1

IPsec consists of what elements?

Answer:

Cryptographic algorithms, security protocols, security associations, IPsec databases, and SA and key management techniques.

2

What services does IPsec provide to IP?

Answer:

IPsec provides access control, connectionless integrity, data origin authentication, replay protection, data confidentiality, and limited traffic flow confidentiality.

3

What are the main characteristics of symmetric encryption algorithms?

Answer:

The same key is required for encryption and decryption; the ciphertext is compact; symmetric encryption algorithms are fast and can be used for bulk encryption.

4

What are the two types of symmetric encryption algorithms?

Answer:

Block ciphers and stream ciphers.

5

What are the characteristics of public key algorithms?

Answer:

They are much slower than symmetric algorithms and are not suitable for bulk encryption; ciphertext produced by public key algorithms is not compact; public key algorithms do not have the same key distribution and management problems as symmetric algorithms; public key algorithms can be used for encryption, for digital signatures, and for symmetric key exchange.

6

What security services do AH and ESP provide?

Answer:

AH provides connectionless integrity, data origin authentication, and optional replay protection. ESP provides connectionless integrity, data origin authentication, optional replay protection, data confidentiality, and limited traffic flow confidentiality.

7

What is an IPsec SA?

Answer:

An IPsec SA defines how traffic for a particular traffic flow is protected by IPsec.

8

What is the function of IKE?

Answer:

IKE allows IPsec peers to authenticate each other, generate keying material, and negotiate IPsec SAs.

9

What are some common considerations when selecting parameters for IPsec transform sets?

Answer:

The type of user traffic to be protected; the specific type of protection; the length of time that user traffic must stay confidential; the volume of traffic that is to be encrypted; the type of VPN gateway hardware platforms; whether hardware crypto accelerators will be used; the version of Cisco IOS Software that IPsec VPN gateways will be running.


Part I: Understanding VPN Technology

What Is a Virtual Private Network?

Part II: Site-to-Site VPNs

Designing and Deploying L2TPv3-Based Layer 2 VPNs

Designing and Implementing AToM-Based Layer 2 VPNs

Designing MPLS Layer 3 Site-to-Site VPNs

Advanced MPLS Layer 3 VPN Deployment Considerations

Deploying Site-to-Site IPsec VPNs

Scaling and Optimizing IPsec VPNs

Part III: Remote Access VPNs

Designing and Implementing L2TPv2 and L2TPv3 Remote Access VPNs

Designing and Deploying IPsec Remote Access and Teleworker VPNs

Designing and Building SSL Remote Access VPNs (WebVPN)

Part IV: Appendixes

Designing and Building SSL Remote Access VPNs (WebVPN)

Appendix B. Answers to Review Questions



Comparing, Designing, and Deploying VPHs
Comparing, Designing, and Deploying VPNs
ISBN: 1587051796
EAN: 2147483647
Year: 2007
Pages: 124
Authors: Mark Lewis

Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net