Thực hiện các tiện ích netdiag dòng đầu tiên của hành vi phạm tội khi xử lý sự cố các chương trình kết nối. Một báo cáo toàn bộ mất ít hơn một phút để hoàn thành, và các thông tin thu thập được là vô lý giao thức mạng đơn giản là không phải là một tiện ích trong và của chính nó. | How to Cheat at Securing Windows 2000 TCP IP How L2TP Security Differs from PPTP L2TP is similar to PPTP in many ways. They both support multiprotocol VPN links and can be used to create secure tunnels through the Internet or another public network to connect to a private network that also has a connection to the internetwork. L2TP can be used over IPSec to provide for greater security including end-to-end encryption whereas Microsoft s PPTP connections are dependent upon MPPE for encryption. L2TP is derived from L2F a Cisco Systems tunneling protocol. With L2TP over IPSec encapsulation involves two layers L2TP encapsulation and IPSec encapsulation. First L2TP wraps its header and a UDP header around a PPP frame. Then IPSec wraps an ESP Encapsulating Security Payload header and trailer around the package and adds an IPSec authentication trailer. Finally an IP header is added which contains the addresses of the source VPN client and destination VPN server computers. The data inside the IPSec ESP header and authentication trailer including the PPP UDP and L2TP headers is all encrypted by IPSec. Data authentication is available for L2TP over IPSec connections unlike for PPTP connections. This is accomplished by the use of a cryptographic checksum based on an encryption key known only to the sender and the receiver. Interoperability with Non-Microsoft VPN Clients A Windows 2000 VPN server can accept client connections from non-Microsoft clients if the clients meet the following requirements The clients must use PPTP or L2TP tunneling protocol. For PPTP connections the client must support MPPE. For L2TP connections the client must support IPSec. If these requirements are met the non-Microsoft clients should be able to make a secure VPN connection. No special configuration changes on the VPN server are required to allow nonMicrosoft clients to connect. Copyright 2003 by Syngress Publishing All rights reserved 41 How to Cheat at Securing Windows 2000 TCP IP TOPIC 9 IPSec