Site to site vpn Flashcards Preview

Applied Networking Security > Site to site vpn > Flashcards

Flashcards in Site to site vpn Deck (27):
1

What are the two main protocols of IPSec?

Authentication header (ah)
Encapsulation security payload (ESP)

2

Layer protocol is IPSec?

Layer 3 protocol suite to secure re data in transit via VPN

3

What is the Athenticating header (AH)/ what does it provide?

Provides integrity, authentication and anti-replay
- Does not provide confidentiality

4

what does Encapsulating Security Payload (ESP)provide?
Where can it work?

Provides CIA+A •Which is why ESP is most often used •Can work in Transport mode - host to host
-Can work in Tunnel mode - network to network

5

What is Internet Security Association and Key Management Protocol (ISAKMP)?

Internet Security Association and Key Management Protocol (ISAKMP)
-Protocol for establishing Security Associations (SAs)
-Defines process for peer authentication

6

What is Security Associations (SAs)?

Set of agreed upon parameters parameters between peers to ensure communication security
-Unidirectional - one each direction between peers

7

What are the two phases of Internet key exchange?

Phase 1 (IKEv1), IKE_SA (IKEv2)
Phase 2 (IKEv1), CHILD_SA (IKEv2)

8

The Internet Key Exhchange builds _______ between _______

Security Associations (SAs)
peers

9

What are the two versions of IKE?

IKEv1 and IKEv2

10

Phase 1/IKE_SA does what?

Establishes secure channel between peers •Manages channel - key renewal, etc. - like a control plan

11

Phase 2/CHILD_SA does?

Establishes second secure channel •Encrypts, decrypts and transports data - like a data plane

12

What are the IOS PSK VPN Configuration Steps?(6)

configure ISAKMP phase 1 policy
•Configure ISAKMP pre-shared key to target VPN IP •Configure traffic to allow through VPN
•Create access list referencing source and destination networks •Configure IPSec transform set
•Configure crypto map •Apply crypto map to outbound interface

13

IKE Phase 2

•Child connection established right after Phase 1
•Negotiates connection type and encryption parameters •SA is formed and parameters stored in SA database
•SPI field in IPSec header points to SA to reference to ensure proper keys use

14

IKE Phase 1

•Negotiates connection parameters
•Hash algorithm, encryption algorithm, Diffie-Hellman group, authentication method (shared key or RSA), connection lifetime •Diffie-Hellman exchange establishes shared symmetric key
•Peers authenticate

15

What is transport mode

Host to host

16

What is tunneling mode

Transmitting data between network to network

17

What does isakmp do?

Negotiation of the tunnel (ime phase 1 and 2)
Transmits data over the tunnel

18

Duffie helman algorithm is used to

Establish a secret key between two vpn endpoints over insecure channel

19

What is a hashing algorithm? And example?

It provides data integrity
Eg: MD5, SGA1

20

Phase 1 of ike negotiates matching transform sets to protect ___________

IKE exchange

21

Ike/ike2 provides a framework for ______ negotiation and ____ exchange

Policy negotiations and key exchange

22

Esp provided an ecapsulation for ________ and ______ for user purposes

Encryption and authentication

23

phase one of isakmp helps with ________

Management.
Negatiote a security association

24

What is part of a policy set

Authenticatuon
dH
Encryption
Hash
Key

25

Phase 2. Goal is to create ________ ________

Security associations (protects user data)

26

Ipsec SA is ______ directional

Uni directional
Out bound and inbound

27

Iskamp sa is _________ directional

Bi directional