Chapter_7 part 1

Question 1

what is a GRE?

Answer 1

GRE= Generic Routing Encapsulation:

cisco tunneling protocol, encapsulates a wide variety of network protocols into an ip tunnel.

Question 2

what is the point of GRE?

Answer 2

GRE= Generic Routing Encapsulation : creates a virtual point to point link to cisco routers at remote points over ip networks. encapsulates network layer protocol packets inside IP tunnels.

Question 3

ASA?

Answer 3

ASA= Adaptive Security Appliance

Question 4

what is an ASA used for?

Answer 4

ASA= Adaptive Security Appliance:

is a firewall that combines firewall, VPN concentration and intrusion prevention into one software image.

Question 5

how does a site to site connection work? what is it?

Answer 5

a VPN connection between 2 or more sites over the internet. each site has a vpn terminating device (VPN gateway) on the edge of the network. the internal hosts do not know about the vpn connection and use regular TCP/IP communication.

Question 6

what are: Remote Access VPN’s?

Answer 6

a VPN used by a telecommuter to connect to a corp. network. the user needs vpn software and the corp. network needs a VPN gateway at its edge of the network.

Question 7

GRE header contains?

Answer 7

24 bytes additional- used for tunneling overhead, stateless= no flow control mechanisms, has flag field for optional header fields , protocol type indicator.

Question 8

what are the GRE steps to configure a tunnel?

Answer 8

1- admin needs ip’s of endpoints
2- create a tunnel interface using correct command
3- specify the tunnel source ip address
4- specify the tunnel destination (physical ip address of destination router)
5- configure ip address for the tunnel interface (this is the network for the tunnel with subnet mask.)

Question 9

what does IPsec provide? what 3 standards/services?

Answer 9

Data confidentiality, integrity and authentication.

Question 10

what layer of the tcp/ip model does IPsec work on?

Answer 10

layer 3 (packets)

Question 11

IKE?

Answer 11

IKE: internet Key exchange- used by ipsec to authenticate users/ devices.

Question 12

PSK?

Answer 12

PSK: Preshared Key- used by internet key exchange authentication for ipsec for the authentication process.

Question 13

CIA?

Answer 13

CIA: Confidentiality, Integrity and Authentication

Question 14

anti-replay protection?

Answer 14

ipsec: detects and rejects replayed (duplicated packets) to protect against spoofing.

Question 15

EFT

Answer 15

EFT: electronic Funds Transfer

Question 16

what is AES used for?

Answer 16

AES: is encryption that is 256 bits long used in ipsec.

Question 17

what are the 2 types of encryption standards used in ipsec today?

Answer 17

AES (256 bits) and RSA: 2048 bits.

Question 18

Symmetric Encryption?

Answer 18

each user of encryption (sender and receiver) knows the key before-hand. pre-shared key.

Question 19

encryption types that use symetric keys? (3 types)

Answer 19

DES, 3DES and AES

Question 20

What is Asymmetric Encryption?

Answer 20

diff. keys for encryption and decryption. private key to decrypt and public to encrypt. (RSA)

Question 21

what type of encryption uses Asynmetric Encryption?

Answer 21

RSA

Question 22

DH?

Answer 22

DH= Diffie Hellman- method used to securely exchange keys for data encryption

Question 23

what is DH used for?

Answer 23

DH: diffie Hellman- specifies public key excahnge method so that when private/ public keys are shared over a public line, only the intended recipients can see/ read the data.

Question 24

HMAC?

Answer 24

hash based message authentication code

Question 25

types of HMAC algorithms are (2)?

Answer 25

HMAC: Hash Based message authentication- MD% and SHA

Question 26

what is a HASH and why use it?

Answer 26

a Hash is a number that is a result of a mathematical equation of he original message.
*the sender makes a hash of the message and sends with the message, the receiver combines the hash and the message… makes a new hash and compares the 2 hashes. if same then message is legit.

Question 27

name 2 common HMAC algorithms:

Answer 27

MD5: 128 bit shared secret key and message combined into 128 bit hash then combined with msg and sent.
**SHA: 160 bit key and msg combined to make 160 bit hashed . hash is added to msg and forwarded to recipient.

Question 28

how does HMAC work?

Answer 28

HMAC: Hash-based Message Authenticate Code:
a secret key is combined with a msg and hashed. the resulting hash is added to orig. msg. and sent to receiver, receiver does same and compares the 2 hash values.

Question 29

PSK?

Answer 29

PSK= Pre Shared Key:

Question 30

RSA?

Answer 30

RSA: Digital certificated are exchanged between devices. certificates are made by- a hash is derived, and encrypted with public key- sent then receiver decrypts hash with private key and compares hash to checksum.

Question 31

CA?

Answer 31

Certificate authority: