SlideShare a Scribd company logo

L2 tp., ip sec

Download as PPTX, PDF
Z
ZekriaMuzafar

L2TP is a tunneling protocol that is used to support VPNs and does not provide encryption on its own. It relies on encryption protocols like IPsec to provide security. IPsec provides authentication, confidentiality and key management at the IP layer. It uses protocols like AH and ESP to provide integrity, authentication and encryption of IP packets. IPsec can operate in transport mode, encrypting only the payload, or tunnel mode, encrypting the entire IP packet. The combination of L2TP and IPsec is commonly used to secure VPN connections over the internet.

Internet
1 of 18
LOGO L2TP … IP SEC
L2TP (Layer 2 tunneling protocol)  DEFINITION:  In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.  Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private network (VPN) over the Internet. Prepared by : ZEK
L2TP (Layer 2 tunneling protocol) History  Published in 1999 as proposed standard RFC 2661, L2TP has its origins primarily in two older tunneling protocols for point-to-point communication: Cisco's Layer 2 Forwarding Protocol (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). A new version of this protocol, L2TPv3, appeared as proposed standard RFC 3931 in 2005. L2TPv3 provides additional security features, improved encapsulation, and the ability to carry data links other than simply Point-to-Point Protocol (PPP) over an IP network (for example: Frame Relay, Ethernet, ATM, etc.). Prepared by : ZEK
L2TP (Layer 2 tunneling protocol)  Description  The entire L2TP packet, including payload and L2TP header, is sent within a User Datagram Protocol (UDP) datagram.  It is common to carry PPP sessions within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself.  IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec Prepared by : ZEK
L2TP (Layer 2 tunneling protocol)  The two endpoints of an L2TP tunnel are called the LAC (L2TP Access Concentrator) and the LNS (L2TP Network Server).  The L2TP LNS waits for new tunnels. Once a tunnel is established, the network traffic between the peers is bidirectional.  To be useful for networking, higher-level protocols are then run through the L2TP tunnel. To facilitate this, an L2TP session (or 'call') is established within the tunnel for each higher-level protocol such as PPP.  Either the LAC or LNS may initiate sessions. The traffic for each session is isolated by L2TP, so it is possible to set up multiple virtual networks across a single tunnel. MTU should be considered when implementing L2TP. Prepared by : ZEK
L2TP (Layer 2 tunneling protocol)  The packets exchanged within an L2TP tunnel are categorized as either control packets or data packets. L2TP provides reliability features for the control packets, but no reliability for data packets. Reliability, if desired, must be provided by the nested protocols running within each session of the L2TP tunnel.  L2TP allows the creation of a virtual private dialup network (VPDN) to connect a remote client to its corporate network by using a shared infrastructure, which could be the Internet or a service provider's network. Prepared by : ZEK
L2TP (Layer 2 tunneling protocol) Prepared by : ZEK
Prepared by : ZEK
IP SEC (Internet Security)  DIFINATIOON:  In computing, Internet Protocol Security (IPsec) is a network protocol suite that authenticates and encrypts the packets of data sent over a network. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys for use during the session.  IP-level security encompasses three functional areas: authentication, confidentiality, and key management. The authentication mechanism assures that a received packet was transmitted by the party identified as the source in the packet header, and that the packet has not been altered in transit. The confidentiality facility enables communicating nodes to encrypt messages to prevent eavesdropping by third parties. The key management facility is concerned with the secure exchange of keys. IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Prepared by : ZEK
IP SEC (Internet Security)  History  In December 1993, the Software IP Encryption protocol swIPe (protocol) was researched at Columbia University and AT&T Bell Labs by John Ioannidis and others.  In December 1994, it was deployed for the first time in production for securing some remote sites between east and west coastal states of the United States.  In 1995, The IPsec working group in the IETF was started to create an open freely available and vetted version of protocols that had been developed under NSA contract in the Secure Data Network System (SDNS) project.  IPsec is officially standardised by the Internet Engineering Task Force (IETF) in a series of Request for Comments documents addressing various components and extensions. It specifies the spelling of the protocol name to be IPsec. Prepared by : ZEK
IP SEC (Internet Security)  Security architecture:  The IPsec suite is an open standard. IPsec uses the following protocols to perform various functions:  Authentication Headers (AH) provide connectionless data integrity and data origin authentication for IP datagrams and provides protection against replay attacks.  Encapsulating Security Payloads (ESP) provide confidentiality, data- origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic-flow confidentiality.  Security Associations (SA) provide the bundle of algorithms and data that provide the parameters necessary for AH and/or ESP operations. The Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for authentication and key exchange, with actual authenticated keying material provided either by manual configuration with pre-shared keys, Internet Key Exchange (IKE and IKEv2), Kerberized Internet Negotiation of Keys (KINK), or IPSECKEY DNS records Prepared by : ZEK
IP SEC (Internet Security) IPSec provides security in three situations:  Host-to-host  host-to-gateway  gateway-to-gateway IPSec operates in two modes:  Transport mode (for end-to-end)  Tunnel mode (for VPN) Prapared by : ZEK
IP SEC (Internet Security)  In transport mode, only the payload of the IP packet is usually encrypted or authenticated. The routing is intact, since the IP header is neither modified nor encrypted; however, when the authentication header is used, the IP addresses cannot be modified by network address translation, as this always invalidates the hash value. The transport and application layers are always secured by a hash, so they cannot be modified in any way, for example by translating the port numbers. Transport mode Prapared by : ZEK
IP SEC (Internet Security)  Tunnel mode In tunnel mode, the entire IP packet is encrypted and authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create virtual private networks for network-to- network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access) and host-to-host communications (e.g. private chat). Prapared by : ZEK
IP SEC (Internet Security) Prapared by : ZEK
IP SEC (Internet Security) IP header TCP header DATA IP header Ipsec header TCP header DATA IP header Ipsec header ip header TCP header DATA Original Transport mode Tunnel mode Prapared by : ZEK
IP SEC (Internet Security) Prapared by : ZEK
LOGO Prapared by : Zekeria Muzafar

Recommended

Ip sec
Ip secIp sec
Ip secShiva Krishna Chandra Shekar
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsUday Bhatia
 
Chapter 11
Chapter 11Chapter 11
Chapter 11cclay3
 
L2 tp
L2 tpL2 tp
L2 tpRamya Chowdary
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Servermmoizuddin
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 
Types of VPN
Types of VPNTypes of VPN
Types of VPNNetProtocol Xpert
 
L2 tp
L2 tpL2 tp
L2 tpRamya Chowdary
 

Recommended

Ip sec
Ip secIp sec
Ip secShiva Krishna Chandra Shekar
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsUday Bhatia
 
Chapter 11
Chapter 11Chapter 11
Chapter 11cclay3
 
L2 tp
L2 tpL2 tp
L2 tpRamya Chowdary
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Servermmoizuddin
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 
Types of VPN
Types of VPNTypes of VPN
Types of VPNNetProtocol Xpert
 
L2 tp
L2 tpL2 tp
L2 tpRamya Chowdary
 
Introduction to OSI and QUIC
Introduction to OSI and QUICIntroduction to OSI and QUIC
Introduction to OSI and QUICFarzad Soltani
 
Vpn
VpnVpn
Vpnproser tech
 
Vpn protocols
Vpn protocolsVpn protocols
Vpn protocolsJadavsejal
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbChanaka Lasantha
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startupFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
L4 vpn
L4 vpnL4 vpn
L4 vpnRushdi Shams
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniquesinbroker
 
Virtual private networks
Virtual private networks Virtual private networks
Virtual private networks UBT - Higher Education Institution
 
VPN Theory
VPN TheoryVPN Theory
VPN TheoryLJ PROJECTS
 
Review on Protocols of Virtual Private Network
Review on Protocols of Virtual Private NetworkReview on Protocols of Virtual Private Network
Review on Protocols of Virtual Private NetworkIRJET Journal
 
sigtran
sigtransigtran
sigtrankrsgowri
 
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX BoxesCloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX BoxesGIST (Gwangju Institute of Science and Technology)
 
Novell Netware Protocol suite
Novell Netware Protocol suiteNovell Netware Protocol suite
Novell Netware Protocol suiteOmar Isaid
 
Tunnel & vpn1
Tunnel & vpn1Tunnel & vpn1
Tunnel & vpn1ariesubagyo
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)IAESIJEECS
 
Vpn networks kami
Vpn networks kamiVpn networks kami
Vpn networks kamikamran_share
 
Introduction P2p
Introduction P2pIntroduction P2p
Introduction P2pDavide Carboni
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
Profile_Prateek
Profile_PrateekProfile_Prateek
Profile_PrateekPrateek Mathur
 
V P N
V P NV P N
V P Nbhathiji
 
Katuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdfKatuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdfSudershan Sundararajan CISSP SSCP
 
L2tp1
L2tp1L2tp1
L2tp1Shiva Krishna Chandra Shekar
 

More Related Content

What's hot

Introduction to OSI and QUIC
Introduction to OSI and QUICIntroduction to OSI and QUIC
Introduction to OSI and QUICFarzad Soltani
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbChanaka Lasantha
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniquesinbroker
 
Review on Protocols of Virtual Private Network
Review on Protocols of Virtual Private NetworkReview on Protocols of Virtual Private Network
Review on Protocols of Virtual Private NetworkIRJET Journal
 
Novell Netware Protocol suite
Novell Netware Protocol suiteNovell Netware Protocol suite
Novell Netware Protocol suiteOmar Isaid
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)IAESIJEECS
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 

What's hot (19)

Introduction to OSI and QUIC
Introduction to OSI and QUICIntroduction to OSI and QUIC
Introduction to OSI and QUIC
 
Vpn
VpnVpn
Vpn
 
Vpn protocols
Vpn protocolsVpn protocols
Vpn protocols
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql db
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startup
 
L4 vpn
L4 vpnL4 vpn
L4 vpn
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
 
Virtual private networks
Virtual private networks Virtual private networks
Virtual private networks
 
VPN Theory
VPN TheoryVPN Theory
VPN Theory
 
Review on Protocols of Virtual Private Network
Review on Protocols of Virtual Private NetworkReview on Protocols of Virtual Private Network
Review on Protocols of Virtual Private Network
 
sigtran
sigtransigtran
sigtran
 
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX BoxesCloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
 
Novell Netware Protocol suite
Novell Netware Protocol suiteNovell Netware Protocol suite
Novell Netware Protocol suite
 
Tunnel & vpn1
Tunnel & vpn1Tunnel & vpn1
Tunnel & vpn1
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)
 
Vpn networks kami
Vpn networks kamiVpn networks kami
Vpn networks kami
 
Introduction P2p
Introduction P2pIntroduction P2p
Introduction P2p
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
 
Profile_Prateek
Profile_PrateekProfile_Prateek
Profile_Prateek
 

Similar to L2 tp., ip sec

Network access layer security protocol
Network access layer security protocolNetwork access layer security protocol
Network access layer security protocolKirti Ahirrao
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation KishoreTs3
 
BASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALSBASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALSVarinder Singh Walia
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)IAESIJEECS
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...ijceronline
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)n|u - The Open Security Community
 
Internet of things protocols for resource constrained applications
Internet of things protocols for resource constrained applications Internet of things protocols for resource constrained applications
Internet of things protocols for resource constrained applications Pokala Sai
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverijmnct
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 

Similar to L2 tp., ip sec (20)

V P N
V P NV P N
V P N
 
Katuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdfKatuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdf
 
L2tp1
L2tp1L2tp1
L2tp1
 
Network access layer security protocol
Network access layer security protocolNetwork access layer security protocol
Network access layer security protocol
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 
F0322038042
F0322038042F0322038042
F0322038042
 
Kastriot Blakaj
Kastriot BlakajKastriot Blakaj
Kastriot Blakaj
 
BASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALSBASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALS
 
28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)28 11 sep17 14aug 8386 9970-1-ed(edit)
28 11 sep17 14aug 8386 9970-1-ed(edit)
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
Vp ns
Vp nsVp ns
Vp ns
 
Blug Talk
Blug TalkBlug Talk
Blug Talk
 
Blug talk
Blug talkBlug talk
Blug talk
 
Cn36539543
Cn36539543Cn36539543
Cn36539543
 
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
 
Internet of things protocols for resource constrained applications
Internet of things protocols for resource constrained applications Internet of things protocols for resource constrained applications
Internet of things protocols for resource constrained applications
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa server
 
World Connect Training
World Connect TrainingWorld Connect Training
World Connect Training
 
I psec cisco
I psec ciscoI psec cisco
I psec cisco
 

Recently uploaded

Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxGal Baras
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?Linksys Velop Login
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxabhinandnam9997
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理aagad
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shoplaozhuseo02
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfSiskaFitrianingrum
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxlaozhuseo02
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan
 

Recently uploaded (12)

Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdf
 
The Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI StudioThe Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI Studio
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 

L2 tp., ip sec

  • 2. L2TP (Layer 2 tunneling protocol)  DEFINITION:  In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.  Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private network (VPN) over the Internet. Prepared by : ZEK
  • 3. L2TP (Layer 2 tunneling protocol) History  Published in 1999 as proposed standard RFC 2661, L2TP has its origins primarily in two older tunneling protocols for point-to-point communication: Cisco's Layer 2 Forwarding Protocol (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). A new version of this protocol, L2TPv3, appeared as proposed standard RFC 3931 in 2005. L2TPv3 provides additional security features, improved encapsulation, and the ability to carry data links other than simply Point-to-Point Protocol (PPP) over an IP network (for example: Frame Relay, Ethernet, ATM, etc.). Prepared by : ZEK
  • 4. L2TP (Layer 2 tunneling protocol)  Description  The entire L2TP packet, including payload and L2TP header, is sent within a User Datagram Protocol (UDP) datagram.  It is common to carry PPP sessions within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself.  IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec Prepared by : ZEK
  • 5. L2TP (Layer 2 tunneling protocol)  The two endpoints of an L2TP tunnel are called the LAC (L2TP Access Concentrator) and the LNS (L2TP Network Server).  The L2TP LNS waits for new tunnels. Once a tunnel is established, the network traffic between the peers is bidirectional.  To be useful for networking, higher-level protocols are then run through the L2TP tunnel. To facilitate this, an L2TP session (or 'call') is established within the tunnel for each higher-level protocol such as PPP.  Either the LAC or LNS may initiate sessions. The traffic for each session is isolated by L2TP, so it is possible to set up multiple virtual networks across a single tunnel. MTU should be considered when implementing L2TP. Prepared by : ZEK
  • 6. L2TP (Layer 2 tunneling protocol)  The packets exchanged within an L2TP tunnel are categorized as either control packets or data packets. L2TP provides reliability features for the control packets, but no reliability for data packets. Reliability, if desired, must be provided by the nested protocols running within each session of the L2TP tunnel.  L2TP allows the creation of a virtual private dialup network (VPDN) to connect a remote client to its corporate network by using a shared infrastructure, which could be the Internet or a service provider's network. Prepared by : ZEK
  • 7. L2TP (Layer 2 tunneling protocol) Prepared by : ZEK
  • 9. IP SEC (Internet Security)  DIFINATIOON:  In computing, Internet Protocol Security (IPsec) is a network protocol suite that authenticates and encrypts the packets of data sent over a network. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys for use during the session.  IP-level security encompasses three functional areas: authentication, confidentiality, and key management. The authentication mechanism assures that a received packet was transmitted by the party identified as the source in the packet header, and that the packet has not been altered in transit. The confidentiality facility enables communicating nodes to encrypt messages to prevent eavesdropping by third parties. The key management facility is concerned with the secure exchange of keys. IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Prepared by : ZEK
  • 10. IP SEC (Internet Security)  History  In December 1993, the Software IP Encryption protocol swIPe (protocol) was researched at Columbia University and AT&T Bell Labs by John Ioannidis and others.  In December 1994, it was deployed for the first time in production for securing some remote sites between east and west coastal states of the United States.  In 1995, The IPsec working group in the IETF was started to create an open freely available and vetted version of protocols that had been developed under NSA contract in the Secure Data Network System (SDNS) project.  IPsec is officially standardised by the Internet Engineering Task Force (IETF) in a series of Request for Comments documents addressing various components and extensions. It specifies the spelling of the protocol name to be IPsec. Prepared by : ZEK
  • 11. IP SEC (Internet Security)  Security architecture:  The IPsec suite is an open standard. IPsec uses the following protocols to perform various functions:  Authentication Headers (AH) provide connectionless data integrity and data origin authentication for IP datagrams and provides protection against replay attacks.  Encapsulating Security Payloads (ESP) provide confidentiality, data- origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic-flow confidentiality.  Security Associations (SA) provide the bundle of algorithms and data that provide the parameters necessary for AH and/or ESP operations. The Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for authentication and key exchange, with actual authenticated keying material provided either by manual configuration with pre-shared keys, Internet Key Exchange (IKE and IKEv2), Kerberized Internet Negotiation of Keys (KINK), or IPSECKEY DNS records Prepared by : ZEK
  • 12. IP SEC (Internet Security) IPSec provides security in three situations:  Host-to-host  host-to-gateway  gateway-to-gateway IPSec operates in two modes:  Transport mode (for end-to-end)  Tunnel mode (for VPN) Prapared by : ZEK
  • 13. IP SEC (Internet Security)  In transport mode, only the payload of the IP packet is usually encrypted or authenticated. The routing is intact, since the IP header is neither modified nor encrypted; however, when the authentication header is used, the IP addresses cannot be modified by network address translation, as this always invalidates the hash value. The transport and application layers are always secured by a hash, so they cannot be modified in any way, for example by translating the port numbers. Transport mode Prapared by : ZEK
  • 14. IP SEC (Internet Security)  Tunnel mode In tunnel mode, the entire IP packet is encrypted and authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create virtual private networks for network-to- network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access) and host-to-host communications (e.g. private chat). Prapared by : ZEK
  • 15. IP SEC (Internet Security) Prapared by : ZEK
  • 16. IP SEC (Internet Security) IP header TCP header DATA IP header Ipsec header TCP header DATA IP header Ipsec header ip header TCP header DATA Original Transport mode Tunnel mode Prapared by : ZEK
  • 17. IP SEC (Internet Security) Prapared by : ZEK
  • 18. LOGO Prapared by : Zekeria Muzafar