Angelia Paul Implementing Internet/Intranet Firewalls & VPNS G.

Marius Beugre April 24, 2012 Chapter 10 Review Questions 1. 2. 3. What do VPNs do that firewalls cannot do? Protect packets after they leave the local network. What are the disadvantages of suing leased lines to set up private network? Complexity, cost and scalability What are the disadvantages of using VPN instead of a leased line? VPNs can be unreliable because they rely on the public Internet and if part of that Internet that helps create the VPN goes down, the VPN becomes unusable. Why would you choose a VPN that is built into a firewall rather than a VPN appliance or router? Convenience, lower cost and less complexity In the context of VPNs, why is the term tunnel misleading? It implies that there is a single dedicated cable linking one computer or network to another, but in reality, the VPN uses the public Internet to join the two networks. The privacy in VPN comes from encryption, encapsulation, and authentication. What is the downside of using a proprietary VPN protocol? Suck protocols are often limited to working only with the same brand of firewall. Why is authentication an essential party of a VPN? It guards against an unauthorized user using an authorized users remote computer and dialing into the network. It is also important to know the host originating the connection is an approved user. What are the ways that participants in a VPN can be authenticated? They exchange keys. Which of the VPN protocols discussed in this chapter provide for client-tosite authentication. IPSec/IKE

4.

5.

6.

7.

8. 9.

10.

What are the benefits of setting up a VPN rather than using a leased line? Cost, speed and control What special considerations need to be made when setting up a multinational VPN? The reliability of the foreign ISP Why would you consider purchasing a VPN appliance rather than installing less expensive VPN software? Appliance can handle more connections and stay online if the server crashes. Aside from the fact that theyre less expensive, under what circumstances does using a software VPN give you and advantage over a VPN appliance. Software VPNs scale well with fast-growing companies. Define and describe a mesh VPN configuration. VPN arrangement in which each participant in the VPN has an approved relationship with every other participant. Under what circumstances is a mesh VPN configuration most useful? When the company is small and not growing quickly.

11.

12.

13.

14.

15.

16.

Define and describe a hub-and-spoke VPN configuration. Arrangement in which a single VPN router contains records of all SAs in the VPN. Any LANs or computers that want to participate in the VPN need only connect to the central server, not to any other machines in the VPN. When is a hub-and-spoke VPN configuration most useful? If the number of participants is growing quickly and if a single point of configuration is needed. Which VPN protocol is most widely used today? IPSec with IKE Tunnel mode seems like the obvious choice in using IPSec to secure communications through a VPN tunnel; whats the potential drawback to using it? It doesnt provide for user authentication.

17.

18. 19.

20.

PPTP is an older VPN protocol that is mainly used with older client computers, but it has one advantage over the more recent L2TP. What is that advantage? It is compatible with NAT