Remote Network Access Flashcards
1
Q
Remote Access Policy
A
- Restricts access to defined users and groups
- Defined access during days and times
- Access to only parts of network
- Auditing all logons and attempted logons
2
Q
Tunneling
A
- Source and destination hosts are on same logical network but connected via different physical networks
3
Q
PPP
A
Point-to-Point Protocol
- encapsulation that works at layer 2
- Used for IP packets for transmission over serial digital lines
- no security, so much be used with other protocols to create secure tunnel
4
Q
GRE
A
Generic Routing Encapsulation
- Works at layer 3
- Encapsulates IP packet as its payload
- Outer packet is on protocol number 47 and has own IP source and header fields
- Each hop only inspects outer packet to determine forwarding destination
- At final destination, router decapsulates payload and forwards inner destination
- Has no authentication methods so often used with other protocols for VPNs
5
Q
IPSec
A
IP Security
- Can be used to secure IPv4 and IPv6 communications on local networks or as a remote access protocol
- Operates on layter 3
- Encrypted packets passing over any network
- Often used with other protocols, but is increasingly used as native VPN protocol
6
Q
TLS
A
Transport Layer Security
- Can be used to encapsulate frams and IP packets
- Because it already operates at session layer, inner and outer packets can add overhead
7
Q
Client to Site VPN
A
- Allows connection to VPN gateway on edge of local network over public internet
8
Q
SSL/TLS VPN
A
- Uses certificates to secure tunnel
- SSTP (Secure Socket Tunneling Protocol) is example
- L2TP ( Layer 2 Tunneling Protocol) also widely used with IPSec
- Require client software to operate
- Most use EAP or AAA/Radius to authenticate users and devices
9
Q
Split Tunnel
A
- Client on VPN access internet directly usings its native IP configuration and DNS servces
- Clients browsing uses local internet connection
10
Q
Full Tunnel
A
- Internet access is made through corporate tunnel
- Alters clients IP address and may use a proxy
- Offers better securiy, but NATing and DNS operatinos may cause problems with websites and cloud services
- More data is also channeled through tunnel
11
Q
Remote Host Access
A
- Operating computer without local terminal
12
Q
RDP
A
Remote Desktop Protocol
- Useds to access physical machine on a one-to-one basis
13
Q
Clientless VPN
A
- HTML5 VPN
- Allows ordinary browser software to connect to remote desktop or VPN
- Uses Protocol called WebSockets, which enables bidirectional messages to be sent between server and client without overhead of separate HTTP requests
14
Q
Site-Site VPN
A
- Configured to operate automatically
- Hosts do not need to be configured with information about VPN
- Also referred to as compulsory tunneling
15
Q
Hub and Spoke VPN
A
- Site to site vpn
- Involves multiple remote sites connecting to hub
- VPN router needs to be powerful to handle traffic volumes
- Router referred to as VPN Headend
- They are normally installed in groups for load balancing and fault tolerance