Network+ Tunneling & Encryption

Works on Layer 3 (Network Layer). Two major protocols are "Authentication Header" (AH) and "Encapsulation Security Payload" (ESP). AH serves authentication only, ESP provide authentication and encryption. Work on transport mode and tunnelling mode

Virtual Private Network

(or intranet VPN) Allows a company to connect its remote sites over the internet

Allows an organization's suppliers, partners to be connected to the corporate network for a limited B2B way.

Create by Netscape, it's based on RSA public key encryption. Service independent.

Process of using SSL to create a VPN

SSL merged with another transport layer security protocol.

Combination of Microsoft's Point-to-point tunnelling protocol (PPTP) and Cisco's Layer 2 Forwarding (L2F). Works on the Data Link Layer 2, support many non TCP/IP protocols

Combines the unsecured PPP (Point-to-point protocol)session with a secure session using "Generic Routing Encapsulation" (GRE) protocol. Is a VPN protocol that runs on port 1723 and allows encryption to be done at the application level.

Symmetrical keys - Both the sender and receiver have the same key and use to encrypt and decrypt all messages.

Private Encryption Key. Uses lookup and tables functions. Work faster than public-key systems. It uses 56-bit private keys.

It's 3 DES encryption methods combine into one. So it encrypts 3 times and allow us to use up to 3 separate keys. Key length of 168-bits (56x3), but due to complex type of attack known as "meet-in-the-middle" it provides only 112-bits. Too slow.

(AKA Rijndael) Private Encryption Key. It specifies keys of 128, 192 and 256-bits. Very difficult to crack. "Official" encryption standard in the USA.

Uses "Diffie-Hellman algorithm" which employs a public key and a private key. The sending's machine public key is used to encrypt a message to the receiving machine that it uses to decrypt the message with a private key.

Public Key algorithm created by 3 MIT scientists.