|< Day Day Up >|| |
Before taking the exam, review the key topics and terms that are presented in this chapter. You need to know this information.
Be able to explain how IPSec determines what traffic to act on, and be able to describe the process IPSec uses when negotiating encryption and authentication protocols.
List IPSec’s various functional modes and the situations in which each mode should be used.
List the various authentication methods IPSec can use and the situations in which each should be chosen.
Be able to configure IP security policies on a local computer.
Understand what planning needs to be done before deploying IPSec to an enterprise, including integrating IPSec management with Active Directory and testing existing applications.
IP filter list A series of IP filters that IP security policies use to identify traffic that should be ignored or acted upon.
filter action Configuration settings that specify the behavior that an IP security policy takes on filtered traffic.
Quick Mode Phase 2 of the IPSec negotiation process. Quick Mode negotiation occurs after Main Mode negotiation to establish a session key to be used for encryption until the next Quick Mode negotiation is scheduled to occur.
Main Mode Phase 1 of the IPSec negotiation process. Main mode negotiation selects a protection suite that both the client and server support, authenticates the computers, and then establishes the master key for the IPSec session.
Transport Mode An IPSec mode wherein only a portion of the packet, including the Transport and Application layer data, is encapsulated by IPSec. Used to provide IPSec protection for communications between two hosts.
Tunnel Mode An IPSec mode wherein IPSec encapsulates entire packets. Used to provide IPSec protection for communications to a network with multiple hosts.
Authentication Header (AH) An IPSec protocol that provides authentication and data integrity but does not provide encryption.
Encapsulating Security Payload (ESP) An IPSec protocol that provides authentication, data integrity, and encryption.
|< Day Day Up >|| |