What are the two key features that secure the Mobile IP registration messages?
What prevents a rogue node from setting up the mobility binding for the Mobile Node on the Home Agent?
All Mobile IP control packets traverse the home AAA server, where the packet is authenticated.
The Home Agent discards any Mobile IP control packet if the IP source address does not equal that of the Mobile Node's home address.
The Mobile Node and Home Agent share a security association, and all Mobile IP control packets must be authenticated between the Mobile Node and Home Agent.
The FA performs egress filtering and drops any Mobile IP control packets that do not emanate from the Mobile Node's CoA.
List the different types of Mobile IP authentication extensions, and describe their purpose.
Describe how the MHAE and FHAE can secure the same RRQ.
What elements comprise a security context? How is a security context identified?
What is the standard hash algorithm that must be supported in a Mobile IPv4 deployment?
To verify the integrity of a message that has an authentication extension appended, the recipient does which of the following?
The recipient compares the authenticator value in the appended extension to that stored in the security association for the sender.
The recipient computes a cryptographic hash on the authenticator value and compares it to the value stored in the security context.
The recipient indexes the security association with the SPI and finds the authenticator value to compare to the value in the extension.
The recipient computes a cryptographic hash of the message and compares it to the authenticator value in the appended extension.
Replay protection in registration messages is needed for which of the following reasons?
To thwart off reflection and replay attacks, where the message is retransmitted at a later time
To ensure that data flow is not disrupted and traffic is not redirected by the attacker
To guarantee that a unique field exists in the registration messages
A and B only
A and C only
A, B, and C
Briefly describe the timestamp replay protection method.
Briefly describe the nonces replay protection method.
How does the Mobile Node secure registration messages using the FA Challenge mechanism?
The Mobile Node appends a valid challenge value to a registration message that it learns from the FA's advertisements.
The Mobile Node appends a valid challenge value that it learns from its Home Agent in a reply message secured with the MHAE.
The Mobile Node appends a valid challenge value from a pool of challenge values with which it is preconfigured.
The Mobile Node appends a valid challenge value that it learns from the FA through link-layer signaling.
What is the challenge window?
The MN-AAA Authentication Extension can secure RRQs and registration replies.
Why is the session index extension used in Cisco dynamic security association and key distribution?