Networking

IP Security (IPSec)

IPSec was created by the Internet Engineering Task Force (IETF) and can be used on both IPv4 and IPv6 networks. It is designed to encrypt data and authenticate users. IPSec encryption ensures that data on a network cannot be viewed, accessed, or modified by those who should not have access to it. IPSec provides security for both internal and external networks. It might seem that protection on an internal network is less necessary than on an external network; however, much of the data you send across networks has little or no protection, allowing unwanted eyes to access it.

IPSec provides several key security services:

  • Data verification and authentication It verifies that the data received is from the intended source.

  • Protection from data tampering It ensures that the data has not been tampered with and changed between the sending and receiving devices.

  • Private transactions It ensures that the data sent between the sending and receiving devices is unreadable by any other devices.

IPSec operates at the network layer of the Open Systems Interconnect (OSI) model and provides security for protocols that operate at higher layers of the OSI model. Thus, by using IPSec, you can secure practically all TCP/IP-related communications.

Layer 2 Tunneling Protocol (L2TP)

The Layer 2 Tunneling Protocol (L2TP) is a combination of PPTP and Cisco's L2F technology. L2TP utilizes tunneling to deliver data. It authenticates the client in a two-phase process: It first authenticates the computer and then the user. By authenticating the computer, it prevents the data from being intercepted, changed, and returned to the user in what is known as a man-in-the-middle attack. L2TP assures both parties that the data they are receiving is the data sent by the originator.

L2TP operates at the data-link layer, making it protocol independent. This means that an L2TP connection can support protocols such as IPX and AppleTalk.

L2TP and PPTP are both tunneling protocols, so you might be wondering which you should use. Here is a quick list of some of the advantages of each, starting with PPTP:

  • PPTP has been around the longest; it offers more interoperability than L2TP.

  • PPTP is easier to configure than L2TP because L2TP uses digital certificates.

  • PPTP has less overhead than L2TP.

The following are some of the advantages of L2TP:

  • L2TP offers greater security than PPTP.

  • L2TP supports common public key infrastructure technology.

  • L2TP provides support for header compression.