13.8 Virtual Private Networks and Remote Switch Access Flashcards
Describe VPN
allows a remote user to connect to needed resources. VPNs accomplish this by using already-established internet connections. Data that flows across an internet connection is generally not secure. All data that flows across the VPN is encrypted and repackaged. This is why processes on VPN connections are sometimes referred to as tunneling protocols. Many users also use VPN connections on their personal internet connections to surf the internet anonymously.
Describe Point-to-Point Tunneling Protocol
Is the oldest and most-used tunneling protocol.
Was developed by Microsoft for use with dial-up networks.
Uses 128-bit encryption, but is very easy to break due to its old age.
Is one of the faster protocols because of its low encryption standards
Describe Layer 2 Tunneling Protocol with internet Protocol Security (L2TP/IPsec)
Was developed by Microsoft and Cisco in the 1990s.
Pairs L2TP with IPsec to make it one of the more secure VPN methods.
Is slower than PPTP due to higher encryption standards.
Describe Secure Socket Tunneling Protocol (SSTP)
Was developed by Microsoft with the release of Windows Vista. Comes loaded and configured in all later Windows. versions.
Is usually paired with the Advanced Encryption Standard (AES).
Is used only by Windows, so it is not compatible with other operating systems.
Describe Internet Key Exchange v2 (IKEv2)
Is a unique tunneling protocol that reconnects a dropped connection. This protocol is often used by mobile devices because of this feature.
Was developed by Microsoft and Cisco.
Is one of the fastest and most secure protocols available.
Is not compatible with many operating systems.
Describe OpenVPN
Was released in 2001.
Is an extremely configurable open-source protocol. OpenVPN can be set up to use many different ports and encryption methods.
Is used by many third-party VPN providers.
Is extremely secure when configured properly and about as fast as L2TP/IPsec.
Describe Remote Access VPN
A remote access VPN lets remote and mobile users connect to the organization network securely. Remote access VPNs:
Desrcibe SSL VPN
SSL uses the public key infrastructure (PKI) and digital certificates to authenticate peers.
Describe Site-tosite IPsec VPNs
Site-to-site VPNs connect networks across an untrusted network such as the internet.
Describe GRE over IPsec (GRE)
Generic Routing Encapsulation is an unsecure site-to-site VPN tunneling protocol.
Describe Dynamic Multipoint VPNs
When an organization needs to add more sites, other VPN types may not be sufficient. Dynamic Multipoint VPN (DMVPN) is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner.
Describe IPsec Virtual Tunnel Interface
IPsec Virtual Tunnel Interface (VTI) simplifies the configuration process required to support multiple sites and remote access
Describe Service Provider Multi-Protocol Label Switching (MPLS) VPNs
Many VPN service providers utilize MPLS in their core networks.
What is IPsec
an IETF standard that defines how a VPN can be secured across IP networks. IPsec protects and authenticates IP packets between source and destination.
Describe the Authentication Header Protocol
AH provides integrity and authentication.
AH provides a message integrity check with the Keyed-hash Message Authentication Code (HMAC). With HMAC, a symmetric key is embedded into a message before the message is hashed. When the message is received, the recipient’s symmetric key is added back into the message before hashing the message. If the hash values match, message integrity is proven.
AH uses Secure Hashing Algorithm 1 (SHA-1) or Message Digest v5 (MD5) for integrity validation.
