In IPSec
VPNs, what is diffe helman? What is it used for?
Diffie-Hellman
is an asymmetric key algorithm used for public key cryptography. As well as
IPSec it is also used for SSL, SSH, PGP and other PKI systems.
Asymmetric cryptography or public-key cryptography is cryptography in
which a pair of keys is used to encrypt and decrypt a message so that
it arrives securely. Initially, a network user receives a public and
private key pair from a certificate authority. Any other user who wants
to send an encrypted message can get the intended recipient's public key
from a public directory. They use this key to encrypt the message, and
they send it to the recipient. When the recipient gets the message, they
decrypt it with their private key, which no one else should have access
to.
What is asymmetric cryptography (public-key cryptography?
A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.
What's the difference between IKE and ISAKMP?
What’s the difference between Diffie-Hellman and RSA?
What kind of attack is a standard Diffie-Hellman exchange vulnerable to?
Man-in-the-middle, as neither side is authenticated.
In an IPSec tunnel, what is main mode?
For a
successful and secure link using IPSec, the IKE (Internet Key Exchange)
protocols takes part in a two step negotiation. Main mode or Aggressive mode
(Phase 1) authenticates and/or encrypts the peers. Quick mode (Phase 2)
negotiates the algorithms and agree on which traffic will be sent across the
VPN.
What port does ping work over?
ICMP is a layer 3 protocol (it doesn’t work over a
port). Ping does not use TCP
or UDP, as those are layer 4 protocols.
How exactly does traceroute/tracert work at the protocol level?
In EIGRP, what is a Stuck in Active route?
If the successor path is lost and there is no feasible
successor path is available, router sends out query messages on all EIGRP
enable interfaces & tries to find out an alternative path to the network.
It is active state for that route.
Now Router is waiting
for reply from its neighbors. If reply is missing for 3 min, that means router
didn't get any reply from neighbors, then it becomes Stuck in Active. In this
case, router reset the neighbor relationship with the router who didn't replied
back the query messages sent by the router.
To solve this
problem, two method is used –
a) Router
summarization
b) EIGRP Stub.
To disbale the stuck in active timer, the following command is used
Router(config-router)# timers active-time disable.
In OSPF, what is a totaly stubby area? What does
Area Zero do?
Totally Stubby area does not allow summary routes in
addition to not having external routes, that is, inter-area (IA) routes are not
summarized into totally stubby areas. The only way for traffic to get routed
outside of the area is a default route which is the only Type-3 LSA advertised
into the area. When there is only one route out of the area, fewer routing
decisions have to be made by the route processor, which lowers system resource
utilization. The backbone area (also known as area 0 or area 0.0.0.0) forms the
core of an OSPF network. All other areas are connected to it, and inter-area
routing happens via routers connected to the backbone area and to their own
associated areas. It is the logical and physical structure for the 'OSPF
domain' and is attached to all nonzero areas in the OSPF domain. The backbone
area is responsible for distributing routing information between nonbackbone
areas. The backbone must be contiguous, but it does not need to be physically
contiguous; backbone connectivity can be established and maintained through the
configuration of virtual links.
Explain what a 3-way handshake is in TCP?
Transmission control protocol guarantees delivery of packets ,SYN,SYN-ACK,ACK, eg.www, email, HTTP 80, POP3 110, DHCP 67
What is collision domain and broadcast domain ?
Understanding SPAN and RSPAN
You can
analyze network traffic passing through ports or VLANs by using SPAN to send a
copy of the traffic to another port on the switch that has been connected to a
SwitchProbe device or other Remote Monitoring (RMON) probe or security device.
SPAN mirrors received or transmitted (or both) traffic on a source port and
received traffic on one or more source ports or source VLANs, to a destination
port for analysis.
all
traffic on port 5 (the source port) is mirrored to port 10 (the destination
port). A network analyzer on port 10 receives all network traffic from port 5
without being physically attached to port 5.
What is NetFlow
NetFlow is an embedded instrumentation within
Cisco IOS Software to characterize network operation. Visibility into the
network is an indispensable tool for IT professionals. In response to new
requirements and pressures, network operators are finding it critical to
understand how the network is behaving including:
Cisco IOS NetFlow fulfills those needs, creating
an environment where administrators have the tools to understand who, what,
when, where, and how network traffic is flowing. When the network behavior is
understood, business process will improve and an audit trail of how the network
is utilized is available. This increased awareness reduces vulnerability of the
network as related to outage and allows efficient operation of the network.
Improvements in network operation lower costs and drives higher business
revenues by better utilization of the network infrastructure.
