Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security + > IPSec > Flashcards

IPSec Flashcards

1
Q

What is IPSec?

A

A set of communication rules or protocols for setting up secure connections over a network. Adds encryption and authentication to make the IP protocol more secure. Designed to secure data over public networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where might IPSec be implemented?

A

1) Virtual Private Networks (VPN)
2) Branch offices
3) Partner Extranet
4) Remote Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Explain the process of Security Associations.

A

o Phase 1 SA
 IKE Phase 1
 Main Mode
 Traffic Management
 No encrypted data being sent yet
* Negotiation
o What kind of key exchange
 Diffie-Hellman
 ECDHE
o Authentication
 Certificates
 PSK
o Encryption
o Session Duration
o Phase 2 SA
 IKE Phase 2
 Quick Mode
 Data Exchange
* Set up two one-way tunnels
* Two separate data exchanges
 Negotiation
* IP Sec Protocol
o AH
o ESP
* Encapsulation
* Authentication
* Session Duration
* (Optional) DH Exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is IPSec Authentication Header (AH)?

A

It provides data integrity by using an authentication algorithm. It does not encrypt the packet. Verifies integrity. Uses IP protocol 51.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is IPSec Encapsulating Security Payload (ESP)?

A

It provides origin authenticity through source authentication, data integrity through hash functions, and confidentially through encryption protection for IP packets. Uses IP protocol 50.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is IPSec Encapsulation?

A

Handled by ESP or AH or both for an IPSec tunnel. Includes encrypting the data portion of the header if ESP is being used, adding the appropriate header to provide the IPSec peer with information on how to decrypt the date (for ESP), and generating hashes to be used by the peer for verifying that the data (and the IP header in the case of AH) was not tampered with. Can be done in tunnel or transport mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Show the difference between Transport and Tunnel Mode.

A

See the illustration on pg. 37 of the notes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Security Parameter Index (SPI)?

A

An identifier used to uniquely identify both manually and dynamically established IPSec Security Associations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Internet Security Association and Key Management Protocol (ISAKMP)?

A

Used for negotiating, establishing, modification, and deletion of security associations and related parameters. It defines the procedures and packet formats for peer authentication creation and management of SAs and techniques for key generation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security + (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions