Side A ------ Side B Name 3 benefits of implementing VPNs. ------ 1. cheaper than layer2 WANs, 2.

pro vides scalability, 3. provides security. Which 2 algorithms are used to check for data integrity? ------ SHA and MD5 What is SSL and where is it used? ------ Secure Socket Layer. It is used in htt ps. What levels of security are provided by ESP? ------ data origin authentication, anti-replay protection, data confidentiality Name 2 considerations for choosing AH over ESP. ------ ESP is more processor-int ensive, ESP requires strong cryptography What is Tunnel Mode? ------ the entire IPSec process is transparent to the end h osts. Specialized IPSec gateway devices handle the IPSec workload. What is Transport Mode? ------ The end hosts themselves perform the IPSec encaps ulation. What are the 3 protocols used in IPSec? ------ Authentication Header (AH), Encap sulating Security Payload (ESP), Internet Key Exchange (IKE) What levels of security are provided by AH? ------ data origin authentication, d ata integrity, anti-replay protection What is RSA? ------ a well-known public key encryption scheme. Name an algorithm that allows the exchange of secret keys over a non-secure conn ection. ------ Diffie-Hellman What is the name of a 3rd party that certifies public keys? ------ Certificate A uthority (CA) What is asymmetric encryption? ------ uses both a public & private key for both sender & receiver. What is the key size of DES? ------ 56 bits What is symmetric encryption? ------ An algorithm where the key that is used for encryption is also used for decryption. Which encryption technologies use symmetric encryption? ------ DES & TDES Name 3 data encryption tecnologies and state which one is the best. ------ Data Encryption Standard (DES), Triple DES, Advanced Encryption Standard. (AES). AES is the best. What is anti-replay protection? ------ Protects against replay attacks, maliciou s repeat, or delay of valid transmission attacks by using one-time tokens and se quence numbers for proof of identity. What is the difference between client-initiated and NAS-initiated VPNs? ------ C lient-initiated uses a client application to create the tunnel, NAS-initiated is where the user dials into a NAS device that creates the tunnel. Name a major drawback of IPSec. ------ IPSec only supports unicast IP traffic. Name 2 types of remote access VPNs. ------ Client initiated (Remote access), Net work Access Server initiated (site-to-site). Name 3 protocols used to create tunnels. ------ Generic Routing Encapsulation (G RE) (RFC1701), Layer 2 Tunneling Protocol (L2TP)(RFC2661), IP Security (IPSec) Name a major drawback of both GRE & L2TP. ------ No encryption What are 3 vital functions of VPNs? ------ Data origin authentication, Encryptio n, Data Integrity