Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
41 Cards in this Set
- Front
- Back
|
You control IPSec by using a policy configuration that you manage in _ _ _ _
|
IP Security Policy Managemen
|
|
|
To configure IPSec policies for computers, you must have the appropriate administrator rights to _ _ or be a member of the local system's _ group.
|
Group Policy
Administrators |
|
|
Managing IPSec Policies:
Manage only the computer on which the console is running, Click _ _ |
Local Computer.
|
|
|
Manage IPSec policies for any domain members Click _ _ _ for this computer's _ .
|
Manage domain policy for this computer's domain
|
|
|
Manage IPSec policies for a domain of which the computer that is running this console is not a member Click _ _ policy for _ _.
|
Manage domain
another domain |
|
|
Using Predefined IPSec Policies
Client (Respond Only) This policy is for computers that _ _ _secure communications enables _ with computers requesting _ |
do not require
negotiation IPSec |
|
|
Using Predefined IPSec Policies
Server (Request Security) -This policy is for computers that require secure communications _ _ _ _ -enables the computer to accept _ _, but always attempts to _ _ _ by requesting security from the original sender. - This policy allows the entire communication to be _ if the other computer is _ _ for IPSec. |
most of the time
unsecured traffic secure additional communications unsecured not enabled |
|
|
Using Predefined IPSec Policies
Secure Server (Require Security) This policy is for computers that _ require _ communications. - This policy _ _ incoming communications, and outgoing traffic is _ _. |
always
secure rejects unsecured always secured |
|
|
The transport mode _ and _ data flowing between any two computers running Windows 2000
|
authenticates
encrypts |
|
|
_ _ is the default IPSec mode.
|
Transport mode
|
|
|
The transport mode provides _ for the network and can potentially support a secure connection with _ _ _ _ computer
|
security
more than one other |
|
|
_ mode is used to create secure communications for remote networks.
|
Tunnel
|
|
|
The advantage of tunnel mode is that data is _between the two tunnel ends, regardless of the _.
|
secure
destination |
|
|
When you configure IPSec for tunnel mode, _ communications between networks are _, without requiring you to _ _on each computer.
|
all
secure configure IPSec |
|
|
Tunnel mode for IPSec _ and _ data flowing within an IP tunnel that is created between two _
|
authenticates
encrypts routers |
|
|
Windows 2000 requires _ _ _ to implement tunnel mode for IPSec.
|
Routing and Remote Access
|
|
|
Windows 2000 supports _ tunnel mode connections, but only _ _ at a time. Each tunnel connection requires a _ rule.
|
multiple
one tunnel separate |
|
|
You can create_ IPSec policies to select which _ require _ and the security _ that are used for encryption
|
customized
computers encryption methods |
|
|
IPSec policies use _ to govern how and when a policy is invoked
|
rules
|
|
|
A rule provides the ability to initiate and control secure actions based on the _ , destination, and _ of IP traffic.
|
source
type |
|
|
Each IPSec policy may contain _ rules.
|
multiple
|
|
|
Components of a Rule:
Tunnel _ _ Type _ Method IP _ List _ Action |
Endpoint
Network Authentication Filter Filter |
|
|
Encryption types:
SHA - FIPS accepted for U.S. _ _. This high-security method uses a _ bit key. |
government contracts
160 |
|
|
Encryption types:
MD5 - Most widely used method for _ _. This high-security method uses a single _ bit key and has a _ performance overhead. |
commercial applications
128-bit lower |
|
|
56-bit DES - Method used for most _ applications and _ business traffic, such as e-mail. This low-security method uses a single _ bit key.
|
exported
low-security 56-bit |
|
|
40-bit DES Method supported for application exports to _. This low-security method uses a single _-bit key. The _-bit Data Encryption Standard (DES) is not _ compliant.
|
France
40-bit 40 RFC |
|
|
3DES _ _ method. Uses _ _-bit keys. 3DES processes each block three times, using a unique key each time. This high-security method increases processor utilization by a factor of about 2.5 compared with other DES encryption.
|
Most secure
3 56 |
|
|
Before secured data can be exchanged, a _ _ between the two computers must be established
|
security association (SA)
|
|
|
In an SA, both computers _ how to exchange and protect information.
|
negotiate
|
|
|
The initiating computer sends an _ _of potential security _to the responding _.
|
offer list
levels peers |
|
|
The responder either _ _ _ accepting the offer, or discards the offer and sends back a message indicating that _ _was chosen.
|
sends a reply
no offer |
|
|
If the active policies allow _ communications with non-IPSec-capable computers, a _ _ is established.
|
unsecured
soft SA |
|
|
If active policies are compatible, a _, or _ _is established.
|
secured
hard, SA |
|
|
IPSec at the _ _level provides protection for server applications and services, without _ those server applications and services that use IP for transport of data.
|
IP transport
modifying |
|
|
By default, the Secure Server policy is _
|
disabled
|
|
|
IPsec is a security service that gives administrators the ability to apply various security methods to the _ data packet regardless of which program generates the data.
|
IP
|
|
|
Your organization operates on an IP-based network. You want to provide secure end-to-end security for your intranet by securing all IP-based traffic to and from your Windows 2000-based application servers. Which policy should you assign to your application servers?
|
Secure Server (Require Security).
|
|
|
IPSec at the _ _level provides protection for server applications and services, without _ those server applications and services that use IP for transport of data.
|
IP transport
modifying |
|
|
By default, the Secure Server policy is _
|
disabled
|
|
|
IPsec is a security service that gives administrators the ability to apply various security methods to the _ data packet regardless of which program generates the data.
|
IP
|
|
|
Your organization operates on an IP-based network. You want to provide secure end-to-end security for your intranet by securing all IP-based traffic to and from your Windows 2000-based application servers. Which policy should you assign to your application servers?
|
Secure Server (Require Security).
|
