Exam Objectives Frequently Asked Questions


The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will also gain access to thousands of other FAQs at ITFAQnet.com.

1.

What is the IPSec AH tunnel mode?

the ah tunnel mode is used by ipsec to ensure packet integrity and authentication by encapsulating an ip packet with an authentication header (ah) and an ip packet. ah does not provide encryption of data.

2.

What is the ESP tunnel mode?

the esp tunnel mode is used by ipsec for data confidentiality. the mode works by encapsulating the packet with an encapsulating security payload (esp) and ip header as well as an esp authentication trailer.

3.

On what Microsoft platforms does IPSec work?

native support for ipsec is provided in windows 2000, windows xp professional, and windows server 2003 products.

4.

What is the strongest encryption method for key-exchange settings available when implementing IPSec in Windows Server 2003?

triple data encryption standard (3des), newly supported in windows server 2003, uses three 56-bit key exchanges to provide an effective key length of 168 bits.

5.

I am using NAT on my firewall. Can I pass IPSec traffic through my firewall?

yes, if the firewall or nat device is configured properly to allow for udp traffic. unlike windows 2000, windows server 2003 includes support for nat traversal, a method of allowing ipsec and nat to work together.

6.

How can I manage my IPSec policies in Windows Server 2003?

you can use the netsh commands in ipsec context, or you can use the ip security policy management mmc snap-in.

Answers

1.

The AH tunnel mode is used by IPSec to ensure packet integrity and authentication by encapsulating an IP packet with an Authentication Header (AH) and an IP packet. AH does not provide encryption of data.

2.

The ESP tunnel mode is used by IPSec for data confidentiality. The mode works by encapsulating the packet with an Encapsulating Security Payload (ESP) and IP header as well as an ESP authentication trailer.

3.

Native support for IPSec is provided in Windows 2000, Windows XP Professional, and Windows Server 2003 products.

4.

Triple Data Encryption Standard (3DES), newly supported in Windows Server 2003, uses three 56-bit key exchanges to provide an effective key length of 168 bits.

5.

Yes, if the firewall or NAT device is configured properly to allow for UDP traffic. Unlike Windows 2000, Windows Server 2003 includes support for NAT traversal, a method of allowing IPSec and NAT to work together.

6.

You can use the netsh commands in ipsec context, or you can use the IP Security Policy Management MMC snap-in.




MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure. Exam 70-293 Study Guide and DVD Training System
MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide and DVD Training System
ISBN: 1931836930
EAN: 2147483647
Year: 2003
Pages: 173

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net