VPN & Concentrators Flashcards
List the 4 types of VPNs
1) Client-to-site (Remote-Access)
2) Host-to-Host VPN
3) Site-to-Site VPN
4) Extranet VPN (allows organizations suppliers/partners to connect to the network)
List the 5 tunnelling protocols covered in CompTIA
1) DTLS - Datagram Transport Layer Security
2) L2TP
3) GRE (generic routing encapsulation)
4) IPsec
5) PPTP
Which two major protocols work inside IPSec?
What are their protocol numbers?
1) AH - Authentication Header (responsible for providing integrity and authentication using Integrity Value Check i.e. IVC). Protocl number 51
2) ESP - Encapsulating Security Payload (responsible for encryption)/ Protocol number 50
What is the protocol number of the Encapsulating Security Payload (ESP) and the Authentication Header? (AH)
ESP = 50 AH = 51
What uses Internet Key Exchange, what port does it use and what does it do?
IPsec uses IKE over port 500 to authenticate clients in the IPSec conversation before data is transmitted.
What happens in a split tunnel VPN?
The administrator decides which traffic should go through the VPN and which can use the ordinary internet
What’s the purpose of NAC regarding employees using devices not directly managed by the business to connect into the corporate network over a VPN?
Network Access Controls are required to ensure that insecure devices not directly managed by the organization are appropriately assessed and controlled before being allowed access to the network
List 3 common ‘host health checks’ a NAC system may check for posture assessment on devices connecting over the VPN
What is used to carry out these checks?
up to date anti-virus and signatures
up to date OS
firewall enabled on the client
authentication (or health) agents on the clients check the conditions of a computer and report back to the NAC health server.
When are persistent NAC agents most commonly used?
used for COPE (Corporation-Owned, Personally enabled) devices and approved devices to connect remotely into the organization
In Network Access Control, what can help support the assessment of endpoints (devices) not owned by the organization and help make BYOD policy possible?
Nonpersistent agents
In NAC, a nonpersistent or dissolvable agent is one that…
is used to access the device only during log-in, usually through a web portal. It is removed when authentication has taken place.
What is the key difference between MS-CHAP and MS-CHAPv2?
v2 can do mutual authentication of both client and server
What authentication method is used to overcome the limitations of RADIUS? How?
Diameter
It can encrypt the authentication process using EAP
What is one of the limitations of RADIUS authentication?
It only encrypts the password, but not the entire authentication conversation.
Which authentication method developed by Cisco allows for interaction with Kerberos?
TACACS+ (Terminal Access Controller, Access-Control System)
