Chapter_7 part 1 Flashcards
what is a GRE?
GRE= Generic Routing Encapsulation:
cisco tunneling protocol, encapsulates a wide variety of network protocols into an ip tunnel.
what is the point of GRE?
GRE= Generic Routing Encapsulation : creates a virtual point to point link to cisco routers at remote points over ip networks. encapsulates network layer protocol packets inside IP tunnels.
ASA?
ASA= Adaptive Security Appliance
what is an ASA used for?
ASA= Adaptive Security Appliance:
is a firewall that combines firewall, VPN concentration and intrusion prevention into one software image.
how does a site to site connection work? what is it?
a VPN connection between 2 or more sites over the internet. each site has a vpn terminating device (VPN gateway) on the edge of the network. the internal hosts do not know about the vpn connection and use regular TCP/IP communication.
what are: Remote Access VPN’s?
a VPN used by a telecommuter to connect to a corp. network. the user needs vpn software and the corp. network needs a VPN gateway at its edge of the network.
GRE header contains?
24 bytes additional- used for tunneling overhead, stateless= no flow control mechanisms, has flag field for optional header fields , protocol type indicator.
what are the GRE steps to configure a tunnel?
1- admin needs ip’s of endpoints
2- create a tunnel interface using correct command
3- specify the tunnel source ip address
4- specify the tunnel destination (physical ip address of destination router)
5- configure ip address for the tunnel interface (this is the network for the tunnel with subnet mask.)
what does IPsec provide? what 3 standards/services?
Data confidentiality, integrity and authentication.
what layer of the tcp/ip model does IPsec work on?
layer 3 (packets)
IKE?
IKE: internet Key exchange- used by ipsec to authenticate users/ devices.
PSK?
PSK: Preshared Key- used by internet key exchange authentication for ipsec for the authentication process.
CIA?
CIA: Confidentiality, Integrity and Authentication
anti-replay protection?
ipsec: detects and rejects replayed (duplicated packets) to protect against spoofing.
EFT
EFT: electronic Funds Transfer
what is AES used for?
AES: is encryption that is 256 bits long used in ipsec.
what are the 2 types of encryption standards used in ipsec today?
AES (256 bits) and RSA: 2048 bits.
Symmetric Encryption?
each user of encryption (sender and receiver) knows the key before-hand. pre-shared key.
encryption types that use symetric keys? (3 types)
DES, 3DES and AES
What is Asymmetric Encryption?
diff. keys for encryption and decryption. private key to decrypt and public to encrypt. (RSA)
what type of encryption uses Asynmetric Encryption?
RSA
DH?
DH= Diffie Hellman- method used to securely exchange keys for data encryption
what is DH used for?
DH: diffie Hellman- specifies public key excahnge method so that when private/ public keys are shared over a public line, only the intended recipients can see/ read the data.
HMAC?
hash based message authentication code
types of HMAC algorithms are (2)?
HMAC: Hash Based message authentication- MD% and SHA
what is a HASH and why use it?
a Hash is a number that is a result of a mathematical equation of he original message.
*the sender makes a hash of the message and sends with the message, the receiver combines the hash and the message… makes a new hash and compares the 2 hashes. if same then message is legit.
name 2 common HMAC algorithms:
MD5: 128 bit shared secret key and message combined into 128 bit hash then combined with msg and sent.
**SHA: 160 bit key and msg combined to make 160 bit hashed . hash is added to msg and forwarded to recipient.
how does HMAC work?
HMAC: Hash-based Message Authenticate Code:
a secret key is combined with a msg and hashed. the resulting hash is added to orig. msg. and sent to receiver, receiver does same and compares the 2 hash values.
PSK?
PSK= Pre Shared Key:
RSA?
RSA: Digital certificated are exchanged between devices. certificates are made by- a hash is derived, and encrypted with public key- sent then receiver decrypts hash with private key and compares hash to checksum.
CA?
Certificate authority:
