Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
33 Cards in this Set
- Front
- Back
|
What is a VPN and what does it provide?
|
Virtual Private Network. It provides a secure path for communication between private sites via a public network.
|
|
|
What are the three benefits of data encryption?
|
1)Provide Data confidentiality
2)Data is encrypted and decrypted using keys 3)data encryption is a reversable process |
|
|
What 2 types of keys used in encryption?
|
Symmetric (secret) Keys
Asymmetric (public and private) Keys |
|
|
What does the ciphers strength depend on and what is the trade off for a stronger cipher?
|
Cipher strength depends on the key size. The larger the key the stronger the cipher. The trade off for strength is speed. The larger the key the longer it take to encrypt and decrypt the information.
|
|
|
What is the normal size of the keys in Symmetric Key Encryption?
|
40 bits - 1024 bits
|
|
|
What are three examples of symmetric key encryption?
|
1)DES
2) 3DES 3) AES |
|
|
In Asymmetric Encryption what is the typical size range of the Key?
|
512bits to 2048bits
|
|
|
What are two examples of Asymmetric Encryption?
|
1) RSA
2) DH |
|
|
What is a Hashing Algorith used for?
|
To create a fingerprint of the data so that the recipient can tell the data has not been modified.
|
|
|
What are two types of Hashing Algorithms and what is the out put for each?
|
1) MD5 128bit output
2) SHA 160bit output |
|
|
Hashing functions must have what 2 basic properties?
|
1) must be one way so that the original data can not be determined from the hashed output
2) it must be collision resistant. this is so that no two input can create the same output. |
|
|
What is Source Authentication?
|
Validates datagrams by verifying that they came from the proper source
|
|
|
What is used to do Source Authentication and how does it work?
|
Hashed Method Authentication Code (HMAC) the sender adds a key to the data then performs a hash function. The recipient has the same key as the sender. Once the recipient receive the data-gram he separates the added hash from the data gram. He then adds the key he has and runs his on hashing function. Then he compares the two hashing output. if they match then the sender is validate if they do not match then either the data is either corrupted or been tampered with.
|
|
|
What is the main key exchange that Juniper Firewalls use?
|
Diffie-Hellman Key Exchange Algorithm
|
|
|
What are the three groups and bits that Juniper supports for Diffie-Hellman
|
Group 1 768-bit
Group 2 1024-bit Group 5 1536-bit |
|
|
What is the DH Key process?
|
1) Each device generates a public and private key
2) public key are exchanged 3) local private and remote public keys are used in DH to form a common session key |
|
|
What is IPSec?
|
IP Security, is an industry standard for providing data security and integrity services
|
|
|
What two protocols are defined in IPSec?
|
1) Encapsulating Security Protocol
2) Authentication Header Protocol |
|
|
Describe the two IPSec modes.
|
1) Tunnel mode is the most commonly used. Implemented between an IPSec gateway and a remote hot of between two IPSec gateways. End system does not need to be aware of the IPSec protocol because encryption and decryption take place on the IPSec Gateways.
2) Transparent mode is implemented between IPsec end systems. Each end system must be aware of the IPSec Protocol because it does the Encryption and Decryption. |
|
|
What is IKE?
|
Internet Key Exchange Protocol.
Is a secure key management protocol used by IPSec to have information exchanged in a secure and dynamic manner with little to no intervention. |
|
|
What is ESP and how does it work?
|
Encapsulating Security Payload Protocol. The esp header is inserted between the newly created IP header and the original IP header. After the original Packet there is a ESP trailor and ESP Auth added as well.
|
|
|
What is contained in the ESP Header?
|
1)Protocol Number 50
2) Security Parameter index which is and arbitrary 32-bit value that in combination with the IP Address and ESP uniquely ID the SA for this datagram 3) sequence number which is an unsigned 32-bit field containing a monotonically increasing counter value that is used to detect antireplat |
|
|
What is contained in the ESP Trailor?
|
1)Padding/pad length. depending on the original data size padding may be required to fill the packet.
2)Next header which is information on the next expected segment. |
|
|
What us contained in the ESP Auth?
|
ESP Auth is a integrity check value that is a hashed value for the entire packet.
|
|
|
What is AH?
|
The Authentication Header Protocol Provides only data integrity authentication and anti-replay services. AH does not provide encryption.
|
|
|
How does AH protocol work?
|
Places a AH inbetween the new IP header and the original IP Header and then places a AH Auth at the end of the packet.
|
|
|
What is contained in the AH header?
|
1) Protocol number 51
2) Next header information on the next expected segement 3) Payload length 4) SPI to uniquly ID the SA for this data gram 5) Sequence number to detect Replay attacks |
|
|
What is contained in the AH Auth?
|
Contains the ICV that is the hash value for the packet.
|
|
|
What attributes are exchanged between IPSec Peers as a part of the IKE process?
|
1) Encryption Algorithm
2) Hash Algorithm 3) Authentication method 4) Diffie-hellman Group |
|
|
What three items are used to authenticate IKE exchanges?
|
1) Preshared Keys
2)Digital Signatures 3)Public Key Encryption |
|
|
What is SA?
|
Security Association is a set of policies and keys used to protect information. SAs are established upon successful completion of IKE negotiations.
|
|
|
What happens in Phase 1 of IKE?
|
1)Two peers Establish a Secure authenticated channel with which to communicate
2) DH Key exchange algorithm is used to generate a symmetric key common to the communication gateway. 3) runs in either main mode or aggressive mode |
|
|
What happens in Phase 2 of the IKE process?
|
1)SAs are negotiated using Phase 1 secure channel
2) Proxy ID used to Identify which SA is referenced for VPN 3) DH Key exchange algorithm can be used to create PFS (perfect forward secrecy) |
