Network ch. 8 pt. 2
-DMVPN configurations are achieved through?
Creative adaption and tunneling protocols.
-T OR F IPv6 and ipv4 networks can tunnel through each other and vice versa?
True.
-Added layer of protection for ftp using ssl/tls that can encrypt both the control and data channels(port 20), listens at port 21 and requires 2 data channels 989 & 990 that are in predefined range when it makes a connection, difficult to configure through a firewall?
FTPS( FTP Security or FTP Secure)
-Dial in modem either through a wired phone link or a cellular connection might be attached to the device to provide backup____ in the event of a castrophic network shutdown?
CLI Access
-can include elements of both client-to-site and site-to-site models?
An enterprise-wide V P N
-Remote clients servers and other hosts establish tunnels with a private network through a vpn gateway at the edge of the LAN, Each remote client on this model must run VPN software to connect to VPN gateway, tunnel created between them encrypts and encapsulates data and this type of VPN is associated with remote access, clients and hosts on protected Lan communicate with remote clients with vpn gateway and not required to run vpn software, only need static public ip address for vpn gateway location?
Client to site vpn.
-A type of enterprise using Cisco devices, Dynamically creates V P N tunnels between branch locations as needed, Instead of requiring constant, static tunnels for site-to-site connections?
DMVPN(Dynamic Multipoint VPN)(Hub router needs static Ip address only and sits at hq and each remote office has spoke router for creating vpn connectins with hub routers and other spokes.
-Common requirements for remote access policies?
Devices used for remote access must be kept up to date with patches, anti-malware software, and a firewall, Device access must be controlled by a strong password or biometric measures, Passwords must be strong and must be changed periodically , The device's internal and external storage devices must be encrypted, Company and customer data that is accessed, transferred, stored, or printed must be kept secure, The loss or theft of any devices used for remote access must be reported to the company immediately, Encrypted V P N software must be used to remotely access company network resources, While remotely connected to the company network, the device must not be connected to the open Internet or any other network not fully owned or controlled by the employee, Remote sessions must be terminated when not in use.
is not a form of terminal emulation but it does provide remote file access and can transfer fileds to and from a hostcomputer running FTP Server Software., related to F T P S (F T P Security or F T P Secure), S F T P (Secure F T P), T F T P (Trivial F T P)?
File transfer protocol(FTP).(port 21)
-Cisco, layer 3 protocol Used to transmit P P P, IP and other kinds of messages through the tunnel, Used in conjunction with IPsec to increae security?
GRE(Generic Routing Encapsulation).
-Networking devices are being configured through a connected computer's browser that navigates to a management U R L, User can make changes directly to the device, Ideally the devices will require encrypted connection over?
HTTPS
-A component of the IPsec protocol suite, Offers fast throughput and good stability when moving between wireless hotspots, widely compatible and considered most secure option among vms they support.?
IKEv2
-2 most common encryption techniques used by vpns today?
IPsec and SSL
-Telnet SSH, RDP, VNC and a management URl all rely on the existing network infrastructure for a network admin to remotely control the device, before they can configure the devices they must already be booted up and must have config software installed?
In band management(limits trouble shooting abilities).
- Encapsulates P P P data in a similar manner to P P T P Can connect a V P N that uses a mix of equipment types, It is a standard accepted and used by multiple vendors, Can connect two routers, a router and a R A S, or a client and a R A S, Implemented with IPsec for security, secure and developed by cisco to allow different router brands t connect, standardized by IETF?
L2TP(Layer 2 Tunneling Protocol.)
-A single device, such as a console server or console router, provides centralized management of all _____devices?
Linked
-Many V P N tunneling protocols operate at the Data Link layer, Encapsulate the V P N frame into a?
Network layer Packet and basically has frame travel network as payload inside another frame( Some V P N tunneling protocols work at Layer 3, Enables additional features and options especially for site to site traffic.).
-Open-source V P N protocol that uses a custom security protocol called OpenSSL for encryption and can cross many firewalls where ipsec may be blocked, highly secure and configurable?
Open vpn
-Relies on a dedicated connection between the network administrator's computer and each network device, A remote management card is attached to the network device's console port or is sometimes built into the device?
Out-of-band management
-An older Layer 2 protocol that encapsulates vpn frames and supports encryption, authentication, and access services provided by the V P N server, Uses T C P segments at the Transport layer, Outdated and is no longer considered secure?
Point-to-Point Tunneling Protocol(PPTP).
-Dedicated connections for out of band management allow admins to remotely?
Power up a device, change firmware settings, reinstall operating systems, monitor hardware sensors, troubleshoot boot problems, limit network users access to management functions, manage devices even when other parts of the network are down.
-File transfer version of SSH that includes encryption and authentication and only uses single connection, inbound and outbound communications are usually configured to cross SSH's port 22, incompatible with FTPS and vsftp, supported by linux and unix server?
SFTP(Secure FTP).
-Tunnels connect multiple sites on a WAN and each site which is a VPN gateway on the edge of the LAN and establishes the secure connection, each gateway is a router or remote access server with VPN software installed and encrypts and encapsulates data to exchange over the tunnel?
Site to site VPN( clients servers and hosts don't run special Vpn software and this requires that each location has a static public IP Address.
-3 VPN models?
Site to site VPN, Client to site VPN(host to site), host to host vpn).
-Simple version of FTP that includes no authentication or security for transferring files and uses UDP at the Transport layer, requires little memory and is often used behind the scenes to transfer boot files or config files, not safe for communication over the internet and not capable of giving users access to directory information, limits file transfers to 4gb and listens at port 69 and negotiates data channel for each connection?
Trivial FTP.(TFTP)
-To ensure V P Ns can carry all types of data securely, Special V P N protocols encapsulate higher-layer protocols in a process known as?
Tunneling(Most tunneling protocols rely on an additional encryption protocol to provide data security).
-Authenticates V P N clients, Establishes tunnels for V P N connections, Manages encryption for V P N transmissions, (Two primary encryption techniques used by V P Ns:I P sec,S S L)?
VPN Concentrator(comes between switch and router and after the router is the firewall).
-Connects each site to one or more other sites in vpns?
VPN Gateway(remote clients connect to LAN through this VPN gateway.)
-A network connection encrypted from end to end that creates a private connection to a remote network, Sometimes referred to as a tunnel?
VPN(avoids the expense of having to lease private point to point connections between each office)
-A router-based V P N is the most common implementation on UNIX-based networks, Server-based V P Ns are most often found on ______networks?
Windows
-VPns are custom to each customer and every configuration is unique, but they share characteristics of ?
privacy achieved over public transmission facilities using encapsulation and encryption.
2 computers create vpn tunnel directly between them and must have appropriate software installed and don't serve as gateway to other hosts on their respective networks, usually the site that receives the VPN connection like home network needs static public IP address? Host to host vpn( or you can subscribe to ser
vice like Dynamic DNS which automatically tracks dynamic IP address information for subscriber locations.)