Advanced Networking Devices Flashcards
an encrypted tunnel between a computer or remote network and a private network through the Internet
virtual private network (VPN)
a virtual cable created in a VPN in which VPN software on the client creates a virtual NIC and creates a local IP address along with the IP information of a local network; that first IP address allows it to connect to a private network; the “cable” connects the client to a VPN server
VPN tunnel
an advanced version of PPP for VPNs; the server endpoint is an RRAS program; when the remote computer connects to the server, the protocol creates a secure tunnel through the Internet to the private LAN; every OS has a program that supports this protocol; for security, this protocol uses autentication and encryption
Point-to-Point Tunneling Protocol (PPTP)
remote access server program on a Windows server for VPN connections
Routing and Remote Access Service (RRAS)
VPN protocol that combines PPTP and L2F and adds the ability to run a VPN on almost any connection, such as Ethernet, telephone, and optical connections; the server is a VPN concentrator; Cisco provides free client software to connect to the Cisco VPN; does not use encryption or authentication, relying on IPSec for all its security needs; every OS’s VPN client supports these VPNs
Layer 2 Tunneling Protocol (L2TP)
Cisco protocol used in the L2TP VPN protocol
Layer 2 Forwarding (L2F)
the VPN-capable router used in an L2TP connection rather than a VPN server program
VPN concentrator
a VPN that offers advantages over Data Link or Network based VPNS since they don’t require special client software; clients connect to the server using a Web Browser, with traffic secured by TLS
SSL VPN
SSL VPN where the client accesses the VPN via a secure Web page
SSL portal VPN
SSL VPN where the client runs some kind of active control (ex. Java) through the Web browser; much greater access than portal VPN, and is more like a typical host-to-site connection; need sufficient permissions
SSL tunnel VP
VPN that uses UDP datagrams through a TLS tunnel rather than TCP segment for delay-sensitive applications like voice over VPN; ex., Cisco AnyConnect…
Datagram TLS (DTLS) VPN
VPN that enables direction VPN connections between multiple locations rather than having traffic pass through a central location
dynamic multipoint VPN (DMVPN)
VPN that uses Ipsec tunneling, such as Cisco IOS Easy VPN
IPSec VPN
protocol that is paired with IPSec for encryption in some VPNs
Generic Routing Encapsulation
form of managed device configuration where configuring is done through a dedicated port that is connected to a segregated switch
out-of-band management
a router with out-of-band management capabilities, like management URL?, modem connection, and console port
console outer
process of transferring VLAN traffic between two or more switches
trunking
a configuration port on each switch in a VLAN-enabled network that sends/receives all traffic between the switches
trunk port
the VLAN designation for a trunk port
native VLAN
VLAN that is based on ports
static VLAN
VLAN that is based on MAC Addresses; never used today
dynamic VLAN
a vulnerability of native VLANs that lets an attacker access VLANs that they shouldn’t; modern network now set the native VLAN to an unused VLAN
double-tagging attack
proprietary Cisco protocol that automates the updating of multiple VLAN switches; changes on the server are reflected on the client switches, while “transparent” switches hold their configuration
VLAN Trunking Protocol (VTP)
tool offered with VTP for minimizing broadcast traffic
VTP pruning
interVLAN routing configuration where a single router interface connects to multiple VLANs on a switch
router-on-a-stick
setting on a router that, when enabled and configured, will allow the router to pass DHCP traffic across the router interfaces; ports 67 and 68
relay agent/DHCP relay
Cisco proprietary configuration command that enabled DHCP relay, as well as relay for other protocols
IP helper (ip helper-address)
the act of making a bunch of servers acts as a single server, creating a server cluster
load balancing
form of load balancing where a single FQDN corresponds to multiple “A” DNS records; when a computer comes to DNS server for resolutions, the server cycles through these records
DNS load balancing
method of QoS implementation where one controls the flow of traffic through the network based on criteria, such as guaranteeing a devices an amount of bandwidth or limiting HTTP usage
traffic shaping
feature of many switches and devices where multiple ports are treated as a single connection; are outgoing cables must connect to the same device, which must support the logical joining of ports
port bonding/link aggregation/NIC bonding/NIC teaming/port aggregation
the Cisco protocol for accomplishing link aggregation
Port Aggregation Protocol (PAgP)
implementation of link aggregation?/protocol
Link Aggregation Control Protocol (LACP)
and IDS consisting of sensors placed around a network, sometimes on both sides of the gateway; also called signature-based IdS
network-based IDS (NIDS)
collection of signatures of known malware for use by anti-malware software
definition file
software running on individual systems that monitors for events like system file modification or registry changes; also called behavior-based IDS
host-based IDS (HIDS)
the ability of some switches to copy data from any or all physical ports to a single physical port
port mirroring
proxy server that acts on behalf of clients, where the servers don’t know about the clients
forward proxy server
proxy server that acts on behalf of servers; clients contact it, it gathers info from the servers, and the clients don’t know about the actual servers
reverse proxy server
