L2TP is a tunneling protocol that is used to support VPNs and does not provide encryption on its own. It relies on encryption protocols like IPsec to provide security. IPsec provides authentication, confidentiality and key management at the IP layer. It uses protocols like AH and ESP to provide integrity, authentication and encryption of IP packets. IPsec can operate in transport mode, encrypting only the payload, or tunnel mode, encrypting the entire IP packet. The combination of L2TP and IPsec is commonly used to secure VPN connections over the internet.
2. L2TP (Layer 2 tunneling protocol)
DEFINITION:
In computer networking, Layer 2 Tunneling Protocol
(L2TP) is a tunneling protocol used to support virtual
private networks (VPNs) or as part of the delivery of
services by ISPs. It does not provide any encryption or
confidentiality by itself. Rather, it relies on an
encryption protocol that it passes within the tunnel to
provide privacy.
Layer Two Tunneling Protocol (L2TP) is an extension of
the Point-to-Point Tunneling Protocol (PPTP) used by an
Internet service provider (ISP) to enable the operation
of a virtual private network (VPN) over the Internet.
Prepared by : ZEK
3. L2TP (Layer 2 tunneling protocol)
History
Published in 1999 as proposed standard RFC 2661, L2TP
has its origins primarily in two older tunneling
protocols for point-to-point communication: Cisco's
Layer 2 Forwarding Protocol (L2F) and Microsoft's
Point-to-Point Tunneling Protocol (PPTP).
A new version of this protocol, L2TPv3, appeared as
proposed standard RFC 3931 in 2005. L2TPv3 provides
additional security features, improved encapsulation,
and the ability to carry data links other than simply
Point-to-Point Protocol (PPP) over an IP network (for
example: Frame Relay, Ethernet, ATM, etc.).
Prepared by : ZEK
4. L2TP (Layer 2 tunneling protocol)
Description
The entire L2TP packet, including payload and L2TP
header, is sent within a User Datagram Protocol
(UDP) datagram.
It is common to carry PPP sessions within an L2TP
tunnel. L2TP does not provide confidentiality or
strong authentication by itself.
IPsec is often used to secure L2TP packets by
providing confidentiality, authentication and
integrity. The combination of these two protocols is
generally known as L2TP/IPsec
Prepared by : ZEK
5. L2TP (Layer 2 tunneling protocol)
The two endpoints of an L2TP tunnel are called the LAC
(L2TP Access Concentrator) and the LNS (L2TP Network
Server).
The L2TP LNS waits for new tunnels. Once a tunnel is
established, the network traffic between the peers is
bidirectional.
To be useful for networking, higher-level protocols are
then run through the L2TP tunnel. To facilitate this, an
L2TP session (or 'call') is established within the tunnel
for each higher-level protocol such as PPP.
Either the LAC or LNS may initiate sessions. The traffic
for each session is isolated by L2TP, so it is possible to
set up multiple virtual networks across a single tunnel.
MTU should be considered when implementing L2TP.
Prepared by : ZEK
6. L2TP (Layer 2 tunneling protocol)
The packets exchanged within an L2TP tunnel are
categorized as either control packets or data
packets. L2TP provides reliability features for the
control packets, but no reliability for data packets.
Reliability, if desired, must be provided by the nested
protocols running within each session of the L2TP
tunnel.
L2TP allows the creation of a virtual private dialup
network (VPDN) to connect a remote client to its
corporate network by using a shared infrastructure,
which could be the Internet or a service provider's
network.
Prepared by : ZEK
9. IP SEC (Internet Security)
DIFINATIOON:
In computing, Internet Protocol Security (IPsec) is a network
protocol suite that authenticates and encrypts the packets of
data sent over a network. IPsec includes protocols for
establishing mutual authentication between agents at the
beginning of the session and negotiation of cryptographic keys
for use during the session.
IP-level security encompasses three functional areas:
authentication, confidentiality, and key management. The
authentication mechanism assures that a received packet was
transmitted by the party identified as the source in the packet
header, and that the packet has not been altered in transit. The
confidentiality facility enables communicating nodes to encrypt
messages to prevent eavesdropping by third parties. The key
management facility is concerned with the secure exchange of
keys. IPSec provides the capability to secure communications
across a LAN, across private and public WANs, and across the
Internet.
Prepared by : ZEK
10. IP SEC (Internet Security)
History
In December 1993, the Software IP Encryption protocol swIPe
(protocol) was researched at Columbia University and AT&T Bell
Labs by John Ioannidis and others.
In December 1994, it was deployed for the first time in production
for securing some remote sites between east and west coastal
states of the United States.
In 1995, The IPsec working group in the IETF was started to create
an open freely available and vetted version of protocols that
had been developed under NSA contract in the Secure Data
Network System (SDNS) project.
IPsec is officially standardised by the Internet Engineering Task
Force (IETF) in a series of Request for Comments documents
addressing various components and extensions. It specifies the
spelling of the protocol name to be IPsec.
Prepared by : ZEK
11. IP SEC (Internet Security)
Security architecture:
The IPsec suite is an open standard. IPsec uses the following protocols
to perform various functions:
Authentication Headers (AH) provide connectionless data integrity and
data origin authentication for IP datagrams and provides protection
against replay attacks.
Encapsulating Security Payloads (ESP) provide confidentiality, data-
origin authentication, connectionless integrity, an anti-replay service (a
form of partial sequence integrity), and limited traffic-flow
confidentiality.
Security Associations (SA) provide the bundle of algorithms and data
that provide the parameters necessary for AH and/or ESP operations.
The Internet Security Association and Key Management Protocol
(ISAKMP) provides a framework for authentication and key exchange,
with actual authenticated keying material provided either by manual
configuration with pre-shared keys, Internet Key Exchange (IKE and
IKEv2), Kerberized Internet Negotiation of Keys (KINK), or IPSECKEY
DNS records
Prepared by : ZEK
12. IP SEC (Internet Security)
IPSec provides security in three situations:
Host-to-host
host-to-gateway
gateway-to-gateway
IPSec operates in two modes:
Transport mode (for end-to-end)
Tunnel mode (for VPN)
Prapared by : ZEK
13. IP SEC (Internet Security)
In transport mode, only the payload of the IP packet
is usually encrypted or authenticated. The routing is
intact, since the IP header is neither modified nor
encrypted; however, when the authentication header
is used, the IP addresses cannot be modified by
network address translation, as this always
invalidates the hash value. The transport and
application layers are always secured by a hash, so
they cannot be modified in any way, for example by
translating the port numbers.
Transport mode
Prapared by : ZEK
14. IP SEC (Internet Security)
Tunnel mode
In tunnel mode, the entire IP packet is
encrypted and authenticated. It is then
encapsulated into a new IP packet with a
new IP header. Tunnel mode is used to create
virtual private networks for network-to-
network communications (e.g. between
routers to link sites), host-to-network
communications (e.g. remote user access) and
host-to-host communications (e.g. private
chat).
Prapared by : ZEK
16. IP SEC (Internet Security)
IP header TCP header DATA
IP header Ipsec header TCP header DATA
IP header Ipsec header ip header TCP
header DATA
Original
Transport
mode
Tunnel
mode
Prapared by : ZEK