Securing Network Security

Question 1

What is a VPN?

Answer 1

Virtual Private Network

Extends a private network over a public one, enabling users to securely send and receive data

Question 2

What is a Site-to-Site VPN?

Answer 2

Establishes secure tunnels over the public internet for interconnecting remote sites

Question 3

What is a Client-to-Site VPN?

Answer 3

Connects individuals devices directly to the organizations headquarters, enabling remote users to access the network

Question 4

What is a Full Tunnel VPN?

Answer 4

Maximizes security by encrypting all traffic to the headquarters while integrating clients with the network

Offers more security

Question 5

What is a Split Tunnel VPN?

Answer 5

Divides traffic and network requests and then routes them to the appropriate network

Offers better performance

Question 6

What is a Clientless VPN?

Answer 6

used to secure remote access VPN tunnels using a web browser, and it doesn’t require any software or hardware clients to be configured.

Question 7

What is TLS?

Answer 7

Transport Layer Security

A protocol that provides cryptographic security for secure connections and is used for secure web browsing and data transfer

Question 8

What is TCP?

Answer 8

Transmission Control Protocol

Used by TLS to establish secure connections between a client and server, but it may slow down the connection

Question 9

What is DTLS?

Answer 9

Datagram Transport Layer Security

A UDP-based version of TLS protocol that offers the same security level as TLS while maintaining faster operations

Question 10

What is IPSec?

Answer 10

Internet Protocol Security

Protocol suite for secure communication through authentication and data encryption in IP networks

Question 11

What are the 5 main steps to establishing a secure VPN tunnel?

Answer 11

1. Request to start Internet Key Exchange (IKE)
2. IKE Phase 1 - authenticate the parties
3. IKE Phase 2 - negotiate the security association parameters and fully establish the secure tunnel.
4. Data transfer - allow data transfer between the two parties to occur over the secure tunnel using the IPSec parameters and keys that we stored from the security associations that were negotiated back in step three.
5. Tunnel Termination - happens when the security associations are going to be terminated through either a mutual agreement and deletion or due to the timing out of the tunnel because one party became non-responsive.

Question 12

What is Transport Mode?

Answer 12

Employs the original IP header, ideal for client-to-site VPN’s and is advantageous when dealing with MTU constraints

Question 13

What is MTU?

Answer 13

Maximum Transmission Unit

going to be set at 1,500 bytes in most of our networks and may cause fragmentation and VPN problems

Question 14

What is Tunneling Mode?

Answer 14

Employed for site-to-site VPNs and adds a extra header that can increase packet size and exceed the MTU

Question 15

What is the AH?

Answer 15

Authentication Header

provide connectionless data integrity and data origin authentication for IP datagrams, and it provides protection against replay attacks

Question 16

What is ESP?

Answer 16

Encapsulating Security Payload

Employed for proving authentication, integrity, replay protection, and data confidentiality by encrypting the packets payload