IPSec Modes and Protocols

Questions and Answers

What is the primary function of the IPSec component in the network layer?

• To add the AH, ESP, or both headers to the payload (correct)
• To authenticate the data link layer packets
• To make routing decisions for packets flowing through a router
• To encrypt the IP header

Which mode of IPSec is used when security is desired from end to end?

• Transport mode (correct)
• Tunnel mode
• Network mode
• Envelope mode

What happens when security is not enabled in the transport layer?

• The transport layer packets are authenticated
• The transport layer packets are encrypted
• The transport layer packets flow into the network layer (correct)
• The transport layer packets are blocked

What is the reason for applying ESP first when both AH and ESP are used in transport mode?

Because it is obvious (D)

What is the primary difference between tunnel mode and transport mode?

Tunnel mode protects the entire IP packet, while transport mode protects only the payload (A)

What is the purpose of IPSec in tunnel mode?

To encapsulate an IP packet with IPSec headers and add an outer IP header (D)

Why can't transport mode IPSec header be inserted for packets flowing through a router?

Because it violates the rule of routers looking only at the network layer header (D)

What is the characteristic of an IKE SA?

It is a duplex connection (A)

What is the purpose of IKE in establishing a VPN?

To negotiate terms and conditions of the communication (C)

What is used to maintain an IKE SA?

A special header and SA identifiers called cookies (D)

What is the characteristic of an IPSec SA?

It is a one-way logical relationship (B)

How many SAs are required for authenticated, confidential, bi-directional communications between systems?

Two (B)

What is the primary purpose of a Security Association (SA)?

To identify and manage the parameters of an IPSec connection (B)

What is the function of the Security Parameters Index (SPI)?

To identify a specific SA in the SA database (C)

What is the purpose of the Authentication Header (AH)?

To authenticate and ensure the integrity of data (B)

What is the format of the Authentication Data field in AH?

96 bits (C)

What is the purpose of the Sequence Number in AH?

To prevent replay attacks (B)

What is the difference between tunnel mode and transport mode in IPSec?

Tunnel mode encrypts the entire IP packet, while transport mode only encrypts the payload (C)

What is the purpose of the Encapsulating Security Payload (ESP)?

To encrypt data (D)

What is the format of the ESP header?

Unique format (A)

What is the purpose of the Pad Length field in ESP?

To specify the length of the padding (A)

What is the purpose of the Next Header field in ESP?

To specify the protocol of the encrypted data (C)

What is the primary function of the ESP header in Transport Mode?

To provide integrity and confidentiality of the payload (C)

What is the purpose of the Integrity Check Value in ESP?

To ensure the integrity of the packet (D)

What is the main advantage of ESP over AH?

ESP provides confidentiality, which AH does not (A)

What is the purpose of Internet Key Exchange (IKE)?

To manage IPsec keys and negotiate protocol parameters (C)

What is the name of the protocol that IKE is based on?

ISAKMP and Oakley (D)

What is the current version of IKE?

IKEv2 (C)

What is the primary function of ISAKMP?

To create a framework for key exchange (A)

What is the main criticism of IKE?

It is too complex and confusing (A)

What is the purpose of VPNs?

To securely connect multiple private networks across a public network (A)

What is the advantage of using VPNs over leased lines?

VPNs are cheaper (C)

What is the main concern of organizations using VPNs?

Data security (A)

What has driven the evolution of VPNs?

The demand for security features (C)