1.4 Other Useful Protocols Flashcards
N10-009 Obj. 1.4 Explain common networking ports, protocols, services, and traffic types (14 cards)
What is ICMP used for in networking?
ICMP (Internet Control Message Protocol) is used to send control and error messages, such as checking device reachability (e.g., with ping) and reporting unreachable networks or TTL expiration.
Does not use TCP or UDP; it is its own protocol.
Transcript: “ICMP is another protocol carried by IP… it’s most commonly associated with a way to send a message to a device to see if it’s alive and operating on the network.” (0:08–0:43)
What protocol does the ping command use to test network connectivity?
The ping command uses ICMP to check if a host is reachable and operational.
Transcript: “Whenever you use the ping command to ping an IP address on the network, it’s using ICMP to provide that ping functionality.” (0:47–0:56)
What is GRE and what does it do?
GRE (Generic Routing Encapsulation) encapsulates packets to create tunnels between endpoints, often used with VPNs. GRE does not provide encryption.
We will need to provide additional VPN protocols to encrypt the data we are encapsulating in a GRE tunnel.
Transcript: “Another common protocol on our network is GRE… You’re creating this tunnel using GRE… This allows us to encapsulate information within an IP packet…” (1:22–1:45)
What is a VPN and what does it provide?
A VPN (Virtual Private Network) creates an encrypted connection over a public network, ensuring confidentiality and security for transmitted data.
Transcript: “These VPN protocols are referred to as Virtual Private Network protocols… to encrypt or protect any data being sent across one of those tunnels.” (2:02–2:09)
What is a VPN concentrator and what is its purpose?
A VPN concentrator is a hardware or software appliance that manages VPN tunnels by performing encryption/decryption and handling multiple connections.
Often integrated into a firewall
Transcript: “It’s often common to use a purpose-built appliance to provide this encryption and decryption… We refer to this as a VPN concentrator.” (2:11–2:22)
What is a site-to-site VPN?
A site-to-site VPN connects two separate networks (e.g., corporate and remote site) over a public network using VPN concentrators (typically firewalls/routers).
Transcript: “This is a common site-to-site VPN configuration where a corporate network may be connected to a remote site over a public network such as the internet… But all of this traffic… is being encrypted using this VPN technology.” (2:44–3:10)
What is IPSec and what are its key features?
IPSec (Internet Protocol Security) is a standard for encrypting and authenticating data across IP networks. It provides encryption, integrity, and anti-replay protection.
Security for OSI Layer 3
* Authentication and encryption for every packet
Two core IPSec protocols
* Authentication Header (AH)
* Encapsulation Security Payload (ESP)
Transcript: “This stands for Internet Protocol Security, and it’s one of the most popular ways to encrypt data being sent across these VPNs… which includes integrity and anti-replay functionality.” (3:17–3:34)
Why is IPSec often used between firewalls from different vendors?
Because IPSec is a standard protocol, it allows interoperability between devices from different manufacturers.
Transcript: “Because IPSec is such a standard protocol, those two firewalls can easily connect to each other and transfer information over that IPSec tunnel.” (3:52–4:00)
What does the Internet Key Exchange (IKE) protocol do in IPSec?
IKE negotiates encryption keys and security settings between VPN peers, establishing the secure tunnel (Security Association).
Transcript: “Those steps are referred to as the Internet Key Exchange, or IKE. Internet key exchange allows both sides of the conversation to agree on the encryption and decryption keys…” (4:25–4:35)
What are the two phases of Internet Key Exchange (IKE)?
Phase 1: Establishes the ISAKMP tunnel (UDP port 500) using Diffie-Hellman.
* ISAKMP: Internet Security Association and Key Management Protocol
Phase 2: Negotiates the encryption ciphers and keys for data transmission (ESP tunnel).
Transcript: “The first phase commonly uses Diffie-Hellman… We refer to this as ISAKMP… In phase two, we coordinate which ciphers should be used… and it negotiates both the inbound and outbound security association…” (4:48–5:16)
What are the two modes of IPSec, and how do they differ?
Transport Mode: Encrypts only the IP payload; original IP header is visible.
Tunnel Mode: Encrypts both the original IP header and payload; adds a new IP header.
Transcript: “If we use transport mode to send this IPSec data… Anything within the data portion… will be encrypted… In tunnel mode… the original IP header and data is all encrypted.” (5:58–6:44)
When would you use IPSec Tunnel Mode over Transport Mode?
Tunnel Mode is preferred for higher security, as it fully encrypts the original IP header and payload.
Transcript: “It’s probably not too surprising that most implementations of IPSec are going to use the tunnel mode to ensure the highest level of encryption of your original data.” (7:01–7:10)
What does the Authentication Header (AH) protocol in IPSec provide?
AH ensures integrity and authenticity of data but does not encrypt it. It includes a hash to verify that the data hasn’t been altered.
Hash of the packet and a shared key
* MD5, SHA-1, or SHA-2 are common
* Adds the AH to the packet header
Transcript: “AH is used to validate the information that you’re receiving over an IPSec tunnel… you’re including some additional hashing to ensure the integrity of this data.” (7:21–7:39)
What does the Encapsulation Security Payload (ESP) protocol in IPSec do?
ESP encrypts the original data and includes authentication. It adds new IP and ESP headers and an integrity check value.
Transcript: “ESP encrypts the original data… and then put around this packet a new IP header and ESP header and an integrity check value…” (7:50–8:14)
