8.3

Ace your homework & exams now with Quizwiz!

provides authentication features.

Authentication Header

Host-to-host communications within a LAN. VPN communications through the Internet, either by itself or in conjunction with the L2TP VPN protocol. Any traffic supported by the IP protocol including Web, e-mail, Telnet, file transfer, and SNMP traffic as well as countless others.

IPSec

provides authentication and encryption, and can be used in conjunction with L2TP or by itself as a VPN solution.

IPSec

uses either digital certificates or pre-shared keys.

IPSec

negotiates the connection. As two end points are securing an IPSec network, they have to negotiate what is called a Security Association (SA). An inbound and outbound SA is necessary for each connection with a remote endpoint.

Internet Key Exchange

Is not supported by older operating systems.

L2TP

Supports multiple protocols (not just IP).

L2TP

Uses IPSec for encryption.

L2TP

Uses TCP port 1701 and UDP port 500.

L2TP

is an open standard for secure multi-protocol routing.

L2TP

Encapsulates other LAN protocols and carries the data securely over an IP network.

PPTP

Is supported by most operating systems and servers.

PPTP

Supports TCP/IP only.

PPTP

Uses Microsoft's MPPE for data encryption.

PPTP

Uses TCP port 1723.

PPTP

Uses standard authentication protocols, such as Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP).

PPTP

was one of the first VPN protocols. Developed by Microsoft

PPTP

use the unencrypted packet headers to deliver the packet to the destination device.

Routers

Authenticates the server to the client using public key cryptography and digital certificates.

SSL

Encrypts the entire communication session.

SSL

The SSL protocol has long been used to secure traffic generated by other IP protocols such as HTTP, FTP, and e-mail. SSL can also be used as a VPN solution, typically in a remote access scenario.

SSL

Uses port 443, a port that is often already opened in most firewalls.

SSL

are devices that can encrypt and decrypt packets.

Tunnel endpoints

can be used over a local area network, across a WAN connection, over the Internet, and even between a client and a server over a dial-up connection through the Internet.

VPN

is a network that uses encryption to allow IP traffic to travel securely over the TCP/IP network.

VPN

is used primarily to support secured communications over an untrusted network.

VPN

work by using a tunneling protocol that encrypts packet contents and wraps them in an unencrypted packet.

VPN

routers on the edge of each site establish a VPN with the router at the other location. Data from hosts within the site are encrypted before being sent to the other site. With this configuration, individual hosts are unaware of the VPN.

site-to-site VPN

IKE uses the following functions:Internet Security Association Key Management Protocol (ISAKMP) establishes a framework for the negotiation. The Diffie-Hellman key exchange generates symmetric keys used for the encryption of the negotiation of the SA.

...

If you use only AH, data is not encrypted.

...

Implementations that use SSL for VPN tunneling include Microsoft's SSTP and Cisco's SSL VPN.

...

Intermediate routers along the path cannot (and do not) read the encrypted packet contents.

...

Use AH to enable authentication with IPSec. AH provides a message integrity check with the Hashed Keyed Message Authentication Code (HMAC). With HMAC, a symmetric key is embedded into a message before the message is hashed. When the message is received, the recipient's symmetric key is added back into the message before hashing the message. If the hash values match, message integrity is proven. AH uses SHA-1 (Secure Hashing Algorithm 1) or MD5 (Message Digest v5) for integrity validation.

...

Use ESP to encrypt data.

...

You should be aware that ports must be opened in firewalls to allow VPN protocols. For this reason, using SSL for the VPN often works through firewalls when other solutions do not. In addition, some NAT solutions do not work well with VPN connections.

...

hen you create a VPN, you establish a security association between the two tunnel endpoints. These endpoints create a secure, virtual communication channel. Only the destination tunnel endpoint can unwrap packets and decrypt the packet contents.

...

provides data encryption.

Encapsulating Security Payload

two hosts establish a secure channel and communicate directly. With this configuration, both devices must be capable of creating the VPN connection.

host-to-host VPN

a server on the edge of a network (called a VPN concentrator) is configured to accept VPN connections from individual hosts in a client-to-site configuration. Hosts that are allowed to connect using the VPN connection are granted access to resources on the VPN server or the private network.

remote access VPN


Related study sets

Chapter 10 Inheritance CSC 252 C++

View Set

CH 10 - Making Capital Decisions (Fin Mngmt)

View Set

ASQ: Ch 13 Problem-Solving Tools (P 314 - 352)

View Set

COSC 3332 - Computer Organization and Architecture

View Set