CISSP IPSec & Key Management



n  Operates at the network layer

n  Allows multiple and simultaneous tunnels

n  Encrypt and authenticate IP data

n  Focuses more on Network to Network Connectivity


VPN Devices

n  Hardware and Software devices that utilize VPN Standards

n  Two types: IPSec Compatible and Non-IPSec Compatible


IPSec Compatible

n  Installed on a networks perimeter and encrypt traffic between the two

n  Because IPSec only work with IP

n  Operate at Network Layer

Two Modes:

Tunnel Mode – entire packet is encrypted and encases in IPSec packet

Transport Mode – Only datagram is encrypted leaving IP address visible.

Datagram: A self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination.


Non-IPSec Compatible

n  Common non-IPSec compatible include SOCKS, PPTP and SSH

n  SOCKS is not traditional VPN protocol but is robust and operates at Application Layer.

n  PTP implemented in Win95 and NT

n  Multiprotocol and uses PAP and CHAP user authentication.

n  Compresses Data

n  End-to-End encryption

n  Secure Shell SSH-2

n  Not strictly VPN but can be used as one with Terminal Session


Firewall Based VPNs

n  Frequently available with Third Generation (Stateful Inspection) Firewalls

n  Operate at the Application layer

n  Performance degradation is often a problem


Data Networking Basics


Data Network Types:

n  Local Area Network (LAN)

n  Wide Area Network (WAN)

n  Internet, Intranet, and Extranet


Local Area Networks – LAN

n  Discrete network for limited geographical area like a building or a single floor

n  Two most popular LANs are:

CAN – Campus Area Network – connects multiple buildings with each other over switched backbone

MAN – Metropolitan Area Network – LAN over a city wide metropolitan area.

n  Both CAN and MAN can have a connection to WAN


Wide Area Networks – WAN

n  Network of sub networks that interconnect LANs over large geographic areas.

n  WAN is basically everything outside of LAN



n  The Internet is a WAN originally funded by the DOD

n  Uses TCP/IP



n  Internet like logical network that uses a companies internal physical network structure

n  More security and control than Internet

n  Uses Internet tools like browsers.



n  Extranet can be accessed by users outside of the company, (i.e. vendors and partners) but not the general public.

n  Includes some type of authentication or encryption

Leave a Reply

Your email address will not be published. Required fields are marked *