Changes

Layer 2 Tunneling Protocol (L2TP) is based on a combination of PPTP and Cisco's L2F technology and uses a two phase authentication process. This process involves first authenticating the computers at each end of the connection, followed by the user. Authentication of the computer is aimed at preventing Man-in-the-Middle attacks (see [[An Overview of IT Security Threats and Attacks]] for more details about Man-in-the-Middle attacks). L2TP operates at the data-link layer of the OSI stack, and such supports a wide range of protocols in addition to TCP/IP. Some advantages of L2TP over PPTP include greater security, support for public key insfrastrcuture (PKI) and header compression. == 802.11x Wireless Connections == 802.11x is a set of IEEE standards which define wireless networking better known as WiFi. A number of standards have evolved including 802.11a, 802.11b, 802.11g and 802.11.n. Until recently the concept of wireless networking involved computer systems talking to each other, but recent years have introduced a range of wireless devices (notably the iPhone from Apple) which will switch over from using a cell based wireless connect to wireless access points (WAP) when one comes into range. Wireless networking is rapidly gaining adoption in commercial enterprises, but is still more common in homes and is subject to a number of potential security threats: * '''Clear data''' - Unfortunately a number of Wireless Access Points are shipped with none of the security features activated. This means that all data is transmitted in clear text form, completely unencrypted and easily captured by malicious parties. * '''Session Hijacking''' - The authentication process used with Wi-Fi is one-way it is possible for a thrid party to break into an existing, previously authenticated session. This is achieved by sending a signal to the client after authentication has completed such that it believes it has been disconnected. The rogue system then continues the session with the access point as if nothing has happened. * '''Man-in-the-Middle''' - Such an attack involves the use of a rogue access point which masquerades as the legitimate access point. The rogue WAP accepts the connection from a client and records all data transactions before passing the data on to the original access point. * '''War Driving''' - War driving involves driving around urban areas with a laptop essentially ''listening'' for wireless access points. Once an access point is located steps are then taken to break into the system. Once this has been achieved the information is typically uploaded to web sites so that others can similarly locate and break into the network. A concept known as ''war chalking'' has also risen in prominence in recent years. This involves a special type of graffiti which tells those in the know that an access point is nearby and providing information on hwo to access it. The use of Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) features go a long way toward mitigating many of the risks inherent in using wireless networks. There is nop such thing as a truly secure wireless network. The objective, however, is to make it as hard as possible for the network to be breached, thereby causing those with malicious intentions to move on to weaker targets. == Dial-Up Access ==