Page 895 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 895
consists of the security elements of IPv6 crafted into an add-on
package for IPv4. IPsec works only on IP networks and provides for
secured authentication as well as encrypted data transmission. IPsec
has two primary components, or functions:
Authentication Header (AH) AH provides authentication,
integrity, and nonrepudiation.
Encapsulating Security Payload (ESP) ESP provides
encryption to protect the confidentiality of transmitted data, but it can
also perform limited authentication. It operates at the Network layer
(layer 3) and can be used in transport mode or tunnel mode. In
transport mode, the IP packet data is encrypted but the header of the
packet is not. In tunnel mode, the entire IP packet is encrypted and a
new header is added to the packet to govern transmission through the
tunnel.
Table 12.1 illustrates the main characteristics of VPN protocols.
TABLE 12.1 VPN characteristics
VPN Native Native Protocols Dial-Up Number of
Protocol Authentication Data Supported Links Simultaneous
Protection Encryption Supported Connections
PPTP Yes No PPP Yes Single point-to-
point
L2F Yes No PPP/SLIP Yes Single point-to-
point
L2TP Yes No (can use PPP Yes Single point-to-
IPsec) point
IPsec Yes Yes IP only No Multiple
The VPN protocols which encapsulate PPP are able to support any subprotocol compatible
with PPP, which includes IPv4, IPv6, IPX, and AppleTalk.
A VPN device is a network add-on device used to create VPN tunnels
separately from server or client OSs. The use of the VPN devices is
transparent to networked systems.
Virtual LAN
