Module G7: Network Tunneling (PE) Flashcards
What is a protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol Network?
IPsec
CPsec
IPv4Sec
None of the above
IPsec
IPsec was originally developed to cover for IPv4 coming out, enhancing their end to end security via securing applications at which layer in the OSI model?
Layer 1
Layer 2
Layer 3
Layer 4
Layer 3
What does IPsec allow for the capability to do?
Establish a mutual authentication between agents at the beginning of a session
Negotiation of cryptographic keys to use during the session
Protect data flows between a pair of hosts, a pair of networks, or between a gateway and a host
Use cryptographic security services to protect communications over IP networks
All of the Above.
All of the Above
Which main protocol provides trusted identification and proof that data was not changed, but does not provide encryption or privacy?
Authentication header
Which main protocol provides source integrity through source authentication, data integrity through hash functions, and confidentiality through encryption protection for IP packets?
ESP
Encapsulated Security Payload
Which main protocol is used to negotiate the connection using configurations and preferences at each end of the connection to establish the security protocols to be used?
Internet Key Exchange
Which version of IKE uses Diffie-Hellman public key exchange over the course of 3 or 6 messages?
IKEv1
Which version of IKE uses four messages, with built-in NAT functionality and supports Asymmetric authentication?
IKEv2
Generic Routing Encapsulation (GRE) is a tunneling protcol developed by who?
Cisco
When encapsulation, GRE uses a process ID (PID) of ___ in the added header?
47
GRE can encapsulate a wide variety of network layer protocols inside either virtual _________ links or Point-to-Multipoint links over the IP Network?
Point-to-Point
What provides a secure channel over an unsecured network by using a client–server architecture?
ssh
SSH is typically used in _____ systems, but can be used on Windows as well.
UNIX-like
This type of SSH authentication, known as ____ generated, is where users/programs are allowed to log in without needing to specify a password.
manually
This type of SSH authentication, known as ____ generated, is where each user will use a password to log on.
automatically
SSH can be used for logging into a remote machine, tunneling, forwarding TCP ports, ___ connections, or transferring files.
X11
SSL builds the tunnel, encrypts the information, AND ____ the data along the network.
routes
A major weakness of SSL is that when you are capturing network packets, it shows the ____ of encryption/ciphers that the communication is using.
methods
____ is the successor to Secure Sockets Layer (SSL) as a cryptographic protocol that provides secure communications over networks.
TLS
TLS is widely used in email, Instant Messaging, VoIP, and most notably in ____.
https
Encryption for TLS is performed at the ____ _____ _____.
TCP Socket Layer
______ is the most basic version of TLS and has many vulnerabilities.
TLSv1.0
______, like 1.0, holds more security issues than later versions, and while it is very common, should not be used.
TLSv1.1
______ is the most secure version of TLS today, offering the least vulnerability surface compared to the rest.
TLSv1.2
______ was released to make IoT devices compatible with secure communication, sacrificing some security for more speed.
TLSv1.3
Prior to HTTP Tunneling, people used HTTP _____.
proxying
HTTP Proxying, much like the protocol, is _____, which is rarely useful.
unencrypted
Because of unencryption, for reliable securtity, _______ Encryption is needed to protect your data from the proxy.
end-to-end
_____ _____is the more encrypted version of HTTP Proxying.
HTTP Tunneling
_____ _____is the most common form of HTTP tunneling.
HTTP Connect
A disadvantage of HTTP Connect is that it only supports ___ traffic, not UDP.
TCP
