IPSec is a security protocol that provides authentication and encryption over the Internet. It operates at Layer 3 (Network) of the OSI Reference Model (see above) and secures all applications that operate at the upper layers (Transport to Application). It works with IPv4 and IPv6 and has broad Industry support. For this reason, it is quickly becoming the standard to protect Virtual Private Networks (VPNs) on the Internet.
NetBSD
IPSec FAQ
Cisco’s
IPSec White Paper
L2TP was designed by the Internet Engineering Task Force (IETF) to support non-TCP/IP protocols in VPNs over the Internet. L2TP combines the best features of two tunneling protocols—Microsoft’s Point-to-Point Tunneling Protocol (PPTP) and Cisco’s Layer 2 Forwarding (L2F). As the name implies, it operates at Layer 2 of the OSI Reference Model (see above). It supports a number of protocols, including IP and AppleTalk.
L2TP’s main components are the L2TP Access Concentrator (LAC) and L2TP Network Server (LNS). LAC is the device that physically terminates a call. LNS is the device that terminates and possibly authenticates the PPP stream.
L2TP uses packet-switched network connections. This makes it possible for endpoints to be located on different nodes which have L2 connections to an access concentrator. This tunnels individual PPP frames to the NAS. The packets can then be processed separately at the circuit termination, so the connection can terminate at a local circuit concentrator. This eliminates possible long-distance charges, among other benefits, but the user notices no difference. L2TP is a good protocol to implement when you have two non-TCP/IP networks that must have Internet access.
Originally developed by Netscape, SSL is integrated into the browser’s Navigator. SSL is based on the RSA public key encryption and provides secure Layer 5 (Session) connections over the Internet. It is service-independent and can secure many different network applications. The HTTPS protocol (see above) is based on SSL. The IETF is expected eventually to merge SSL with other Layer 4 (Transport) security protocols. The new protocol it will form will be called Transport Layer Security (TLS).
IPlanet’s
SSL page
How
SSL Works
Kerberos is more than a network authentication protocol. It’s a full-fledged security system designed to provide strong authentication for client/server applications by using secret-key cryptography. Created at MIT, it establishes a user's identity as soon as he logs onto a system where Kerberos is installed. The user identification (and whatever security credentials it includes) is then used throughout the system for the entire time that the user is logged on. The encryption used by Kerberos is freely available. The source code can even be downloaded via the Internet. If you want to do that, click here.