IPsec Framework Flashcards
Learning about IPsec, confidentiality, integrity, authentication and Diffie-Hellman (14 cards)
What is triple A? (AAA)
It is a term that means Authentication, Authorization & Accounting.
Authentication is confirming that the user is who he claims to be.
Authorization is granting that user the permissions it has the right to.
Accounting is recording what that user does.
The IPsec protocol consists of what?
Authentication Header (AH) port 51
Encapsulating Security Payload (ESP) port 50
Or both at the same.
What is the Confidentiality part of the IPsec Framework and what options are there?
The confidentiality part is to encrypt the payload.
You can use DES 3DES AES or SEAL to encrypt. It is a symmetrical kind of encryption.
What is symmetrical encryption?
Uses one key.
DES 3DES AES SEAL is symmetrical.
What is asymmetrical encryption?
Uses two keys, one public and one private.
Diffie-Hellman is Asymetric
What is the Integrity part of the IPsec Framework and what options are there?
It is to ensure data has not been altered in transit.
There are two options:
HMAC-Message Digest 5 (MD5)
HMAC-Secure Hash Algorithm 1 (SHA)
What is the Authentication part of the IPsec Framework and what options are there?
The authentication part is to make sure the device on the other end is secure.
There are two methods:
Pre-shared Keys (PSKs)
RSA signatures (one time passwords)
What is SA?
SA means Security Associations.
SAs contain all the security parameters needed to securely transport packets between the peers or hosts, and practically define the security policy used in IPsec.
An SA is a basic building block of IPsec. Security associations are maintained within a SA database (SADB), which is established by each device.
What is Diffie-Hellman in the IPsec Framework?
Diffie-Hellman negotiates the transform set for IKE stage 2.
Diffie-Hellman is asymmetric.
What is IKE and what happens in each stage? Stage 1 and 2. What is PFS?
IKE = Internet Key Exchange
Phase 1 = Authentication (goal to establish an IKE Security Association)
Phase 2 = Establishes IPSec
PFS = perfect forwarding secrecy
What is anti-replay?
Anti-replay is a sub-protocol of IPsec . The main goal of anti-replay is to avoid hackers injecting or making changes in packets that travel from a source to a destination.
What is stream and block cipher?
stream cipher (data passing through a compliance) IP sec SSL HTTPS
block cipher (data at rest)
What is Control, Management & Data Plane?
Control Plane = How traffic is controlled
Routing protocols and the like
Management Plane = Managing devices SSH SNMP SYSLOG NTP
Data Plane = The data in transit and at rest. Data Packets (Payload) Skyddas med kryptering MDS SHA-128 HMAC
What is the difference between transport mode and tunnel mode?
Transport Mode
Does not encrypt original IP HDR (header).
Tunnel Mode
Encrypts original IP HDR and adds a new IP header until it reaches vpn destination.
