27 Questions
What does the Q-switch do to a packet based on the source IP address before routing is set up?
Assigns the packet to the appropriate VLAN
What is the purpose of dynamic VLAN assignment?
To assign VLANs based on the user's group membership
What happens when a salesperson connects her laptop to an ethernet jack in a conference room?
The switch requires hardware and user authentication
What is a benefit of having VLAN-aware end-point devices?
Ability to assign various packets to different VLANs based on applications used
What is the purpose of trunking between switches in VLAN management?
To allow VLAN members to exist in different locations and use all VLAN-assigned resources
What do VLAN access control lists (VACLs) do in VLAN management?
Filter packets within a VLAN
Why is dynamic VLAN assignment particularly useful for wireless or remote devices?
It is based on the authenticating user’s group membership
What role does role-based access control play in VLAN management?
It works well with dynamic VLAN assignment
What does a trunk port do in VLAN management?
Allows VLAN members to exist in different locations and use all VLAN-assigned resources
What is the purpose of VACL filtering in VLAN management?
To filter packets within a VLAN
What is an advantage of having VLAN-aware end-point devices?
Ability to process incoming tagged packets
How does the Q-switch handle packet assignment before routing is set up?
Assigns the packet to the appropriate VLAN
In a provider-provisioned VPN (PPVPN) scenario, what is the role of the Provider edge device (PE)?
Connects to customer networks through CE devices and maintains VPN state
What is the principal role of a Provider device (P) in a provider-provisioned VPN (PPVPN) scenario?
Provides routing for many provider-operated tunnels and acts as an aggregation point for multiple PEs
What is the function of a Customer edge device (CE) in a provider-provisioned VPN (PPVPN) scenario?
Is at the edge of the customer's network and provides access to the PPVPN
What does a multiprotocol label switching (MPLS) functionality blur in a Layer 2 (L2) or Layer 3 (L3) PPVPN scenario?
Blurs the L2–L3 identity
What is the purpose of tunneling protocols in a VPN scenario?
To allow the VPN tunnel to establish automatically without intervention from the administrator
What is the primary purpose of a virtual private network (VPN)?
To provide secure access to a private network over an insecure communication medium
How does a site-to-site virtual private network (VPN) configuration differ from a remote access configuration?
A site-to-site VPN connects two networks, while a remote access VPN provides secure access to an enterprise network
What are the benefits of using a virtual private network (VPN)?
Greater flexibility for remote workers
In the context of virtual private networks (VPNs), what is the role of tunneling protocols?
To provide secure access to a private network over an insecure communication medium
What is the purpose of a host-to-network configuration in the context of virtual private networks (VPNs)?
To provide secure access to an enterprise network
Which VPN protocol is known for utilizing the Curve25519 protocol for key exchange and ChaCha20-Poly1305 for encryption and message authentication?
WireGuard
Which VPN protocol is primarily used in mobile devices and was created by Microsoft and Cisco?
IKEv2
Which VPN protocol can tunnel Point-to-Point Protocol (PPP) or Layer 2 Tunneling Protocol traffic through an SSL/TLS channel?
SSTP
Which VPN protocol provides security and meets most security goals, while also being widely used with IPv4 and the Layer 2 Tunneling Protocol?
IPsec
Which VPN protocol is a free and open-source VPN protocol based on the TLS protocol, currently being developed and updated by OpenVPN Inc.?
OpenVPN
Study Notes
- The text discusses the use of site-to-site VPNs for expanding a network across geographically disparate offices or connecting them to a data center installation.
- VPNs can be intranet or extranet based, with intranet referring to sites belonging to the same organization and extranet for sites belonging to multiple organizations.
- Site-to-site VPNs are primarily used for business-to-business, cloud computing, and branch office scenarios.
- VPN systems can be classified based on the tunneling protocol used, termination point location, topology, and security levels.
- VPNs provide confidentiality, sender authentication, and message integrity.
- Secure VPN protocols include IPsec, SSL/TLS, DTLS, MPPE, SSTP, MPVPN, SSH, WireGuard, IKEv2, and OpenVPN.
- IPsec provides security and meets most security goals, while also being widely used with IPv4 and the Layer 2 Tunneling Protocol.
- SSL/TLS can secure an individual connection or tunnel an entire network's traffic, and can be used when IPsec runs into trouble with Network Address Translation and firewall rules.
- Microsoft Point-to-Point Encryption (MPPE) works with Point-to-Point Tunneling Protocol and in several compatible implementations on other platforms.
- Microsoft Secure Socket Tunneling Protocol (SSTP) tunnels Point-to-Point Protocol (PPP) or Layer 2 Tunneling Protocol traffic through an SSL/TLS channel.
- Multi Path Virtual Private Network (MPVPN) is a registered trademark of Ragula Systems Development Company.
- Secure Shell (SSH) VPN can secure remote connections to a network, inter-network links, and remote systems, but is more often used for remote access instead of a site-to-site connection.
- WireGuard is a protocol that utilizes the Curve25519 protocol for key exchange and ChaCha20-Poly1305 for encryption and message authentication.
- Internet Key Exchange version 2 (IKEv2) was created by Microsoft and Cisco and is used in conjunction with IPSec for encryption and authentication. Its primary use is in mobile devices.
- OpenVPN is a free and open-source VPN protocol based on the TLS protocol, and is currently being developed and updated by OpenVPN Inc.
- Crypto IP Encapsulation (CIPE) is a free and open-source VPN implementation for tunneling IPv4 packets over UDP via encapsulation, but development ended in 2002.
- Tunnel endpoints must be authenticated before secure VPN tunnels can be established, and user-created remote-access VPNs may use passwords, biometrics, or other cryptographic methods.
Test your knowledge of VLAN technology, network segmentation, and switch security measures to create a multi-layered attack surface for network security. Explore advanced concepts to hinder threat agents from reaching hardened systems.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free