Upgrade to remove ads
CCNA Security Ch 8
Get Quizlet's official CCNA - 1 term, 1 practice question, 1 full practice test
Terms in this set (28)
Used to create private network connection over third party networks. uses a tunnel to enable users to access central site resources. no guarantee information remains secure while travelling through the tunnel.
Benefits of VPN
Access is strictly controlled. Permit only connections which are defined. Can reduce costs. Increase remote connection bandwidth. Alows organisation to use the internet. Easy to add users without large infrastructure changes. High security. Advanced encryption and authentication.
Types of VPN
Two types of VPN. Remote access. Site to site VPN.
Created when VPN information is not statically set up. Allows dynamic changing connection information. Can be enabled or disabled when neeeded.
Site to site VPN
Devices on both sides of VPN are aware of the VPN config in advance. VPN remains static and internal hosts have no knowledge that a VPN exists.
Components of remote access
Mobile user just needs to connect to internet to communicate with the office.
Portable computer does not have VPN set up at all times.
Components of site to site VPN
Host sends traffic through VPN gateway. Gateway encapsulates and encrypts outbound traffic from certain site and sent it through a VPN tunnel to another VPN gateway at the other site.
Site to site vpn technologies
MPLS. DMVPN. GETVPN.
Multiprotocol label switching. Customer host devices are atached to edge devices. When new device added the provider edge only needs updating.
Combines next hop resolution protocols , IPSEC and encapsulation. Provides secure connectivity between all location.
VPN traffic that enters an interface may also be routed out of the same interface. Traffic must pass through VPN terminating device for one device to contact another.
If VPN traffic must be split between traffic destined for the corporate subnets and traffic destined for tthe internet. If traffic destined for corporate subnet must pass through VPN tunnel. Else it is unencrypted and sent to the internet.
Defines how a vpn can be secured across a network. Provides several security functions :
Confidentiality. Integrity. Authenticatioi. Secure key exchange.
Achieved by encrypting data. Security depends on length of key used iin encryption. The longer the key the better.
ensures that you're communicating with the right person. Authentication takes place before the tunnel is secure.
Authentication header. Encapsulation security protocol.
Applies one way hash on packet to create a hash. hash combined with text and transmitted in plaintext. function applied to the entire packet. Fileds that change during transit are called mutable fields. Provides data authentication and integrity. Does not provide data confidentiality.
ip header and data payload are hashed using shared secret key. Hash builds new ah header. which is inserted into the original packet. New packet is transmitted to the IPSec peer router. peer router hashes the IP header and data payload. using the shared secret key. extracts transmitted hash from header. compares the two values.
encrypts payload, provides confidentiality. If ESP selected as ipsec protocol, encryption protocol must also be selected. Default is DES. Payload encrypted and sent through hash algorithm. Connection established between source and dest. Destination uses sliding window.
Security provided for transport layer and above. Protects payload of the packet, leaves origin ip as plain text. Original IP used to route packet through the internet.
Provides security for whole packet. packet encrypted then encapsulated in another ip packet. known as IP in IP encryption. IP on the outside ip packet is used to route the packet through the internet.
Key management protocol. IKe negotiates Ipsec security associations. enables secure communications.
ISAKMP tunnel initiated when host sends interesting traffic.
(Traffic is interesting if it travels between peers and meets criteria defined by an acl)
IKE phase 1 begins. Peers negotiate ISAKMP SA policy. One policy is agreed, secure tunnel is created.
IKE phase 2 begins, IPsec peers use tunnel to negotiate the SA policy. (Determines how tunnel is established).
IPsec tunnel created. data transfered between peers based on the IPsec SA.
Tunnel terminates when IPsec SA are manually deleted or when lifetime expires.
site to site vpn tech
site to site vpn requires configuring settings for ike phase 1 and 2. both sites configures with ISAKMP to ensure a ISAKMP tunnel can be created. Sites configured to ensure that an ipsec tunnel is created within the ISAKMP tunnel.
Identify interesting traffic
A permit access list entry is used to define interesting traffic.
Five security associations to configure
Hash. Authentication. Group. Lifetime. Encryption.
Lists security associations that an IPsec peer is willing to use to establish an IKE tunnel
Diffie hellman is an algorithm used for key exchange. public key exchange method.
THIS SET IS OFTEN IN FOLDERS WITH...
CCNA Security Ch 4
CCNA Security Ch 9
CCNA Security Ch 7
CCNA Security Ch 3
YOU MIGHT ALSO LIKE...
CIS 480 Chapter 11
CCNAS CH 8
Security chapter 8
Chapter 11 Review - ITSY 2301
OTHER SETS BY THIS CREATOR
WWW & HTTP