12.6 VPNs Flashcards
What are the two primary categories of VPNs?
Site-to-site and client-to-site
IPSec
IP Security
GRE
Generic routing encapsulation
L2TP
Layer 2 Transport Protocol, A VPN protocol that lacks security features, such as encryption and operates at Layer 2.
L2F
Layer 2 forwarding, A VPN protocol designed with the intent of providing a tunneling protocol for PPP.
IPSec VPNs offers what type of protection?
Confidentiality, integrity, and authentication.
IPSec operates at what layer?
3
IKE +
Internet Key Exchange. IPSec can provide encryption between authenticated peers using encryption keys, which are periodically changed. IKE, however, allows an administrator to manually configure keys.
What are the three modes of operation that IKE can use?
Main mode (involves three exchanges of info), aggressive mode, quick mode.
PFS +
Perfect forward secrecy, makes sure that a session key remains secure.
ISAKMP
Internet security association and key management protocol
SA
Security association
IPSec relies on either the _____ protocol (IP protocol number 51) or the _____ protocol (IP protocol number 50)
Authentication Header AH, Encapsulating Security Payload ESP
What is the main distinction between AH and ESP?
ESP encrypts the original packet, while AH does not offer encryption
What does the GRE tunneling Protocol do?
The original IP packet is encapsulated inside of a GRE tunnel packet, which adds a new GRE tunnel header. The GRE packet is then sent over an IPSec tunnel. Even if the IPSec tunnel were running in transport mode, the original packet’s IP header would still not be visible. Instead, the GRE packet’s header would be visible.
