CCIE Study Blueprint —— VPN
IPSec VPN
(1) IPSec itself does not specify which algorithms to use, only provides a framework, the user can choose any supported algorithm, if the algorithm is cracked, it can be replaced at any time. The parameters used are as follows:
<1> hash function: MD5, SHA1;
<2> Encryption algorithm: DES, 3DES, AES;
<3> Encapsulation Protocol: AH, ESP;
<4> Encapsulation mode: transmission mode, tunnel mode;
<5> Key validity period: 60s~86400s.
(2) Hash function
The hash function, also called the hash function, functions to verify data integrity (to prevent data from being tampered with), and commonly used algorithms: MD5, SHA1.
The original file uses the hash function to calculate the hash value A. After the peer receives the file, the same function is used to calculate the hash value B of the file, and the hash values A and B are compared. If the file is the same, the file has not been tampered with.
Features: The hash value is fixed at a fixed length, MD5 is 128bit, and SHA1 is 160bit.
Avalanche effect: Modify any of the characters and the resulting hash value will change dramatically.
Irreversible: The hash value can only be calculated from the file, and the original file cannot be obtained by reverse the hash value.
Uniqueness: There are no two different files with the same hash value.
The problem with the hash algorithm: only guarantee that the data has not been tampered with, can not authenticate the data source, and is prone to attack by the middle.
HMAC (Keyed-hash Message Authentication Code): Keyed hash information authentication code.
(3) Encryption algorithm
The plaintext data is encrypted into ciphertext data by an algorithm (to prevent data from being eavesdropped).
Symmetric algorithm: Both encryption and decryption use the same key and algorithm for encryption and decryption.
Mainstream symmetric encryption algorithms: DES, 3DES, AES, RC4.
Asymmetric algorithm: A key encrypted information must be decrypted using another key, public key encryption private key decryption, private key encryption public key decryption, and digital signature of data.
Mainstream asymmetric encryption algorithms: RSA, DH, ECC.
<1> Symmetric algorithm
Advantages: fast, safe and compact.
Disadvantages: Clear text transmission shared key, prone to midway hijacking and eavesdropping; as the number of participants increases, the number of keys expands rapidly ((n × (n-1)) / 2); because the number of keys is too large The management and storage of keys is a big problem; digital signatures and non-repudiation are not supported.
Block Encryption of DES Algorithm: Pre-segment the data packets to be encrypted into a number of blocks of the same size (64 bits), encrypt them block by block using the DES algorithm; if there are not enough block boundaries, add data to fill the block boundaries, these additions The data will cause the encrypted data to be slightly larger than the original data.
If you want to pass ccie exam quickly, I will recommend you a stable ccie security 400-251 dumps to you. you can also get ccna rs 200-125 dumps from evedumps. good luck to you. Above come from Evedumps tags.
(1) IPSec itself does not specify which algorithms to use, only provides a framework, the user can choose any supported algorithm, if the algorithm is cracked, it can be replaced at any time. The parameters used are as follows:
<1> hash function: MD5, SHA1;
<2> Encryption algorithm: DES, 3DES, AES;
<3> Encapsulation Protocol: AH, ESP;
<4> Encapsulation mode: transmission mode, tunnel mode;
<5> Key validity period: 60s~86400s.
(2) Hash function
The hash function, also called the hash function, functions to verify data integrity (to prevent data from being tampered with), and commonly used algorithms: MD5, SHA1.
The original file uses the hash function to calculate the hash value A. After the peer receives the file, the same function is used to calculate the hash value B of the file, and the hash values A and B are compared. If the file is the same, the file has not been tampered with.
Features: The hash value is fixed at a fixed length, MD5 is 128bit, and SHA1 is 160bit.
Avalanche effect: Modify any of the characters and the resulting hash value will change dramatically.
Irreversible: The hash value can only be calculated from the file, and the original file cannot be obtained by reverse the hash value.
Uniqueness: There are no two different files with the same hash value.
The problem with the hash algorithm: only guarantee that the data has not been tampered with, can not authenticate the data source, and is prone to attack by the middle.
HMAC (Keyed-hash Message Authentication Code): Keyed hash information authentication code.
(3) Encryption algorithm
The plaintext data is encrypted into ciphertext data by an algorithm (to prevent data from being eavesdropped).
Symmetric algorithm: Both encryption and decryption use the same key and algorithm for encryption and decryption.
Mainstream symmetric encryption algorithms: DES, 3DES, AES, RC4.
Asymmetric algorithm: A key encrypted information must be decrypted using another key, public key encryption private key decryption, private key encryption public key decryption, and digital signature of data.
Mainstream asymmetric encryption algorithms: RSA, DH, ECC.
<1> Symmetric algorithm
Advantages: fast, safe and compact.
Disadvantages: Clear text transmission shared key, prone to midway hijacking and eavesdropping; as the number of participants increases, the number of keys expands rapidly ((n × (n-1)) / 2); because the number of keys is too large The management and storage of keys is a big problem; digital signatures and non-repudiation are not supported.
Block Encryption of DES Algorithm: Pre-segment the data packets to be encrypted into a number of blocks of the same size (64 bits), encrypt them block by block using the DES algorithm; if there are not enough block boundaries, add data to fill the block boundaries, these additions The data will cause the encrypted data to be slightly larger than the original data.
If you want to pass ccie exam quickly, I will recommend you a stable ccie security 400-251 dumps to you. you can also get ccna rs 200-125 dumps from evedumps. good luck to you. Above come from Evedumps tags.
评论
发表评论