17.1 Key Terms
VPN
= Virtual private network. Used to provide encryption, authentication, data
integrity, and antireplay for network traffic
SSL
= Secure Sockets Layer. The original security method for HTTPS, although
succeeded by TLS, this term is still widely used and assumed. This is a secure
alternative to HTTP.
IPsec
= IPsec is the suite of protocols used to protect the contents of Layer 3 IP
packets. ESP is the primary protocol used to encapsulate the Layer 3 packets.
3DES
= Triple DES, a 168-bit (3 x 56-bit encryption process). DES or Data Encryption
Standard, is a symmetric key encryption algorithm using a block-cipher method.
AES
= Advanced Encryption Standard, is a symmetric key encryption algorithm using a
block-cipher method developed by Joan Daemen and Vincent Rijmen. Available in
key sizes of 128-bit, 192-bit, or 256-bit
MD5
= Message digest algorithm 5. A cryptographic function with a 128-bit hash.
Hashing algorithms are unidirectional. The enable secret on an IOS router is
stored using an MD5 hash
SHA1
= Secure Hash Algorithm 1. A successor to MD5, developed by the National
Security Agency (NSA)
Hash
= A unidirectional process rather than a reversible algorithm, it takes a
variable-sized input and creates a fixed-size output. Common examples include
MD5 and SHA.
HMAC
= Hash Message Authentication Code, used to verify data integrity and
authenticity of a message.
digital signature = An encrypted hash that uniquely
identifies the sender of a message and authenticates the validity and integrity
of the data received. Signing is done with the private key of the sender, and
validation of that signature (done by the receiver) is done using the public
key of the sender.
Symmetrical
= Literally meaning both sides are the same, such as with pre-shared keys,
where both ends have the exact same information used to encode/decode data. DH
produces symmetrical keys. Symmetrical keys would be used by symmetrical
algorithms, such as AES, where one key encrypts the data and the same key is
used to decrypt the data.
Asymmetrical
= Meaning both sides are not the same (not symmetrical). An asymmetrical
encryption algorithm uses one key to encrypt data and a second (and different)
key to decrypt the data.
Key
= A password or set of information used to seed other mathematical algorithms.
17.2 Things to
Remember
17.2.1 VPN Components
Component: Symmetrical encryption
algorithms
Function: Uses the same key for encrypting and decrypting data.
Examples of Use: DES, 3DES, AES, IDEA
Component: Asymmetrical encryption
Function: Uses a public and private key. One key encrypts the data, and the other
key in the pair is used to decrypt.
Examples of Use: RSA, Diffie-Hellman
Component: Digital signature
Function: Encryption of hash using private key, and decryption of hash with the
sender’s public key.
Examples of Use: RSA signatures
Component: Diffie-Hellman key exchange
Function: Uses a public-private key pair asymmetrical algorithm, but creates
final shared secrets (keys) that are then used by symmetrical algorithms.
Examples of Use: Used as one of the many services
of IPsec
Component: Confidentiality
Function: Encryption algorithms provide this by turning clear text into cipher
text.
Examples of Use: DES, 3DES, AES, RSA, IDEA
Component: Data integrity
Function: Validates data by comparing hash values.
Examples of Use: MD5, SHA-1
Component: Authentication
Function: Verifies the peer’s identity to the other peer.
Examples of Use: PSKs, RSA signatures
17.3 Command
Examples
Verifying Data
Integrity with a Hash
dev-1# dir
Directory
dev-1# verify /md5
flash:/c2800nm-advipservicesk9-mz.124-24.T4.bin
Comments
Post a Comment