Tag: security

L2TP Attributes Summary

Projected L2TP standard was made available in the year 1999 by means of RFC 2661. It was originated primarily from two different tunneling protocols, named as: Point-to-Point communication protocol and PPTP (Point to Point Tunneling protocol). In other words, L2TP (Layer 2 Tunnel Protocol) is an up-and-coming IETF (Internet Engineering Task Force) standard that came in front with the traits of two on-hand tunneling protocols, named as: Cisco’s L2F  (Layer 2 Forwarding) and Microsoft’s PPTP (Point-to-Point Tunneling Protocol). L2TP protocol is actually an expanded form of the PPP (a significant constituent for VPNs).

The response and prevention

In order to defend against Denial of Service attacks the combination of attack detection use is typically involved in it, classification of traffic as well as response tools, and the target is to block traffic if identified as illegal and permit the legal traffic only after identifying it. Below is a list of response tools as well as prevention:

Firewalls

The rules of firewalls are quite simple like to permit or not to permit ports, protocols, or IP addresses. There are some DoS attacks that are quite complicated for number of firewalls, for example if an attack occurs on port 80 (web service), it is not easy for the firewalls to differentiate between the bad traffic and the good traffic of DoS attack so the filter packet filter firewalls cannot prevent the attack. In addition, firewalls may be located too deeply in the network. Even before the traffic enters the firewall the affect on routers may take place. However, firewalls can play an effective role in preventing users from the launch of even simple flooding attacks that can occur from the machines behind the firewall.

A PDoS or permanent denial-of-service, also referred to as phlashing, is a severe attack that completely damage a system as a result of which the system’s reinstallation of hardware or replacement is required. A PDoS attack exploits the flaws of security which further permits the administration present far away on the hardware of the victim management interfaces, like printers, routers, or other hardware used for networking.

DoS – Denial of Service attack

The concept behind the design of DoS attack is interfering in the normal functions of a server, web site, or other resources of a network. The hackers and even the virus writers can use number of ways in order to get this job done. One of the most common methods is flooding a server with heavy traffic from network so that it becomes difficult to control it. As a result of this heavy traffic it is not possible to carry out the normal functions properly and sometimes this can further lead to server crash.

The only difference in case of DDoS attack is that multiple machines are used in order to conduct it. The master and zombie machines are used by hackers or virus writers in order to co-ordinate the attack across the other. These two machines usually exploit an application’s vulnerability on the machine, to install any malicious code like Trojan.

IPSec is basically a way to secure the data transfer between computers. IPSec is making data traffic between two nodes secure by making these things:

• Data Authentication
  • Authentication – The packets can be spoofed and not sent from the place they seem they are sent. Data origin authentication can be provided with configuration of IPSec. IPSec will enable us to ensure that received packet from a trusted party is really originating from that party.
  • Data integrity – IPSec can be configured to secure that the data packet are not changed when they are crossing the network.
  • Anti-replay protection – IPSec is able to check that the packets received are not duplicates of previous data packets.
• Encryption
  • IPSec is a technology that enables you to encrypt network data so that it cannot be captured and used by unauthorized persons.