Remote Network Access Flashcards

1
Q

Remote Access Policy

A
  • Restricts access to defined users and groups
  • Defined access during days and times
  • Access to only parts of network
  • Auditing all logons and attempted logons
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Tunneling

A
  • Source and destination hosts are on same logical network but connected via different physical networks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

PPP

A

Point-to-Point Protocol

  • encapsulation that works at layer 2
  • Used for IP packets for transmission over serial digital lines
  • no security, so much be used with other protocols to create secure tunnel
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

GRE

A

Generic Routing Encapsulation

  • Works at layer 3
  • Encapsulates IP packet as its payload
  • Outer packet is on protocol number 47 and has own IP source and header fields
  • Each hop only inspects outer packet to determine forwarding destination
  • At final destination, router decapsulates payload and forwards inner destination
  • Has no authentication methods so often used with other protocols for VPNs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IPSec

A

IP Security

  • Can be used to secure IPv4 and IPv6 communications on local networks or as a remote access protocol
  • Operates on layter 3
  • Encrypted packets passing over any network
  • Often used with other protocols, but is increasingly used as native VPN protocol
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TLS

A

Transport Layer Security

  • Can be used to encapsulate frams and IP packets
  • Because it already operates at session layer, inner and outer packets can add overhead
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Client to Site VPN

A
  • Allows connection to VPN gateway on edge of local network over public internet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SSL/TLS VPN

A
  • Uses certificates to secure tunnel
  • SSTP (Secure Socket Tunneling Protocol) is example
  • L2TP ( Layer 2 Tunneling Protocol) also widely used with IPSec
  • Require client software to operate
  • Most use EAP or AAA/Radius to authenticate users and devices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Split Tunnel

A
  • Client on VPN access internet directly usings its native IP configuration and DNS servces
  • Clients browsing uses local internet connection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Full Tunnel

A
  • Internet access is made through corporate tunnel
  • Alters clients IP address and may use a proxy
  • Offers better securiy, but NATing and DNS operatinos may cause problems with websites and cloud services
  • More data is also channeled through tunnel
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Remote Host Access

A
  • Operating computer without local terminal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

RDP

A

Remote Desktop Protocol

- Useds to access physical machine on a one-to-one basis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Clientless VPN

A
  • HTML5 VPN
  • Allows ordinary browser software to connect to remote desktop or VPN
  • Uses Protocol called WebSockets, which enables bidirectional messages to be sent between server and client without overhead of separate HTTP requests
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Site-Site VPN

A
  • Configured to operate automatically
  • Hosts do not need to be configured with information about VPN
  • Also referred to as compulsory tunneling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Hub and Spoke VPN

A
  • Site to site vpn
  • Involves multiple remote sites connecting to hub
  • VPN router needs to be powerful to handle traffic volumes
  • Router referred to as VPN Headend
  • They are normally installed in groups for load balancing and fault tolerance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

DMVPN

A

Dynamic Multipoint VPN

  • Allows VPNS to be set up dynamically for traffic requirments and demand
  • Allows for dynamic mesh topology between remote sites
  • Sets up multiple direct vpns, rather than using a hub
  • Each sites router is still connected to hub using IPSec tunnel
  • Direct VPNs can be negotiated by hub router
  • Can be more efficient and reduce jitter and latency
17
Q

IPsec Policy

A
  • Sets the authetication method and protocols to create secure connection on local network or as remote access
  • Each host must be able to match at least one method
  • Two main protocols, Authentication Header and Encapsulation Security Payload
18
Q

AH

A

Authentication Header

  • Performs hash on whole packet, including header plus a shared key and adds secret in header as ICV ( Integrity check value)
  • Recipient performs same function to confirm packet has not been modified
  • Does not encrypt packet
  • Not often used
19
Q

ESP

A

Encapsulating Security Payload

  • Provided confidentiality authentication and integrity
  • Attaches three fields to packet: A header, a trailer (providing padding to cryptographic function) and an integrity check value.
  • Unlink AH, ESP excludes the IP Header when calculating the ICV
20
Q

IKE

A

Internet Key Exchange Protocol

- Handles authentication and key exchange for things like IPSec

21
Q

IPSec Transport Mode

A
  • Used to secure communications between hosts on private network
  • When ESP is applied, IP Header is not encrypted, just payload data
22
Q

IPSEC Tunnel Mode

A
  • Used for VPN gate communication
  • Whole packet, Header and payload is encrypted with ESP
  • Then encapsulated as datagram with new IP Header
23
Q

RAS

A

Remote Access Server
- Should be accompanied by documentation describing the uses of the service, security risks and countermeasures and authorized users of the service

24
Q

Console Port

A
  • Interface for managing appliance
  • Requires connection running terminal emulator(like a laptop) using a special cable
  • Emulator then uses CLI (command line interface)
25
Q

AUX Port

A
  • Means to access appliances management interface
  • Connects to analog modem and provides access via a dial-up link
  • Remote host can connect to appliance CLI using emulators like HyperTerminal or PuTTy
26
Q

Management Port

A
  • Mean of configuring virtual network interface via one of the normal ethernet ports
  • Port must be enabled for management
  • Using Telnet or SSH to connect remotely over management interface is referred to as virtual terminal