Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
23 Cards in this Set
- Front
- Back
3 Characteristics of a secure VPN
|
Authentication (Identity), Data Confidentality (no eavesdropping), Data Integrity (no tampering).
|
|
Examples of Encapsulating Protocols
|
- GRE
- IPSec - L2F - PPTP - L2TP |
|
Two IPSec Encryption Modes
|
1. Tunnel
2. Transport |
|
IPSec Tunnel Mode
|
Encrypts the header and payload of each packet
|
|
IPSec Transport Mode
|
Encrypts only the payload of each packet
|
|
Once an IPSec tunnel is active, which encryption is used, Symmetric or Asymmetric?
|
Symmetric
|
|
Which encryption type is used for authenticating both ends of an IPSec tunnel?
|
Asymmetric
|
|
Examples of Asymmetric encryption algorithms
|
- RSA
|
|
Examples of Symmetric encryption algorithms
|
- DES
- 3DES - AES |
|
What is another term for Asymmetric encryption?
|
Public-key cryptography
|
|
Symmetric key lengths
|
- 80
- 112 - 128 - 192 - 256 |
|
Asymmetric key lengths
|
- 1024
- 2048 - 3072 - 7680 - 15,360 |
|
The two types of symmetric key encryption algorithms are:
|
1. Stream Ciphers
2. Block Ciphers |
|
DES key length
|
56 bits, 64 bits counting parity
DES is symmetric |
|
3DES key length
|
168 bits, effective length 112 bits
3DES is symmetric |
|
AES key length
|
128, 192, or 256
AES is symmetric |
|
Examples of one-way hash functions (HMAC)
(for assuring Data Integrity) |
- MD5
- SHA-1 |
|
IPSec 3 main protocols:
|
- IKE
- ESP - AH (deprecated) |
|
AH protocol number
|
51
|
|
ESP protocol number
|
50
|
|
Initial router config for SDM
|
Router(config)# username ciscosdm privilege 15 password 0 ciscosdm
Router(config)# ip http server Router(config)# ip http secure-server Router(config)# ip http authentication local Router(config)# line vty 0 4 Router(config)# login local Router(config)# transport input telnet ssh |
|
Basic GRE tunnel config
|
R(config)# int tun<tun>
R(config-if)# tunnel source <phys int> R(config-if)# tunnel dest <dest IP> R(config-if)# ip addr <ipaddr> <mask> |
|
Steps for setting up basic IPSec
|
1. Enable IKE
2. Create ISAKMP policy 3. Add elements to the ISAKMP policy 4. Configure pre-shared keys 5. Configure transform sets 6. Set SA lifetimes 7. Define interesting traffic 8. Create crypto map 9. Apply crypto map to interface |