Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/18

Click to flip

18 Cards in this Set

  • Front
  • Back
VPN
Virtual Private Network. Allows secure communication between private LAN and remote hosts over an unsecured public network connection. Using the VPN, security parameters can be applied to certain types of remote communications without affecting other aspects of the network.
Authentication
The receiving VPN host or device can verify the source of the data; the sender is, in fact, who she says she is.
Integrity
The receiving VPN host or device can ensure that the data was not altered during transit.
Generic Routing Encapsulation (GRE)
[Cisco proprietary]
Enables a Cisco router to encapsulate a packet in an IP header. The remote router removes this header when the packet is received
Data Confidentiality
Because data is encrypted by one endpoint device, then is decrypted by the other endpoint device, data is seen in an unencrypted format only by those devices that should be able to do so.
Anti-replay protection
Protection from data, originally sent from an authorized device, being copied and retransmitted by an attacking device. With this type of attack, the attacker successfully copies the identity of the authorized device.
Data Encryption Standard (DES)
uses a 56 bit key to encrypt data. These keys have been know to be broken within 24hrs; sometimes as quickly as ten minutes!
Triple Data Encryption Standard (TDES) (Also 3DES)
Uses three 56 bit keys (168 bit total). 112 bit encryption is considered efficient. Uses symmetric encryption
Advanced Encryption Standard (AES)
AES can run on any Cisco router that has IPSec DES/3DES capability.
Symmetric Encryption (secret key encryption)
An algorithm which uses the same key to encrypt and decrypt data. Includes stream algorithms, where one bit/byte is encrypted/decrypted at a time; and block algorithms, where blocks (usually 64 bits) are encrypted/decrypted as a whole. The drawback is that using the same encryption key at both endpoints doubles the risk exposure.
Asymmetric encryption
Utilizes two keys for both sender and receiver. The public key encryption scheme involves a public and private key for each user. Prior to the encryption process, the public key is certified by a third party called a Certificate Authority (CA). The CA verifies both the identity of the user and the user's public key. The certificate is a combination of the user's public key and the CA's private root key.
Diffie-Hellman (exponential key exchange)
An algorithm that allows VPNs to comply with the IPSec requirement for dynamic key exchange
Dynamic key exchange
Encryption key is exchanged between endpoints over the communications channel in lieu of the keys being manually configured on each device by an administrator.
IPSec
Protocol suite for securing Internet Protocol communication by authenticating and encrypting each IP packet of a communication session. An end-to-end security scheme that operates at the Internet Layer of the TCP/IP model. Uses three protocols: Authentication Header (AH), Encapsulating Security Payload (ESP), and Security Associations (SA) (to which Internet Key Exchange [IKE] applies)
Authentication Header (AH)
Defined in RFC 2402, provides data origin authentication, integrity, and optional anti-replay protection. AH will successfully protect the IP packet's payload; but it cannot provided data confidentiality since some of the fields in the IP header are mutable during transmission (and therefore unpredictable). Less processor intensive than ESP, and may suffice when data confidentiality is not needed.
Encapsulating Security Payload (ESP)
Using a header and a trailer to encapsulate data, this protocol provides data origin authentication, anti-replay protection, and data confidentiality. ESP is more demanding of processor resources, and requires strong cryptography; which isn't available and/or allowed everywhere.
IPSec Tunnel Mode
The entire IPSec process is transparent to end hosts; specialized IPSec gateway devices handle the IPScec workload. The entire IP packet is encrypted; then this encrypted packet is placed in yet another IP packet (this is the general definition of tunneling -- packet encapsulation).
IPSec Transport Mode
End hosts perform the encapsulation. No new IP header is attached when transport mode is used.