Remote Access

Question 1

IPSec (Internet Protocol Security)

Answer 1

• Security for OSI Layer 3
  
  • Authentication and encryption for every packet
• Confidentiality and integrity/anti-replay
  
  • Encryption and packet signing
• Very standardized
  
  • Common to use multi-vendor implementations
• Two core IPSec protocols
  
  • Authentication Header (AH)
  • Encapsulation Security Payload (ESP)

Question 2

SSL VPN (Secure Sockets Layer VPN)

Answer 2

SSL VPN (Secure Sockets Layer VPN)
• Uses common SSL/TLS protocol (tcp/443)
  • Avoids running into most firewall issues

• No big VPN clients
  
  • Usually remote access communication

• Authenticate users
• No requirement for digital certificates or shared
passwords (like IPSec)

• Can be run from a browser or from a light VPN client
  
  • Across many operating systems

Question 3

Site-to-Site VPNs

Answer 3

• Encrypt traffic between sites
• Through the public Internet
• Use existing Internet connection
• No additional circuits or costs

Question 4

Host-to-Site VPNs

Answer 4

• Also called “remote access VPN”
• Requires software on the user device
• May be built-in to existing operating
system

Question 5

DTLS VPN

Answer 5

• Datagram Transport Layer Security
  
  • The security of SSL/TLS, the speed of datagrams
  • Transport using UDP instead of TCP
• TCP brings some great features
  
  • Packet reordering
  • Retransmission of lost/dropped data
• TCP sometimes gets in the way
  
  • Streaming, VoIP
  • When you lose a packet, it’s too late to recover it

Question 6

Remote desktop access

Answer 6

• Share a desktop from a remote location
  
  • It’s like you’re right there
• RDP (Microsoft Remote Desktop Protocol)
  
  • Clients for Mac OS, Linux, and others as well
• VNC (Virtual Network Computing)
  
  • Remote Frame Buffer (RFB) protocol
  • Clients for many operating systems

• Commonly used for technical support - and for
scammers

Question 7

SSH (Secure Shell)

Answer 7

• Encrypted console communication -
tcp/22
• Looks and acts the same as Telnet -
tcp/23

Question 8

Web-based management console

Answer 8

• Your browser
  
  • The universal client

• Manage a device from an encrypted web-based
front-end
• Connect to the HTTPS URL and login

• The important features are in the browser
  
  • You may need the CLI for the detailed operations

Question 9

Out-of-band management

Answer 9

• The network isn’t available
  
  • Or the device isn’t accessible from the network
• Most devices have a separate management interface
  
  • Usually a serial connection / USB
• Connect a modem
  
  • Dial-in to manage the device

• Console router / comm server
• Out-of-band access for multiple devices
• Connect to the console router, then choose where
you want to go

Question 10

Transferring files

Answer 10

• FTP – File Transfer Protocol
  
  • Transfers files between systems
  • Authenticates with a username and password
  • Full-featured functionality (list, add, delete, etc.)
• FTPS
  
  • FTP over SSL (FTP-SSL)
  • File Transfer Protocol Secure
  • This is not SFTP

• SFTP
  • SSH File Transfer Protocol
  • Provides file system functionality
  • Resuming interrupted transfers, directory listings,
     remote file removal

• TFTP – Trivial File Transfer Protocol
  
  • Very simple file transfer application
  • Read files and write files
  • No authentication
  • May be used to download configurations
  • VoIP phones