly be better qualified: Doug MacEachern wrote the Apache module which is the subject of most of the book, while Lincoln Stein is the guru of Perl CGI scripting. Inevitably Perl is their preferred language but C programmers should be able to learn how to design modules from the main text before turning to the reference material at the back of the book for their implementation details.

After explaining how to obtain and install the necessary software, Writing Apache Modules begins with an overview of how the server processes a request from a web browser and the many stages at which its usual behaviour can be modified. From the start the examples are both practical and powerful: an extensible server side include language is one of the first! The explanations are excellent, developing the program 'in-line' in the text. The conciseness of Perl makes this particularly effective as the short blocks of code do not break up the flow of the text. Some of the implementations are simply dazzling: if you need a master class in using Perl then look no further.

Standard headers and dynamic menu bars are obvious uses for content handlers and after a few of these the book moves on to specific techniques such as preserving state in the stateless HTTP protocol and making efficient use of databases. This is one occasion when the Windows implementation has an advantage as it is a single, multi-threaded process. On UNIX, there is no guarantee that consecutive requests from the same client will be handled by the same server process, which makes life a little complicated. Privacy issues are well dealt with, especially since they are something which the web, by design, is not very good at.

This leads naturally into access control, authentication and authorisation. The examples are not just the obvious authentication against different databases, but include a system for dynamically blocking clients, presumed to be robots, which send requests at too high a rate. For the ultimate in transparent authentication there is even an explanation of how to use a user's SSL certificate to avoid the traditional password process entirely. Finding an authority to issue user certificates is left to the reader: this seems to be hard even for Perl gurus! Authentication is an even greater problem for sites which use multiple servers to share the load, so the chapter ends with a system for a ticket based authentication server which the servers may query. This is the longest example in the book at about 300 lines, including the client.

Modules for the remaining Apache phases have less detailed explanation on the reasonable basis that readers will be more expert by this time. For serious vanity publishers there is a logging module which sends an e-mail whenever a page is accessed (don't even think about using this on a public server!), as well as many more practical ideas. Apache is not just a web server and adding modules to its proxy server mode can produce interesting effects. An example shows how to replace banner adverts by less intrusive graphics: the same techniques could be used to remove or replace other undesirable content too.

Not satisfied with replacing every phase of the server with Perl modules, the last set of examples show how Perl can even be used in the Apache configuration file. I wish I had known about this when laboriously maintaining a dozen virtual servers using plain Apache directives! The most complicated programming is involved in defining new directives, using Perl of course, but slowly working through the example makes the process clear. Finally there are nearly three hundred pages of reference material covering the programming interfaces for both Perl and C - the latter includes yet more examples where techniques are not simply translations of the Perl idiom - and a directory of other modules which may be of interest. One of these allows authors to include Perl fragments in their HTML pages as a superior version of Active Server Pages: the language really does get everywhere.

The second edition of Apache: The Definitive Guide now deserves its title. Whether you are looking for an explanation of how Apache works, a demonstration of the power of Perl or the ingenuity of its users, Writing Apache Modules is unmissable.

Andrew Cormack is speaking for himself, and no-one else.


Oracle Database Administration: The Essential Reference

David C. Kreines and Brian Laskey
O'Reilly & Associates, April 1999
560 pages, £24.50
ISBN 1-56592-516-5

(Review by Adrian Cummings)

It seems the way of the world is that software that once used to come with a decent set of manuals is now only supplied with a CD-ROM containing documentation. If you're really lucky it will be indexed and in HTML. All of this must be good news for book publishers as it opens up a new market - namely that of supplying the manuals that really should have come with the software.

For once here is a welcome and useful SQL manual section. While in other books such a section often just appears to be included to add bulk to the book, this list of SQL is tailored to the commands used primarily for administration.

The various initialisation parameters are given and described, along with the releases they apply to. The data dictionary receives a similarly thorough treatment with coverage extending to the dynamic performance tables.

There are also brief descriptions of the more useful commands that a DBA may use, including such stalwarts as SQL*Plus, exp, imp and sqlldr.

Other areas such as tuning, security and the use of SQL*Plus are covered in overview. This level of coverage is entirely appropriate as there are books in both the O'Reilly and Oracle Press series specifically on these topics.

This is another good work from the O'Reilly stable combining the most useful sections of the manuals that Oracle supply on a CD. Another welcome addition to the "orange" section of the bookshelf.

Adrian Cummings is the curator of a fine collection of databases at the University of Manchester.


Laura Lemay's Java 1.1 Interactive Course

Laura Lemay, Charles Perkins, Michael Morrison, Daniel Groner
Waite Group Press, April 1997
1194 pages, £46.95
ISBN 1-57169-083-2

(Review by Gavin Inglis)

This is another one of those books which is equally effective as a thrown weapon or learning tool. Clocking in at well over 1000 pages plus a CD-ROM, it starts at the basics and goes right up to JDBC connectivity and the standard extension APIs.

The project seems to have grown from Lemay's Learning Java in 21 days book, retaining the same core structure. Each chapter is made up of a number of lessons and a quiz follows each. New information is presented in easily digestible chunks and the regular assessments prevent a reader from getting tired and pressing on without absorbing the material. On the negative side it becomes apparent after a few chapters that this is a rewrite, with occasional small mismatches between the quizzes and the text, and in variable names within examples.

So what justifies calling this an "interactive course" rather than a book? The selling points are on-line testing and certification, a "mentor" to answer your questions, and facilities for group interaction.

This is all handled through the publisher's web site at http://www.waite.com/ezone. It's possible to view the structure as a guest, but to become graded you need to register. Once you have a login you can view the entire text of the book on-line and take the quizzes interactively. If you already have some Java knowledge, this is a good way to find your starting point - take the quizzes until they get tricky. Your score is stored for each section, and if you don't pass you can retake the test. There are midterm and final exams - completing the latter earns you a certificate from the publisher and some credits from Marquette University. You can set the percentage for passing individual quizzes but not for the overall course grading.

The discussion list has been running since April 1997 with 670 messages at the time of writing. They are all archived and seem a reasonable resource, although not any better than public Java technical lists or USENET news. The mentor system is a kind of FAQ database which seems little-used - perhaps because the illustration of the mentor shows a sinister hooded purple figure with most of their face in shadow. There is also quite a nice chat room but this seems to be quiet. It's not clear that the chat format is suited to discussing programming.

There are nearly 500 pages of appendices, providing reference on the Java language, its packages and classes. There are also answers to all the quizzes. In general the appendices are more spread out than they need to be, adding pages to a book which is already difficult to use due to its bulk. A working programmer needs a reference for the Java packages, but as a tutorial this volume could have been improved by losing all that and directing the student to the Java documentation, or another book like O'Reilly's Java in a Nutshell.

As a tool for learning Java by yourself the book is educationally sound and enjoyable to read, apart from its physical size. The interactive aspects are most likely to be useful for keeping you working, as the quizzes illustrate your progress towards Java enlightenment.


Oracle SQL*Plus: The Definitive Guide

Jonathan Gennick
O'Reilly & Associates, March 1999
502 pages, £23.50
ISBN 1-56592-578-5

(Review by Adrian Cummings)

At last a man page for SQL*Plus!

I have long been a fan of SQL*Plus and it has finally obtained the accolade it richly deserves - an O'Reilly book of its own. SQL*Plus was certainly missed when we did a one-off project using another well known relational database with a boss that was too mean to buy their equivalent SQL interface.

For those that have never met SQL*plus it is a command line interface to Oracle, albeit with fairly sophisticated formatting capabilities. In addition it is used by most other Oracle tools to install their tables, and to create and update the data-dictionary. Indeed with Oracle 8.1.5 (or Oracle8i if you must use marketing speak) it gains a new role of database startup and shutdown from the server manager (svrmgrl) which is set to disappear in the near future.

After a short introduction and informative history lesson, the basic startup and editing functions are covered, leading logically enough to the report writing capabilities. A section on the data dictionary is included presumably more to illustrate the uses of SQL*Plus rather than describing the method Oracle uses to implement the relational data model.

The next few chapters give an introduction to PL/SQL and database tuning. While these topics are clearly written with plenty of examples there are other works in both the O'Reilly and Oracle Press series that specifically cover these areas in greater detail.

The remainder of the book looks at customising your environment and Oracle administration with SQL*Plus, the latter being particularly important given the additional roles that SQL*Plus is gaining from the server manager.

It says in the title "the definitive guide". Quite so. This is a book for which there was a clear need. Highly recommended.

Adrian Cummings can be found treating Oracle databases with a patent mixture of SQL*Plus and Perl.


vi Editor Pocket Reference

Arnold Robbins
O'Reilly & Associates, February 1999
72 pages, £4.50
ISBN 1-56592-497-5

(Review by Andrew Cormack)

The full-sized Learning the Vi Editor is now in its sixth edition but this is the first time it has had a pocket companion. An editor quick reference may seem a strange idea: anyone looking things up in mid-edit is more likely to be checking the content of the file than details of the tool used to create it. However, most people use only a tiny subset of the available commands, so there is certainly a role for an easily browsed table of clues to guide an exploration of extra features. Readers will need some familiarity with the program, not least because the reference does not explain how to get out of insert mode!

Most of the information in the book is presented as tables of commands. The first two of these cover the vi command line and the normal edit mode commands. Neither is absolutely complete but they cover most of the useful options. Each entry contains sufficient detail to give an idea of what is possible and encourage experimentation. The only obvious omissions are the distinction between upper and lower case movement commands ('b' and 'B') and percent to move to a paired bracket. Since the tables use the courier font it is hard to distinguish the comma (search) and single quote (mark). In fact the section on marks is repeated, which highlights the typographical error in the version on page 5. Shortcuts and executable buffers provide a macro function within vi but are used less often than they deserve. As befits a less familiar feature, they are given a more complete description: this is still concise but well judged as an introduction to their use.

Underneath vi lurks ex, often the editor of last resort when a system has got in a real mess. Listing the ex commands in this reference is a good thing. But since system managers are likely to be stressed even before they are reduced to typing these arcane sequences, a little more detail would have been welcome. The ex substitute command has a section to itself, but is presented as if it were a vi command ':s' which may confuse the reader and conceal much of the power of repeated substitutions.

Writing a text editor is a traditional programming exercise so there are a multitude of vi clones. The reference includes four of these - nvi, vim, elvis and vile - which extend the standard program in similar ways: multiple windows, command history, tags and regular expressions. Many of these new commands are common to all the variants so their tables are repeated with only slight changes. It might have been better to cover these features just once and, especially in the case of tags, use the space for a fuller description.

Most UNIX offices have a many times photocopied vi crib sheet, barely legible after years of fading, coffee stains and wear. But each new worker will still be given their own 'fresh' copy. This pocket reference contains much more information, should prove more durable and is well worth the cost of buying one each.

Andrew Cormack has recently executed s/Cardiff University/UKERNA/ but is a committed user of the UNIX command line.


Virtual Private Networks, Second Edition

Charlie Scott, Paul Wolfe and Mike Erwin
O'Reilly & Associates, February 1999
228 pages, £21.95
ISBN 1-56592-529-7

(Review by Andrew Cormack)

The first edition of this book concentrated on virtual private networks built using Windows NT; the new version adds the UNIX secure shell but otherwise has only minor changes. The authors have tried to include everything from the business case for using VPN technology to detailed instructions for implementing it. For a complex and unfamiliar subject this seems a lot to cram into just two hundred pages.

The business case is well explained though, as the authors conclude, not yet overwhelming. Private communication can be achieved either by using private networks, or by secure encryption of traffic over public networks. The latter option is the virtual private network of the title. For medium to high bandwidth applications, for example between business units, the simplicity of a dedicated line is hard to beat. When individual users need dial-up access, especially over long distances, the saving in call charges by using a local ISP and the Internet may be worthwhile. Furthermore VPNs are no less reliable than traditional dial-up technology.

Rather than talking about VPNs there is then a ten page discussion of firewalls, an apparently unrelated topic. Eventually the connection becomes clear: if the end networks are not protected, there is little point in protecting the traffic between them. At least this section on firewalls is mostly accurate, unlike the section on cryptography that follows. There is no point whatsoever in trying to explain the mathematics of the RSA algorithm in half a page, nor in presenting various theoretical cryptographic attacks without any indication of how to protect against them. A simple reference to Schneier's "Applied Cryptography" would have been far better.

The rest of the book considers four VPN products which cover a range of possible applications: PPTP, Alta Vista tunnel, SSH and the Cisco PIX private internet exchange. Each has some theory followed by detailed instructions. Microsoft's Point to Point Tunnelling Protocol (PPTP) is intended to supplement or replace a traditional dial-in service by using a VPN. The encrypted channel can either run between client and server or, if the ISP is trusted, between the ISP and company servers. Both options involve a protocol sandwich (PPP or IP carrying PPTP carrying PPP carrying IP) which the book finds hard to describe. The steps to set up both client and server ends of the connection are described in considerable detail, which either proves or contradicts the assertion that this is "as simple as any other NT component". The description assumes Microsoft systems at both ends; in fact even though software is available for other platforms attempts to inter-work may result in successful, but unencrypted, communication!

The Alta Vista tunnel is another proprietary solution that provides better performance, sufficient for some site to site links. It uses public key cryptography rather than IP address to authenticate the ends of the connection. Provided users understand the need to protect their private keys, this would normally provide better security, but not if the book's suggestion that these be distributed from a "private FTP site" is followed. SSH can also use cryptographic authentication for the hosts and is the only system discussed here whose encryption is not limited by ITAR legislation. The system has many possible configurations but here only full site to site links are described using Linux hosts as endpoints. Instructions, based on the VPN howto, are given for building, installing and configuring the package in this mode. A performance table compares the speed achieved using different encryption algorithms within SSH; it would be interesting to see a similar comparison between the different solutions described in the book. The Rolls-Royce of VPN technology is the Cisco PIX, however the authors concentrate on its firewall and network address translation functions with only a page on its use for VPNs.

It is unusual for an O'Reilly book to slip up on technical content, but this one does. The detailed instructions on PPTP should be useful for those who need to set up a virtual private network using Windows NT 4; the other packages already come with their own sufficient documentation. As an introduction to the theory of VPNs the book suffers from trying to include too much in a small space; there are better alternatives.

Andrew Cormack is currently trying to get a VPN set up before Christmas.


Previous Next
Last modified 24 Oct 1999 00:00
Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
PO BOX 37
Buntingford
Herts
SG9 9UQ