Cnt 125 ch 7
host-to-host VPN
2 computers create a VPN tunnel directly between them both computers have appropriate software installed
Software Running on a Server
A Windows Server that is running Direct-Access that can automatically authenticate remote users and computers to the Windows Domain
After connecting, a remote client can access files, applications, and other shared resources, such as printers, like any other client on the LAN or WAN.
True
Examples of symmetric key encryption (private)
AES, 3DES (private )
To communicate via remote access, the client and host need a transmission path plus the appropriate software to complete the connection and exchange data.
True
Hosted Hypervisor
Client Hyper-V, VirtualBox, VMware Player, Linux KVM
Steps for SSL/TLS
Client hello, server hello, certification/key exchange
_____________________ refers to the flexible provision of data storage, applications, or services to multiple clients over a network. The term includes a broad range of offerings, from hosting Web sites, to delivering specialized applications to providing virtual servers for collaboration or software development.
Cloud Computing
hybrid cloud
Combination of the other service models into a single deployment Public cloud for email ... but private cloud for storing data
Assurance encryption provides
Confidential, integrity, and availability
IaaS
Hardware services and network infrastructure devices Vendor has the hardware for customer ... but customer is responsible for own applications, OS's, licenses and data backup Example: customer uses vendor servers to store data, host websites, provide email, DNS or DHCP Services
Examples of public symmetric encryption
DSS, RSA,
L2TP
Developed by Cisco and standardized by IETF Encapsulates PPP data in a similar manner to PPTP Can connect a VPN that uses a mix of equipment types It is a standard accepted and used by multiple vendors Can connect two routers, a router and a RAS, or a client and a RAS typically implemented with IPsec for security
PPTP
Developed by Microsoft A Layer 2 protocol that encapsulates PPP data frames so they can traverse the Internet masked as an IP transmission Uses TCP segments at the Transport layer Outdated and no longer considered secure
_______ is an encryption protocol suite that defines rules for encryption, authentication, and key management for TCP/IP transmissions. It is an enhancement to IPv4 and is native in IPv6. ______ works at Network Layer - it sdds security information to the header of all IP packets and encrypts the data payload.
IPsec
IPSec steps
Initiation, key management, security negotiation, data transfer, termination(use VPN)
IKE
Internet Key Exchange, negotiates the exchange of keys including authentication keys
A ______ hypervisor installs on a computer before any OS and is often called a bare-metal hypervisor.
Type 1
A ______ hypervisor installs in a host OS as an application and is called a hosted hypervisor.
Type 2
PKI (Public Key Infrastructure)
Use of certificate authorities to associate public keys with certain users
SDN
VMware, Cisco, HP, IBM and Juniper controller software OpenDaylight, Beacon, OpenShift
_______ is open source, so therefore is cross-platform, and can be used to remotely connect to and control desktop and server systems.
VNC
digital certificate
a small file containing verified identification information about the user and the user's public key
Upon creation, each vNIC is automatically assigned its own ______________.
MAC Address
In _________ mode, the VM obtains IP addressing information from its host, rather than a service or router on the physical network.
NAT mode
Merging physical and virtual network architecture is called ________
NFV - Network Functions Virtualization
Iaas
Network architect, cloud storage, web hosted VMs
PaaS
OS, runtime libraries or modules the OS provides to applications, and the hardware on which the OS runs Provider now handles the OS and associated SW for OS Vendor has the hardware for customer, OS's, and associated SW for the OS ... but customer is responsible for own applications and data backup
Telnet concerns
Provides little security, poor authentication, no security for transmitting data ( no encryption)
_________ is a Microsoft proprietary protocol used to remotely connect to and control Windows Desktop and Server systems
RDP
________ is a collection of protocols that does both authentication and encryption. With ________, you can securely log on to a host, execute commands on that host, and copy files to and from that host. _______ encrypts data exchanged throughout the session.
SSH
______ are methods of encrypting TCP/IP transmissions - including web pages and data entered into web forms - en route between client and server using public key encryption technology. All modern browsers support (IE, Firefox, Chrome) support its use to create secure transmissions of HTTPS sessions.
SSL/TLS
Private/Symmetric Key Encryption
Same key used during both encryption and decryption
private cloud
Service established on an organization's own servers in its own data center Customer maintains own virtual servers
public cloud
Service provided over public transmission lines Most examples discussed occur in public cloud (Gmail, etc..
community cloud
Service shared between multiple organizations Medical Database between hospitals and doctors in area
FTPS
added layer of protection for FTP using SSL/TLS
Terminal Emulation
allows a remote client to take over and command a host computer (Examples: Telnet, SSH, Remote Desktop and VNC)
In _________ mode, a vNIC accesses a physical network using the host machine's NIC
bridged mode
IKEv2
component of IPsec protocol offers fast throughput and good stability when moving between wireless hotspots compatible with a variety of devices
Select from the following list the dis-advantages of virtualization.
compromised performance increased complexity increased licensing costs single point of failure
Select from the following list all of the advantages of virtualization
efficient use of resources cost and energy savings fault and threat isolation simple backups, recovery and replication
SFTP
file-transfer version of SSH - it is an extension of the SSH protocol
each VM on the physical computer
guest
the physical computer
host
In _________ mode, VMs on one host can exchange data with each other and with their host, but they cannot communicate with any node beyond the host.
host-only mode
the software that allows you to define VMs and manage resource allocation and sharing
hypervisor
When you use a web browser and plug in the IP Address of the router to connect to and configure the router, you are using a _________.
management URL
Each VM can have ____ vNICs, no matter how many NICs the host machine has
only limited by virtualization software
OpenVPN
open source VPN protocol that uses OpenSSL for encryption has ability to cross many firewalls highly secure and highly configurable
out-of-band management
out-of-band management
NFV
pfSense VMware Ready Virtual Firewall by Netgate Barracuda's NextGen Firewall F-Series
To ensure a VPN can carry all types of data in a private manner over any kind of connection, special VPN protocols encapsulate higher-layer protocols in a process known as _____________.
tunneling
site-to-site VPN
tunnels connect multiple sites on a WAN VPN gateway encrypts and encapsulates data to exchange over the tunnel with another VPN gateway clients and servers do not have to run special VPN software
Public/Asymmetric Key Encryption
two keys are used for data encryption - #1 for encrypting and #2 for encrypting
Every VM has its own virtual network adapter, or ___________, that can connect the VM to other machine, both physical and virtual. Just like a physical NIC, a ___________ operates at the Data Link Layer and provides the computer with network access.
vNIC
A _______ or bridge is a logically defined device that operates at the data link layer to pass data frames between nodes. Thus, it can allow VMs to communicate with each other and with nodes on a physical LAN or WAN
vSwitch
TFTP
simple version of FTP that includes no authentication of security - most often used by machines behind the scenes to transfer boot files or configuration files
PPPoE
standard for connecting home computers to ISP via DSL or broadband cable When PPP is used over Ethernet Network
_________ is a terminal emulation utility that allows an administrator or other network user to control a computer remotely. You can use ________ to access a router or switch and run commands to change the configuration settings. However, __________ provides little security for establishing a connection (poor authentication) and no security for transmitting data (no encryption).
telnet
command-line software
telnet SSH
Remote virtual computing, also called _____________, allows a user on one computer, called a client, to control another computer, called the host or server, across a network connection.
terminal emulation
certificate authority
the organization that issues and maintains the digital certificates
public-key infrastructure
the use of certificate authorities to associate public keys with certain users
An SSL Session is created between a client and a server. This is established by the SSL Handshake protocol. Place the steps of the SSL Handshake protocol in order.
3__ Key Exchange occurs and the secure channel is in place and data exchange begins __2__ Server Hello - Server sends a message back to the client and agrees to the encryption terms __1__ Client Hello - Client Browser sends a message to a web server with the level of security that the
Traditional virtualization
All hardware, software, and everything else is located and managed at your location
Paas
Application developers, web hosted databases, web servers
SaaS
Applications Provider now handles the Application for the customer Vendor has the hardware for customer, OS's, and associated SW for the OS, the application and data backup Example: Gmail & Yahoo email Example: Google drive
PPP
Can negotiate and establish a connection between two computers Can authenticate a client to a remote system (PAP or CHAP) Can support several types of Network layer protocols Can encrypt the transmissions, although encryption is considered weak by today's standards
Dedicated Devices
Cisco AS5800 access server that performs authentication for clients
SLIP
Early and less sophisticated Does not support encryption Can only carry IP packets Works strictly on serial connections (Dial up or DSL)
Sass
End users, email, social media, online game
Types of remote access
PPP, PPPoe
Port Forwarding
Redirect traffic that would normally be use an insecure port (FTP) to a SSH- secure port
GUI-based software
Remote Desktop for Windows join.me VNC Team Viewer
Three states of data
Rest, in use, in motion
_______ is a centralized approach to networking that removes most decision-making power from network devices and instead handles the responsibility at a software level with a network controller
SDN - Software-Defined Networking
HTTPS
TCP Port # 443
HTTP
TCP Port # 80
in-band management
Telnet, SSH, RDP, VNC, management URL
A ______ is a network connection encrypted from end to end that create a private connection to a remote network.
VPNs
Example of certificate authority
Verisign
________________ is a virtual, or logical version of something (emulation of a computer, operating system environment, or application) rather than the actual or physical version of something
Virtualization
Xaas
X represents an unknown, the cloud can provide any combination of functions depending on a clients exact needs. Ex: monitoring, storage, applications, and virtual desktops
Bare-Metal Hypervisor
XenServer by Citrix, ESXi by VMware, Hyper-V by Microsoft
IPsec creates secure connections in five step. Place the following steps for IPsec in the correct order
__3__ Security negotiations - IKE continues to establish security parameters __5__ Termination - Require regular re-establishment of a connection to minimize the opportunity of interference __4__ Data transfer - A secure data channel is created which can be used until the secure channel is broken __1__ IPsec initiation - Noteworthy traffic triggers IPsec session __2__ Key management - The way in which the 2 nodes will deal with keys
VPN
a virtual connection between 2 hosts or sites over the Internet to remotely provide network resources
Encryption is the use of mathematical code, called a __________, to scramble data into a format that can be read only by reversing the _________ - that is by decrypting the data.
cipher
client-to-site VPN
clients, servers and other hosts establish tunnels with a private network using a remote access server or VPN gateway each client must run their own VPN software to create the tunnel for, and encrypt and encapsulate data method usually associated with remote access
Confidentiality
data can only be viewed by its intended recipient or at the intended destination
Availability
data is accessible to the intended recipient when needed
Integrity
data is not modified in the time after the sender transmits it and before the receiver picks it up
GRE
developed by Cisco Layer 3 protocol used to transmit PPP, IP and other messages through a tunnel typically implemented with IPsec for security
As a remote user, you can connect to a network via ____________, a service that allows a client to connect with and log on to a LAN or WAN in a different geographical location.
remote access
Point-to-Point
remote access using a dedicated (usually leased) line, such as DSL or T-1
Select all of the following characteristics that apply to Cloud Computing
resource pooling and consolidation Support for multiple platforms Elastic service and storage metered service on-demand service available to the user at any time
Most cloud service providers use ___________ software to supply multiple platforms to multiple users
virtualization