IPSec

Question 1

What protocol was TLS based on?

Answer 1

SSL 3.0

Question 2

What algorithms does TLS use for key exchange?

Answer 2

RSA or Diffie-Helman

Question 3

How is authentication done in TLS?

Answer 3

Using RSA or digital signatures

Question 4

What is the process of SSL/TLS authentication?

Answer 4

Browser requests web server identifies itself
Server sends browser SSL Certificate
Browser checks if it trusts the SSL certificate, and responds
Server responds with signed acknowledgement and starts SSL encrypted session.

Question 5

What is HMAC?

Answer 5

Keyed-Hashing for Message Authentication Code.

Same as MAC except uses a key for extra authentication

Can use intermediate CA”s to verify signatures rather than going back to root.

Question 6

What properties of a network are vulnerable?

Answer 6

Precursors
Authentication
Confidentiality
Integrity
Availability
Programming Flaws
Mobile Agents

Question 7

What attack vectors are there for authentication?

Answer 7

Impersonation
Eavesdropping
Spoofing
Session Hijacking

Question 8

What attack vectors are there for confidentiality?

Answer 8

Protocol Flaws
Eavesdropping
Wiretap
Misdelivery
Exposure
Traffic Flow Analysis
Cookies

Question 9

What attack vectors are there for integrity?

Answer 9

Protocol Flaws
Wiretap
Falsification of messages
Network Noise
DNS attack

Question 10

What attack vectors are there for availability on a network?

Answer 10

Protocol flaws
Component Failure
DoS
Traffic Redirection
Ping of Death
Smurf
Syn flood

Question 11

What programming flaws are commonly seen that lead to vulnerabilities?

Answer 11

Buffer overflows
Addressing errors
Language vulnerabilities
Viruses

Question 12

What is IPSec?

Answer 12

Internet Protocol Security

Framework of open standards for ensuring private, secure communications over IP networks.

Uses cryptographic security services.

Question 13

What does the IPSec suite provide?

Answer 13

Protection against private network and internet attack through end-to-end security.

Question 14

What does IPSec allow for?

Answer 14

Protection of communications between workgroups, LANs, Domain clients and servers, extranets and roving clients

Question 15

What was IPSec developed to address?

Answer 15

The needs for data security, integrity, authentication and protection for network connections which are connectionless and stateless.

Question 16

What does IPSec allowing the transmission of?

Answer 16

Packets sent with cryptography.

Question 17

What is the drawback of applying cryptography to every packet?

Answer 17

Each packet must be treated as an independent entity

There is no guaranteed delivery

No packet order maintenance

Question 18

What are the benefits of IPSec?

Answer 18

All IP datagrams are covered

No need to re-engineer applications

Transparent to the upper layer.

Question 19

What are the two basic modes of use of IPSec?

Answer 19

Transport mode

Tunnel mode

Question 20

How does transport mode work?

Answer 20

IPsec-aware hosts as endpoints

Question 21

How does tunnel mode work?

Answer 21

IPSec-unaware hosts have tunnels established by intermediate gateways or host OS.

Question 22

What is the AH?

Answer 22

Authentication Header

Assures authenticity and integrity of the message.

Uses a message digest to check the integrity of the whole IP datagram and adds an extra header containing the digest.

Question 23

What is an ESP?

Answer 23

Encapsulated Security Payload

Assures confidentiality, integrity and authenticity of the message by hashing the payload.

Question 24

What happens in tunnel mode?

Answer 24

A new IP header is put at the front of the message.

Question 25

What does the AH provide?

Answer 25

Connectionless data integrity and data origin authentication.

Creates stateful channel using sequence numbers.

Payload, Source UP, Most of Header, AH sequence number are all authenticated.

Uses MAC and secret key shared between endpoints

Question 26

WHat does ESP provide?

Answer 26

One or both of:
Confidentiality for payload
Authentication of payload

Symmetric encryption and MACs based on secret keys are shared between endpoints

Question 27

What does ESP add to datagrams?

Answer 27

Header, containing Security Parameters Index which specific algorithms and keys used for IPSec processing

Trailer field, including padding needed for encryption algorithm and MAC hash value

Question 28

How does IPSec transport mode work?

Answer 28

IPSec processing performed at endpoints of secure channel

Endpoints must be IPSec-aware

Only source and destination addresses are unencrypted

Question 29

How does IPSec Tunnel mode work?

Answer 29

Requires visibility of local network.

Extra overheads in preparation and transit (~20B)

Question 30

What is the SPI in an ESP packet?

Answer 30

Security Parameter Index (SPI) which identifies the security association (SA) for the IP packet.

Question 31

What is the ESP header made up of?

Answer 31

Security Parameter Index (SPI) and sequence number.

Question 32

What is an SA and what does it do?

Answer 32

A Security Association is a one-way relationship between sender and receiver.

Specifies the processing to be applied to the datagram from sender tor receiver.

Question 33

What do IPSEC connections require?

Answer 33

Internet Security Association and Key Management (ISAKMP)

IPSec Security Assosication

Question 34

How is ISAKMP implemented?

Answer 34

Diffie-Hellman, IKE, RSA for Key exchange

Pre-shared key, digital signature, public key etc for Authentication

Question 35

What does an IPSec packet consist of?

Answer 35

Initiator's SPI
Responder's SPI
Message Length
SA Payload
Proposal Payload
Transform Payload

Question 36

How do transport mode SAs work?

Answer 36

Operates between hosts

Original IP addresses are readable and hosts do their own AH encapsulation

Question 37

What are the risks of Transport Mode?

Answer 37

IPSec sits within the original IP header, allowing the attacker to make intelligent guesses as to where servers are on a network and build a network picture.

Question 38

How do tunnel mode SAs work?

Answer 38

Operates normally between Security Gateways - used in VPNs

Gateways provide AH/ESP services to other hosts.

Question 39

Why are tunnel mode SAs more secure?

Answer 39

As new IP headers unrelated to sender/receiver are the only thing exposed.

Question 40

Why are SAs created in pairs?

Answer 40

Because it’s unidirectional, so need to have a way to send and respond.

Question 41

How are SAs created?

Answer 41

SPI
Source address
Destination address
Security protocol
Algorithm type
Keys
Key lifetimes
Initialisation vectors (IVs)
Sequence number
Anti-replay
mode of transport

Question 42

How are the list of active SAs stored?

Answer 42

In the SAD database

Question 43

What key exchange protocol is used for SAs?

Answer 43

Internet Key Exchange (IKE)

Question 44

How is SAD searched?

Answer 44

Matches the “Longest” SA identifier (The best match).

1) Search SAD for SPI, Destination address and source address.
2) search SAD for SPI, Destination address
3) Search SAD for SPI
4) Discard packet

Question 45

What rules do IPSec aware hosts need and why?

Answer 45

Rules are required for processing packets.
Need to know:
What packets should be dropped, passed, encrypted or MACed?

Which key and algorithm to apply

Question 46

Where are the rules stored for SAs?

Answer 46

Security Policy Database.

Consulted for each outbound and inbound packet.

Question 47

How are rules looked up in the SPD?

Answer 47

Match can be based on
source and destination addresses
Transport layer protocol
Transport layer port numbers.

A match identifies SA or a group of SAs

Question 48

What is a limitation of IPSec?

Answer 48

Needs a lot of symmetric keys, one for each SA.

Question 49

What are the five steps of IPSec?

Answer 49

1) Host A send traffic to host B
2) Router A and B negotiate IKE phase one session (IKE SA to Ike SA)
3) Router A and B negotiate IKE Phase 2 sessions (IPSec SA to IPSec SA)
4) Information exchanged over tunnel
5) Terminate

Question 50

What security does IKE provide?

Answer 50

Entity authentication of participants
Establishment  of fresh shared secret
Derivations of further keys
Secure negotiation of Algorithms.
DoS resistance

Question 51

What are the different tunnel modes?

Answer 51

VPN

PPTP/L2TP

Question 52

What is a VPN?

Answer 52

Creates secure IP Tunnel that encrypts IP messages with a private address structure

Question 53

What is PPTP?

Answer 53

Point-to-point tunneling, encrypts the whole message which hides the private IP addresses

Question 54

How do SSL and IPsec differ in what they can connect?

Answer 54

SSL connects applications streams

IPSec can connect remote networks and hosts

Question 55

What type of applications can IPSec and SSL connct?

Answer 55

IPSec can connect IP applications

SSL only used for browser or private gate, each of which are setup differently.

Question 56

Where is IPSec more secure than SSL?

Answer 56

IPSec can encrypt source and destination addresses, SSL cant.

Question 57

What are the drawbacks of IPSec?

Answer 57

May require OS support
Requires clients software
Tunnel mode creates visibility to a server’s network
Requires dedicated network layer connection, need extra resources.