Information Technology /Security+ (SY0-701): Lesson 5: Secure Enterprise Part 4
Security+ (SY0-701): Lesson 5: Secure Enterprise Part 4
This deck covers key concepts from the Security+ (SY0-701) lesson on secure enterprise networks, focusing on VPNs, IPsec, and remote management.
Define a 'virtual private network (VPN)'
A secure tunnel created between two endpoints connected via an unsecure transport network.
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/36
Key Terms
Term
Definition
Define a 'virtual private network (VPN)'
A secure tunnel created between two endpoints connected via an unsecure transport network.
Define a 'Secure Tunnel'
Mechanism encapsulating data from one protocol for safe transfer over another network such as the Internet.
What is the least secure VPN protocol/solution?
Point-to-Point Tunneling Protocol (PPTP).
Define a 'transport layer security (TLS) VPN'
Client connects to the remote access server using digital certificates.
Describe TLS' function when configured with a VPN
TLS creates an encrypted tunnel for the user to submit authentication credentials.
What layer(s) of the OSI model does TLS function?
Layer 4 & Layer 7; Transport layer and Application layer.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Define a 'virtual private network (VPN)' | A secure tunnel created between two endpoints connected via an unsecure transport network. |
Define a 'Secure Tunnel' | Mechanism encapsulating data from one protocol for safe transfer over another network such as the Internet. |
What is the least secure VPN protocol/solution? | Point-to-Point Tunneling Protocol (PPTP). |
Define a 'transport layer security (TLS) VPN' | Client connects to the remote access server using digital certificates. |
Describe TLS' function when configured with a VPN | TLS creates an encrypted tunnel for the user to submit authentication credentials. |
What layer(s) of the OSI model does TLS function? | Layer 4 & Layer 7; Transport layer and Application layer. |
Define 'Internet Protocol Security (IPsec)' | Layer 3 protocol suite used to secure data through authentication and encryption as the data travels across a network. |
What are the two core Internet Protocol Security (IPsec) protocols? |
|
Define the purpose of the IPsec 'Authentication Header (AH)' protocol | Authenticates the sender of transmitted data; Provides integrity and protection against replay attacks. |
How does the IPSec Authentication Header (AH) protocol function? | Calculates a cryptographic hash of the whole packet, plus a shared secret key, and adds this value in the header as an Integrity Check Value (ICV). |
Define 'Encapsulating Security Payload (ESP)' IPsec protocol | Encrypts the header and payload of a data packet as well as authenticating the sender. |
What two modes can IPsec be used in? |
|
Define IPsec transport mode | Used to secure communications between hosts on a private network. |
What is the outcome of configuring IPsec Encapsulating Security Payload (ESP) in transport mode? | The IP header for each packet is not encrypted, just the payload data. |
What is the outcome of configuring IPsec Authentication Header (AH) in transport mode? | Provides integrity for the IP header. |
Define IPsec 'Tunnel mode' | Used for site to site VPN connections. |
What is the outcome of configuring IPsec Encapsulating Security Payload (ESP) in tunnel mode? | The whole IP packet (header and payload) is encrypted and encapsulated as a datagram with a new IP header. |
What is the outcome of configuring IPsec Authentication Header (AH) in tunnel mode? | AH has no use case in tunnel mode, as confidentiality is usually required. |
What is required for a host/router to use IPsec? | Must be assigned an IPsec policy to set the authentication mechanism, IPsec protocol (AH/ESP), and the mode (Transport/Tunnel). |
What type of encryption key does IPsec's encryption and hashing depend on? | A shared secret. |
Define the 'Internet Key Exchange (IKE) protocol' | Framework for creating a security association (SA) between hosts using IPSec. |
Define the function of a 'security association (SA)' | Authenticates peers in an association; Selects cryptographic ciphers mutually supported by peers, and performs key exchange between peers. |
What is the purpose of a 'security association (SA)' | Establishes that two hosts trust one another (authenticate) and agree on secure protocols and cipher suites to use to exchange data. |
Define the first phase of Internet Key Exchange (IKE) protocol negotiations between two hosts | Authenticates the two peers and performs key agreement using the Diffie-Hellman algorithm to create a secure channel. |
What two methods of authenticating hosts in the first phase of an Internet Key Exchange (IKE) protocol negotiation? |
|
Define the second phase of Internet Key Exchange (IKE) protocol negotiations between two hosts | Peers in the Security Association (SA) establish ciphers and key sizes and IPSec protocol (AH and/or ESP) to be used in the IPSec session. |
How many versions of IKE are there? | Two versions |
Define the first version of Internet Key Exchange (IKE) protocol | Designed for site-to-site and host-to-host topologies and requires a supporting protocol to implement remote access VPNs. |
Define the second version of Internet Key Exchange (IKE) protocol | For use as a stand-alone remote access client-to-site VPN solution. |
What are improvements to IKEv2 in comparison IKEv1 | Supports EAP, allows NAT transversal to configure a tunnel allowed by a home router/firewall. |
Define HTML5 VPN | Using features of HTML5 to implement remote desktop/VPN connections via browser software (clientless). |
Define 'in-band' remote management | Remote management link shares traffic with other communications on the production network. |
Define 'out-of-band' remote management | The management interface of a network appliance is accessed using a separate network from the usual data network. |
What are examples of in-band remote management protocols? | RDP, SSH, TLS/IPSec |
What are examples of out-of-band remote management? | A serial console or modem port on a router. |
Define a 'Jump server' | A hardened server that provides access to other hosts. |