Cnt 125 ch 7

¡Supera tus tareas y exámenes ahora con Quizwiz!

host-to-host VPN

2 computers create a VPN tunnel directly between them both computers have appropriate software installed

Software Running on a Server

A Windows Server that is running Direct-Access that can automatically authenticate remote users and computers to the Windows Domain

After connecting, a remote client can access files, applications, and other shared resources, such as printers, like any other client on the LAN or WAN.

True

Examples of symmetric key encryption (private)

AES, 3DES (private )

To communicate via remote access, the client and host need a transmission path plus the appropriate software to complete the connection and exchange data.

True

Hosted Hypervisor

Client Hyper-V, VirtualBox, VMware Player, Linux KVM

Steps for SSL/TLS

Client hello, server hello, certification/key exchange

_____________________ refers to the flexible provision of data storage, applications, or services to multiple clients over a network. The term includes a broad range of offerings, from hosting Web sites, to delivering specialized applications to providing virtual servers for collaboration or software development.

Cloud Computing

hybrid cloud

Combination of the other service models into a single deployment Public cloud for email ... but private cloud for storing data

Assurance encryption provides

Confidential, integrity, and availability

IaaS

Hardware services and network infrastructure devices Vendor has the hardware for customer ... but customer is responsible for own applications, OS's, licenses and data backup Example: customer uses vendor servers to store data, host websites, provide email, DNS or DHCP Services

Examples of public symmetric encryption

DSS, RSA,

L2TP

Developed by Cisco and standardized by IETF Encapsulates PPP data in a similar manner to PPTP Can connect a VPN that uses a mix of equipment types It is a standard accepted and used by multiple vendors Can connect two routers, a router and a RAS, or a client and a RAS typically implemented with IPsec for security

PPTP

Developed by Microsoft A Layer 2 protocol that encapsulates PPP data frames so they can traverse the Internet masked as an IP transmission Uses TCP segments at the Transport layer Outdated and no longer considered secure

_______ is an encryption protocol suite that defines rules for encryption, authentication, and key management for TCP/IP transmissions. It is an enhancement to IPv4 and is native in IPv6. ______ works at Network Layer - it sdds security information to the header of all IP packets and encrypts the data payload.

IPsec

IPSec steps

Initiation, key management, security negotiation, data transfer, termination(use VPN)

IKE

Internet Key Exchange, negotiates the exchange of keys including authentication keys

A ______ hypervisor installs on a computer before any OS and is often called a bare-metal hypervisor.

Type 1

A ______ hypervisor installs in a host OS as an application and is called a hosted hypervisor.

Type 2

PKI (Public Key Infrastructure)

Use of certificate authorities to associate public keys with certain users

SDN

VMware, Cisco, HP, IBM and Juniper controller software OpenDaylight, Beacon, OpenShift

_______ is open source, so therefore is cross-platform, and can be used to remotely connect to and control desktop and server systems.

VNC

digital certificate

a small file containing verified identification information about the user and the user's public key

Upon creation, each vNIC is automatically assigned its own ______________.

MAC Address

In _________ mode, the VM obtains IP addressing information from its host, rather than a service or router on the physical network.

NAT mode

Merging physical and virtual network architecture is called ________

NFV - Network Functions Virtualization

Iaas

Network architect, cloud storage, web hosted VMs

PaaS

OS, runtime libraries or modules the OS provides to applications, and the hardware on which the OS runs Provider now handles the OS and associated SW for OS Vendor has the hardware for customer, OS's, and associated SW for the OS ... but customer is responsible for own applications and data backup

Telnet concerns

Provides little security, poor authentication, no security for transmitting data ( no encryption)

_________ is a Microsoft proprietary protocol used to remotely connect to and control Windows Desktop and Server systems

RDP

________ is a collection of protocols that does both authentication and encryption. With ________, you can securely log on to a host, execute commands on that host, and copy files to and from that host. _______ encrypts data exchanged throughout the session.

SSH

______ are methods of encrypting TCP/IP transmissions - including web pages and data entered into web forms - en route between client and server using public key encryption technology. All modern browsers support (IE, Firefox, Chrome) support its use to create secure transmissions of HTTPS sessions.

SSL/TLS

Private/Symmetric Key Encryption

Same key used during both encryption and decryption

private cloud

Service established on an organization's own servers in its own data center Customer maintains own virtual servers

public cloud

Service provided over public transmission lines Most examples discussed occur in public cloud (Gmail, etc..

community cloud

Service shared between multiple organizations Medical Database between hospitals and doctors in area

FTPS

added layer of protection for FTP using SSL/TLS

Terminal Emulation

allows a remote client to take over and command a host computer (Examples: Telnet, SSH, Remote Desktop and VNC)

In _________ mode, a vNIC accesses a physical network using the host machine's NIC

bridged mode

IKEv2

component of IPsec protocol offers fast throughput and good stability when moving between wireless hotspots compatible with a variety of devices

Select from the following list the dis-advantages of virtualization.

compromised performance increased complexity increased licensing costs single point of failure

Select from the following list all of the advantages of virtualization

efficient use of resources cost and energy savings fault and threat isolation simple backups, recovery and replication

SFTP

file-transfer version of SSH - it is an extension of the SSH protocol

each VM on the physical computer

guest

the physical computer

host

In _________ mode, VMs on one host can exchange data with each other and with their host, but they cannot communicate with any node beyond the host.

host-only mode

the software that allows you to define VMs and manage resource allocation and sharing

hypervisor

When you use a web browser and plug in the IP Address of the router to connect to and configure the router, you are using a _________.

management URL

Each VM can have ____ vNICs, no matter how many NICs the host machine has

only limited by virtualization software

OpenVPN

open source VPN protocol that uses OpenSSL for encryption has ability to cross many firewalls highly secure and highly configurable

out-of-band management

out-of-band management

NFV

pfSense VMware Ready Virtual Firewall by Netgate Barracuda's NextGen Firewall F-Series

To ensure a VPN can carry all types of data in a private manner over any kind of connection, special VPN protocols encapsulate higher-layer protocols in a process known as _____________.

tunneling

site-to-site VPN

tunnels connect multiple sites on a WAN VPN gateway encrypts and encapsulates data to exchange over the tunnel with another VPN gateway clients and servers do not have to run special VPN software

Public/Asymmetric Key Encryption

two keys are used for data encryption - #1 for encrypting and #2 for encrypting

Every VM has its own virtual network adapter, or ___________, that can connect the VM to other machine, both physical and virtual. Just like a physical NIC, a ___________ operates at the Data Link Layer and provides the computer with network access.

vNIC

A _______ or bridge is a logically defined device that operates at the data link layer to pass data frames between nodes. Thus, it can allow VMs to communicate with each other and with nodes on a physical LAN or WAN

vSwitch

TFTP

simple version of FTP that includes no authentication of security - most often used by machines behind the scenes to transfer boot files or configuration files

PPPoE

standard for connecting home computers to ISP via DSL or broadband cable When PPP is used over Ethernet Network

_________ is a terminal emulation utility that allows an administrator or other network user to control a computer remotely. You can use ________ to access a router or switch and run commands to change the configuration settings. However, __________ provides little security for establishing a connection (poor authentication) and no security for transmitting data (no encryption).

telnet

command-line software

telnet SSH

Remote virtual computing, also called _____________, allows a user on one computer, called a client, to control another computer, called the host or server, across a network connection.

terminal emulation

certificate authority

the organization that issues and maintains the digital certificates

public-key infrastructure

the use of certificate authorities to associate public keys with certain users

An SSL Session is created between a client and a server. This is established by the SSL Handshake protocol. Place the steps of the SSL Handshake protocol in order.

3__ Key Exchange occurs and the secure channel is in place and data exchange begins __2__ Server Hello - Server sends a message back to the client and agrees to the encryption terms __1__ Client Hello - Client Browser sends a message to a web server with the level of security that the

Traditional virtualization

All hardware, software, and everything else is located and managed at your location

Paas

Application developers, web hosted databases, web servers

SaaS

Applications Provider now handles the Application for the customer Vendor has the hardware for customer, OS's, and associated SW for the OS, the application and data backup Example: Gmail & Yahoo email Example: Google drive

PPP

Can negotiate and establish a connection between two computers Can authenticate a client to a remote system (PAP or CHAP) Can support several types of Network layer protocols Can encrypt the transmissions, although encryption is considered weak by today's standards

Dedicated Devices

Cisco AS5800 access server that performs authentication for clients

SLIP

Early and less sophisticated Does not support encryption Can only carry IP packets Works strictly on serial connections (Dial up or DSL)

Sass

End users, email, social media, online game

Types of remote access

PPP, PPPoe

Port Forwarding

Redirect traffic that would normally be use an insecure port (FTP) to a SSH- secure port

GUI-based software

Remote Desktop for Windows join.me VNC Team Viewer

Three states of data

Rest, in use, in motion

_______ is a centralized approach to networking that removes most decision-making power from network devices and instead handles the responsibility at a software level with a network controller

SDN - Software-Defined Networking

HTTPS

TCP Port # 443

HTTP

TCP Port # 80

in-band management

Telnet, SSH, RDP, VNC, management URL

A ______ is a network connection encrypted from end to end that create a private connection to a remote network.

VPNs

Example of certificate authority

Verisign

________________ is a virtual, or logical version of something (emulation of a computer, operating system environment, or application) rather than the actual or physical version of something

Virtualization

Xaas

X represents an unknown, the cloud can provide any combination of functions depending on a clients exact needs. Ex: monitoring, storage, applications, and virtual desktops

Bare-Metal Hypervisor

XenServer by Citrix, ESXi by VMware, Hyper-V by Microsoft

IPsec creates secure connections in five step. Place the following steps for IPsec in the correct order

__3__ Security negotiations - IKE continues to establish security parameters __5__ Termination - Require regular re-establishment of a connection to minimize the opportunity of interference __4__ Data transfer - A secure data channel is created which can be used until the secure channel is broken __1__ IPsec initiation - Noteworthy traffic triggers IPsec session __2__ Key management - The way in which the 2 nodes will deal with keys

VPN

a virtual connection between 2 hosts or sites over the Internet to remotely provide network resources

Encryption is the use of mathematical code, called a __________, to scramble data into a format that can be read only by reversing the _________ - that is by decrypting the data.

cipher

client-to-site VPN

clients, servers and other hosts establish tunnels with a private network using a remote access server or VPN gateway each client must run their own VPN software to create the tunnel for, and encrypt and encapsulate data method usually associated with remote access

Confidentiality

data can only be viewed by its intended recipient or at the intended destination

Availability

data is accessible to the intended recipient when needed

Integrity

data is not modified in the time after the sender transmits it and before the receiver picks it up

GRE

developed by Cisco Layer 3 protocol used to transmit PPP, IP and other messages through a tunnel typically implemented with IPsec for security

As a remote user, you can connect to a network via ____________, a service that allows a client to connect with and log on to a LAN or WAN in a different geographical location.

remote access

Point-to-Point

remote access using a dedicated (usually leased) line, such as DSL or T-1

Select all of the following characteristics that apply to Cloud Computing

resource pooling and consolidation Support for multiple platforms Elastic service and storage metered service on-demand service available to the user at any time

Most cloud service providers use ___________ software to supply multiple platforms to multiple users

virtualization


Conjuntos de estudio relacionados

Chapter 50: Behavior, Cognition, Development, or Mental Health/Cognitive or Mental Health Disorder

View Set

Chemistry Unit 4: Chemistry of Climate Change: Part 2 Lesson 1

View Set

AMSCO CHAPTER 10, PAPUSH: The Age of Jackson

View Set

Intro to Corrections Test 1 Study Questions

View Set