AWS IPSEC Flashcards

1
Q

In IPSEC what is an SA used for?

A

The SA holds the one-way relationship between sender and receiver defined by the SA parameters.

  • One SA for inbound traffic
  • One SA for outbound traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is IKE?

A

IKE is an internet key exchange and is used to set up the security associations. There are two IKE version IKEv1 and IKEv2. An example of IKE is strong strongswan on linux.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What ports does IKEv2 use?

A

UDP Port Number=500 (controle path)
UDP Port Number=4500 (controle path)
IP Protocol Type=ESP (value 50 and 51) (data path)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In IPSec what are the two IP headers used

?

A

AH and ESP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This is the AH header in IPSec?

A

It is the auth header, in the IP layer, it is the packets sent over the wire. AH only authenticates the IP packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This is the ESP header in IPSec?

A

It is the IP packets and is encrypted, authenticated and its integrity is checked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In IPSec is there a data plane and a control plane?

A

Yes data travels over the data plane, this when we send the ESP packets, the control plane uses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you monitor the V PN tunnels?

A

CloudWatch enables you to monitor the tunnel health and activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Whet the AWS VPN, must the client or AWS send data to establish the tunnel?

A

The client, AWS will never send data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly