Other Useful Protocols - CompTIA Network+ N10-009 - 1.4 Flashcards
ICMP
Protocol. “Text message your device.”
Ping command, TTL
GRE
Generic Routing Encapsulation -
The “tunnel” between two end points
Encapsulates traffic inside of IP
no built in Encryptions
VPN
Protocol that uses a set of rules to transmit data between a device and a VPN server.
IPSec
Protocol that provides level of encryption over a tunnel.
Provides digital signatures in every packet
What are the two core IPSec protocols
Authentication Header (AH), Encapsulation Security Payload (ESP)
Steps before IPSec can send encrypted data across the network
Internet Key Exchange (IKE)
Internet Key Exchange (IKE)
A Security Association (SA) -
Allows both sides of the convo to agree on the encryption and decryption keys to be used for duration of VPN tunnel -
What are the two phases to key exchange process?
Phase 1 Use Diffie-Hellman to create a shared secret key
udp/500
ISAKMP Internet Security Association and Key Management Protocol
Phase 2
Coordinate ciphers used for encryption and key sizes
And Negotiates an inbound and outbound SA for IPsec tunnel
Phase 2 ISAKMP Tunnel ESP Tunnel
Coordinate Ciphers and key sizes
Negotiate an inbound and outbound SA for IPsec
ISAKMP tunnel is built at which phase of SA
1
UDP/500
WHat happens at phase 2 of the IKE
Includes encrypted data over ESP tunnel. Gives us foundation to send encrypted data over IPSec tunnel.
transport mode
a IPsec header placed between the data as header and footer. Leaving the original IP header in front.
tunnel mode
original IP header is and data is all encrypted. Given a new IP header and ipsec headers and trailers we saw in transport mode.
Which version of IPSec mode gives you the most protection of original data?
tunnel
AH
it validates info you receive over ipsec tunnel. as AH header.
