Communication Security: Remote Access and Messaging • Chapter 3  127


                 Figure 3.9 Providing Credentials for Logon





























                 L2TP

                 As with TACACS+, Cisco believed they could design a better tunneling protocol,
                 which was the creation of the Layer 2 Forwarding (L2F ) protocol. Unfortunately,
                 L2F was not much better than PPTP. Specifically, L2F provided encapsulation (tun-
                 neling) but it did not encrypt the data being encapsulated.
                    To use the features of both PPTP and L2F, L2TP was developed through a
                 joint venture between Microsoft and Cisco. L2TP was a major improvement, but
                 still did not offer encryption.To remedy this, L2TP was designed to use IPSec for
                 encryption purposes.The differences between PPTP and L2TP that you need to
                 know for the Security+ exam are:

                      ■  L2TP requires IPSec in order to offer encryption.

                      ■  L2TP is often implemented as a hardware solution (though also available
                         on Windows RAS servers), where PPTP is not.

                      ■  L2TP can run on top of protocols such as IP, Internetwork Packet
                         Exchange (IPX), and Systems Network Architecture (SNA), where PPTP
                         can work only on IP networks.

                      ■  Using L2TP with IPSec provides per-packet data origin authentication
                         (proof that the data was sent by an authorized user), data integrity (proof



                                                                              www.syngress.com