ICND2-Chap17 Flashcards
Chapter 17: Virtual Private Networks
VPN Encryption Algorithms: Data Encryption Standard (DES)
Key Length 56 bits; Older and less secure than the other options listed here.
VPN Encryption Algorithms: Triple DEX (3DES)
56 bits x 3; Applies three different 56-bit DES keys in succession; improving the encryption strength versus DES.
VPN Encryption Algorithms: Advanced Encryption Standard (AES)
128 and 256 bits; Considered the current best practice; with strong encryption and less computation than 3DES.
Diffie-Hellman Option: DH-1 Key Length
768-bit
Diffie-Hellman Option: DH-2 Key Length
1024-bit
Diffie-Hellman Option: DH-5 Key Length
1536-bit
Intranet VPN
Connects all the computers at two sites of the same organization; typically using one VPN device at each site
Extranet VPN
Connects all the computers at two sites of different but partnering organizations; typically using one VPN device at each state
Access VPN
Connects individual Internet users to the enterprise network
IPsec Message integrity option: HMAC-MD5
HMAC-MD5 uses a 128-bit shared key; generating a 128-bit hash value
IPsec Message integrity option: HMAC-SHA
HMAC-Secure Hash Algorithm defines different key sizes (for example; SHA-1 [160]; SHA-256 [256]; and SHA-512 [512]) to support different encryption key sizes. Considered better than MD5 but with more compute-time required.
IPsec Authentication option: Pre-Shared Keys
Both VPN devices must be preconfigured with the same secret key.
Ipsec Authentication option: Digital signatures
Also called Rivest; Shamir and Adelman (RSA) signatures. The sender encrypts a value with its private key; the receiver decrypts with the sender’s public key and compares with the value listed by the sender in the header.
Functions Supported by IPsec Encapsulating Security Payload (ESP)
Authentication (weak); Message integrity; Encryption; Antireplay
Functions Supported by IPsec IP Authentication Header (AH)
Authentication (strong); Message integrity
