Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

General Network Knowledge > IPSec Abbreviations > Flashcards

IPSec Abbreviations Flashcards

1
Q

DES

A
  • Data Encryption Standard
  • Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

PSK

A
  • Pre-shared Key
  • Credential for mutually authenticating peers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

AES

A
  • Advanced Encryption Standard
  • Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

MD5

A
  • Message Digest 5
  • Hashing algorithm that provides data integrity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SHA

A
  • Secure Hash Algorithm
  • Authentication of packet data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does AH stand for and what are 3 services it provides?

A
  • Authentication Header
  • Data integrity
  • Data Authentication
  • Replay protection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does ESP stand for and what 4 services does it provide?

A
  • Encapsulating Security Payload
  • Data Integrity
  • Data authentication
  • Replay protection
  • Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

RSA

A
  • Rivest Shamir Adelman
  • Public Key exchange using digital certificates
  • Mutually authenticates peers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IKE

A
  • Internet Key Exchange
  • Authentication between 2 endpoints
  • Establishes SAs
  • SAs used to carry control and data plane traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ECDSA

A
  • Elliptic Curve Digital Signature Algorithm
  • Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

EAP

A
  • Extensible Authentication Protocol
  • Authentication method for IKEv2
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AES-GCM

A
  • Advanced Encryption Standard Galois/Counter Model
  • Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ECDH

A
  • Elliptic Curve Diffie Hellman
  • Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ISAKMP

A
  • Internet Security Association Key Management Protocol
  • Framework for authentication and key exchanges to build ISAKMP SAs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ESP-GCM

A
  • Encapsulating Security Payload using Galois/Counter Mode
  • Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

GMAC

A
  • Galois/Counter Message Authentication Code
  • Message integrity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Name two HMAC protocols.

A
  • md5
  • sha
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

HMAC

A

Hashed Message Authentication Codes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

DH

A
  • Diffie Hellman
  • Allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure medium
  • The shared secret key then becomes the input used to generate key material that secures the IKE SA.
20
Q

Which 2 transforms provide ESP with data integrity and encryption?

A
  • esp-gcm
  • esp-gmac
21
Q

What are the 2 modes for IKE phase 1 negotiation and how many messages are used by each mode?

A
  • Main mode - 6 messages
  • Aggressive mode - 3 messages
22
Q

What is the advantage and disadvantage of Main mode and Aggressive mode?

A
  • Main mode takes longer but peer identities are hidden
  • Aggressive mode is faster but the peer identities are exposed
23
Q

What are the 6 messages in Main Mode?

A
  • MM1 - Initiator sends SA proposals to Responder
  • MM2 - Responder replies with SA proposal that matched
  • MM3 - Initiator starts DH key exchange
  • MM4 - Responder sends its own key to Initiator
  • MM5 - Initiator starts authentication by sending its IP address
  • MM6 - Responder sends its IP address and completes authentication
24
Q

Name the 5 things that make up the SA proposal.

A
  • Hash algorithm - MD5 or SHA
  • Encryption algorithm - DES, 3DES, or AES
  • Authentication method - PSK or Digital Certificates
  • DH group - Group 1, 2, 5, and so on
  • Lifetime - how long until Phase 1 tunnel will be torn down
25
Q

What is the default lifetime for the Phase 1 tunnel?

A

24 hours

26
Q

What are the 3 messages exchanged in Aggressive Mode?

A
  • AM1 - Initiator sends SA, KEi, Ni, and IDi
  • AM2 - Responder accepted SAr, KEr, Nr, IDr, and AUTH
  • AM3 - Initiator sends AUTH
27
Q

What are the 3 messages sent during phase 2?

A
  • QM1 - initiator sends agreed upon algorithms from phase 1 and Traffic Selector
  • QM2 - responder sends agreed upon algorithms from phase 1 and Traffic Selector
  • QM3 - acknowledges the responder’s previous message
28
Q

What is the name of the mode used during phase 2 IPsec SA establishment?

A

Quick mode

29
Q

During IKE phase 1 how many tunnels are built?

A

One single bi-directional tunnel.

30
Q

During phase 2 how many tunnels are built?

A

2 unidirectional tunnels - one in each direction

31
Q

PFS

A
  • Perfect Forwarding Security
  • Optional function for phase 2
  • Provides for additional session keys not derived from previous ones
32
Q

At what point during phase 1 main mode is encryption started?

A

After the DH public key exchange is completed (after MM4)

33
Q

Describe the Main Mode messages from a high level.

A
  • the first pair negotiate cryptographic ciphers
  • the second pair exchange key material
  • the third pair are encrypted and prove the identity.
34
Q

What are 3 methods the IKE peers can authenticate each other?

A
  • Pre-shared key
  • RSA signatures
  • RSA encrypted nonces
35
Q

What are 2 values used for IDs?

A
  • IP address
  • FQDN
36
Q

SPI

A
  • Security Parameter Index
  • Randomly generated 32-bit value that is used by a receiver to identify the SA to which an incoming packet should be bound.
37
Q

How does IPsec provide access control?

A

By defining Traffic Selectors

38
Q

Another name for anti-replay?

A

Anti MiTM

39
Q

Another name for encryption?

A

Confidentiality

40
Q

Data Integrity (2 things)

A
  • Packet hasn’t been altered
  • Source of the packet has been verified
41
Q

How is Data Integrity accomplished?

A
  • Source device computes a HASH (md5 or SHA) based on shared secret and packet contents
  • The keyed HASH inserted in the ICV field of the packet
  • Destination decrypts HASH using the shared secret to validate data integrity
42
Q

What are the 3 packet headers for AH in transport mode?

A
  • Original IP header
  • AH header
  • Original packet
43
Q

What are the 3 packet headers for AH in tunnel mode?

A
  • New IP header
  • AH header
  • Original packet
44
Q

What are the 5 headers for ESP in transport mode?

A
  • Original IP header
  • ESP header
  • Original Data
  • ESP trailer
  • ESP Auth
45
Q

What are the 5 packet headers for ESP in tunnel mode?

A
  • New IP header from IPsec
  • ESP header
  • Original Packet
  • ESP trailer
  • ESP auth

General Network Knowledge (29 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions