10.4.8 Virtual Private Network
Which of the following Network layer protocols provides authentication and encryption services for IP-based network traffic?
IPsec IPsec is a security implementation that provides security for all other TCP/IP-based protocols that operate above the Network layer. IPsec provides authentication through a protocol called IPsec Authentication Header (AH) and encryption services through a protocol called IPsec Encapsulating Security Payload (ESP)
Which of the following VPN protocols is no longer considered secure?
PPTP Point-to-Point Tunneling Protocol (PPTP) was one of the first VPN protocols and was developed by Microsoft. It is no longer considered secure and is essentially obsolete.
Which VPN tunnel style routes only certain types of traffic?
Split A VPN split tunnel routes only certain types of traffic, usually determined by destination IP address, through the VPN tunnel. All other traffic is passed through the normal internet connection.
Which of the following purposes is a VPN primarily used for?
Support secured communications over an untrusted network. A VPN (virtual private network) is used primarily to support secured communications over an untrusted network. A VPN can be used over a local area network, across a WAN connection, over the internet, and even between a client and server on a dial-up internet connection. All of the other items listed in this question are benefits or capabilities that are secondary to this primary purpose.
Which statement BEST describes IPsec when used in tunnel mode?
The entire data packet, including headers, is encapsulated. When using IPsec in tunnel mode, the entire data packet, including original headers, is encapsulated. New encrypted packets are created with headers, indicating only the endpoint addresses. Tunneling protects the identities of the communicating parties and the original packet contents. Tunneling is frequently used to secure traffic traveling across insecure public channels, such as the internet. IPsec in tunnel mode is the most common configuration for gateway-to-gateway communications.
A group of salesmen in your organization would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?
VPN concentrator If you are using a remote access VPN, a server on the edge of a network (called a VPN concentrator) is configured to accept VPN connections from individual hosts. Hosts that are allowed to connect using the VPN connection are granted access to resources on the VPN server or the private network.
A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database. Because she rarely comes back to the home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports. Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection. Which key steps should you take when implementing this configuration? (Select two.)
Configure the VPN connection to use IPsec. Configure the browser to send HTTPS requests through the VPN connection. It is generally considered acceptable to use a VPN connection to securely transfer data over an open Wi-Fi network. As long as strong tunneling ciphers and protocols are used, the VPN provides sufficient encryption to secure the connection, even though the wireless network itself is not encrypted. It is recommended that you use IPsec or SSL to secure the VPN, as these protocols are relatively secure. You should also configure the browser's HTTPS requests to go through the VPN connection. To conserve VPN bandwidth and improve latency, many VPN solutions automatically reroute web browsing traffic through the client's default network connection instead of through the VPN tunnel. This behavior would result in HTTP/HTTPS traffic being transmitted over the unsecure open wireless network instead of though the secure VPN tunnel.
Which of the following can route Layer 3 protocols across an IP network?
GRE Generic Routing Encapsulation (GRE) is a tunneling protocol that creates a tunnel between two routers. It does this by adding a GRE header and a new IP header to the original packet.
Which IPSec subprotocol provides data encryption?
ESP Encapsulating Security Payload (ESP) protocol provides data encryption for IPSec traffic.
Which of the following statements about an SSL VPN are true? (Select two.)
Uses port 443. Encrypts the entire communication session. An SSL VPN uses SSL (Secure Sockets Layer) to secure communications. An SSL VPN: Authenticates the server to the client using public key cryptography and digital certificates. Encrypts the entire communication session. Uses port 443, which is already open on most firewalls.
