IKE phase 1 happens in two modes: main mode and aggressive mode. These modes are described in the following sections. Main Mode Main mode has three two-way exchanges between the initiator and the receiver. -First exchange: The algorithms and hashes applied to secure the IKE communications are agreed upon in matching IKE SAs in each [...]
The Diffie-Hellman key agreement is a public key encryption method that provides a way for two IPSec peers to establish a shared secret key that only they know, although they are communicating over an insecure channel. With Diffie Hellman, each peer generates a public and private key pair. The private key generated by each peer [...]
Standard ACL’s – check the source addresses of packets. IP Standard ACL’s: 1-99 and 1300-1999 Extended ACL’s – check both the source and destination also check for specific protocols port numbers and other parameters. IP Extended ACL’s: 100-199 and 2000-2699 Named ACL’s– feature gives network administrators the option of using names to identify their access [...]
Dead Peer Detection (DPD) is a method of detecting a dead Internet Key Exchange (IKE) peer. The method uses IPsec traffic patterns to minimize the number of messages required to confirm the availability of a peer.
A dual-homed host architecture is built around the dual-homed host computer, a computer that has at least two network interfaces. Such a host could act as a router between the networks these interfaces are attached to it.
The concept of the DMZ, like many other network security concepts, was borrowed from military terminology. Geopolitically, a demilitarized zone (DMZ) is an area that runs between two territories that are hostile to one another or two opposing forces’ battle lines. The DMZ likewise provides a buffer zone that separates an internal network from the [...]
AAA stands for authentication, authorization and accounting, used to control user’s rights to access network resources and to keep track of the activity of users over a network. The current standard by which devices or applications communicate with an AAA server is the Remote Authentication Dial-In User Service (RADIUS).
ASA uses security levels to determine the parameters of trust given to a network attached to the respective interface. The security level can be configured between 0 to 100 where higher number are more trusted than lower. By default, the ASA allows packets from a higher (trusted) security interface to a lower (untrusted) security interface [...]
SSL VPN provides remote access connectivity from almost any internet enabled location without any special client software at a remote site. You only need a standard web browser and its native SSL encryption. IPsec is a dedicated point-to-point fixed VPN connection where SSL VPNs provides anywhere connectivity without any configuration or special software at remote [...]
Stateful inspection is known as dynamic packet filtering and is a firewall technology that monitors the state of active connections and uses this information to determine which network packets are allowed through the firewall. Stateful inspection analyses packets down to the application layer.
Port Security Cat3750#show port-security interface fastEthernet 1/0/2 Port Security : Disabled Port Status : Secure-down Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 0 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source [...]
Content Addressable Memory (CAM) Table Overflow Content Addressable Memory (CAM) tables are limited in size. If enough entries are entered into the CAM table before other entries are expired, the CAM table fills up to the point that no new entries can be accepted. Typically, a network intruder floods the switch with a large number [...]
Deployment classification Site to Site VPN Remote VPN Classification based on OSI layers Layer 4/7 VPN – WebVPN Layer 3 VPN – IPSec, GREoIPSec Layer 2 VPN – L2TP, PPTP, MPPE Classification based on trust level Intranet VPN Extranet VPN Remote VPN Customer point of view classifications 1. Traditonal VPN Frame-relay (L2 VPN) ATM VPN [...]
A stateful firewall like the ASA, however, takes into consideration the state of a packet: •Is this a new connection? If it is a new connection, the ASA has to check the packet against access lists and perform other tasks to determine if the packet is allowed or denied. To perform this check, the first [...]
A. 600 – 699 B. 100 – 199 C. 1 – 99 D. 800 – 899 E. 1000 – 1099 Answer:wer: B & C
When using access lists, it is important where those access lists are placed. Which statement best describes access list placement? A. Put standard access lists as near the destination as possible. Put extended access lists as close to the source as possible. B. Put extended access lists as near the destination as possible. Put standard access lists [...]
A. One per port, per protocol B. Two per interface, per protocol C. Unlimited D. Router interface +1 per port. –>B
Can you define in short what VPN is? ->A Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider. Large corporations, educational institutions, and government agencies use VPN technology to enable remote users to [...]
Can you explain what IPSec is ->ipsec is a suite of protocols which ensure the following: 1-confidentiality of data 2-integrity of data 3-anti-replay of data 4-non-repudiation contains the main cryptographic algorithms used in securing traffic between two networks over an un trusted network
Can you explain transport and tunnel mode in detail with datagram packets? ->Tunnel Mode – Entire IPSEC process is transparent to end hosts, and specialized gateway handles the IPSEC Workload In Tunnel Mode, 1st Encrypts the entire IP packet and its placed into another IP packet. Means we have 2 IP addresses. 1.ip address on [...]