CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Virtual Private Networks
Virtual Private Networks
- Secure connection between two nodes using secret encapsulation method
- Secure Encrypted Tunnel – encapsulated tunnel (encryption may or may not be used)
- Tunnel can be created by the following three methods:
- Installing software or agents on the client or network gateway
- Implementing user or node authentication systems
- Implementing key and certificate exchange systems
Planning to take the CISSP Exam?Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW.
All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS. You may also want to consider these CISSP resources from Amazon.com
|
VPN Protocol Standards
PPTP – Point-to-Point Tunneling Protocol
- Works at the data link layer
- Single point to point connection from client to server
- Common with asynchronous connections with NT and Win 95
L2TP – Layer 2 Tunneling Protocol
- Combination of PPTP and earlier Layer 2 Forwarding Protocol (L2F)
- Multiple protocols can be encapsulated within the L2TP
- Single point to point connection from client to server
- Common with Dial-up VPNs
IPSec
- Operates at the network layer
- Allows multiple and simultaneous tunnels
- Encrypt and authenticate IP data
- Focuses more on Network to Network Connectivity
VPN Devices
- Hardware and Software devices that utilize VPN standards
- Two types:
- IPSec Compatible
- Non-IPSec Compatible
IPSec Compatible
- Installed on a network perimeter and encrypt traffic between two networks
- Only works with IP
- Operates at the Network Layer
- Two modes:
- Tunnel Mode – entire packet is encrypted and encased in the IPSec packet
- Transport Mode – only datagram is encrypted leaving IP address visible
- Datagram – self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination
Non-IPSec Compatible
- Common non-IPSec compatible includes: SOCKS, PPTP and SSH
- SOCKS is not a traditional VPN protocol, but is robust and operates at the application layer
- PPTP was implemented in Win95 and NT
- Multiprotocol and uses PAP and CHAP user authentication
- Compresses data
- End-to-End encryption
- Secure Shell SSH-2 – Not strictly VPN but can be used as one with terminal session
Firewall-based VPNs
- Frequently available with 3rd Generation (Stateful Inspection) Firewalls
- Operates at the application layer
- Performance degradation is often a problem
You may also want to consider these CISSP resources from Amazon.com
Thought you should know, etc... Update
When Reality Hits - Project Managers Roll With It
When Reality Hits - Project Managers Roll With It By Project Manage This One of the top challenges new PM types face is facing, and then dealing, with reality. That point in the project when things just aren’t going as planned… At the beginning of the project your Gantt view is a work of art – each dependency [...
The question: Is the Mainframe still the "right answer" for your business?
(Posted February 11, 2012) The short answer is A B S O L U T E L Y . . . In fact, why would risk your corporate future on anything else!!!! When the question “Why is System z essential to your business?” is presented, Terrie Jacopi, Program Director, DB2 for z/OS...
Exit...Stage Left
I’ve changed houses. Instead of Suzhou, Jiangsu, China, I’mon the Southern Outer Banks of North Carolina. Instead of skyscrapers, cranes and car horns honking, it’slittle buildings, quaint shops and a Jimmy Buffet-like atmosphere…
Project Management Lite: Estimating–Preparing non-human Resource Cost Estimates
1. Objective • To produce estimates of the non-human resource costs of the project (computer hardware, communications hardware, systems software, package software, etc.). 2. Responsibilities • The Project M...
What Email Faux Pas Do You Commit?
Email—it’s a part of our everyday lives as business people. Do you send emails that your co-workers take seriously? Do you find some incoming emails off putting? This humorous video by
Leave a ReplyComments
Join Me On Facebook
Business Tech Press Releases- WRGL Names Julian Sula as New CEO February 11, 2012
- tw telecom Awarded South Carolina Contract to Offer State Government Telecommunication Services February 11, 2012
- Vidable Inc. Launches in Test Market February 10, 2012
- HostWire Merges into WRGL February 10, 2012
- Altera Announces Upcoming Schedule of Events With the Financial Community February 10, 2012
- From the National Vulnerability Database
- CVE-2011-3958 (chrome) February 7, 2012Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. […]nvd@nist.gov
- CVE-2012-1033 (bind) February 7, 2012The resolver in ISC BIND 9 through 9.8.1-P1 does not properly implement a cache update policy, which allows remote attackers to trigger continued resolvability of domain names that are no longer registered via an unspecified "Ghost Names exploit." […]nvd@nist.gov
- CVE-2011-3971 (chrome) February 7, 2012Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. […]nvd@nist.gov
- CVE-2011-3954 (chrome) February 7, 2012Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. […]nvd@nist.gov
- CVE-2011-3970 (chrome, libxslt) February 7, 2012libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. […]nvd@nist.gov
- CVE-2012-0926 (realplayer, realplayer_sp) February 7, 2012The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. […]nvd@nist.gov
- CVE-2011-3969 (chrome) February 7, 2012Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. […]nvd@nist.gov
- CVE-2011-3956 (chrome) February 7, 2012The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. […]nvd@nist.gov
- CVE-2011-3968 (chrome) February 7, 2012Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. […]nvd@nist.gov
- CVE-2012-1035 (ada_web_services) February 7, 2012AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. […]nvd@nist.gov
- CVE-2011-3958 (chrome) February 7, 2012