Network Security Question in Checkpoint Firewall IPSec VPN and Encryption Method

Network Security Question in Checkpoint Firewall

Lecture 2 IPSec VPN and Encryption Method:

1. What is Authenticity, Confidentiality and Integrity? 


Authenticity: Verifies that the packet received is actually from the claimed sender. It verifies the authenticity of sender. Pre-shared Key, Digital Certificate are some methods that can be used for authentication. 

Confidentiality: Encrypts the message content through encryption so that data is not disclosed to unauthorized parties. Encryption algorithms include 

DES (Data Encryption Standard), 3DES (Triple-DES), AES (Advanced Encryption Standard)

Integrity: Ensure that the contents of the packet have not been altered in between by man-in-middle. Hash algorithm includes MD5, SHA.

2. What is Symmetric and Asymmetric Encryption?

Symmetric Encryption:  In symmetric encryption, a single key is used both to encrypt and decrypt traffic. It is also referred as shared key of shared secret encryption. Symmetric encryption algorithms include DES, 3DES, AES.

Asymmetric Encryption:  In Asymmetric encryption two keys are used to encrypt and decrypt traffic, one for encryption and other for decryption.

3. What is IPSec VPN?

IP Security VPN means VPN over IP Security (Network Layer Security). It allows two of more users to communicate in a secure manner by authenticating and encrypting each IP packet of a communication session. It provides data confidentiality, data integrity and data authentication between participating peers.

IPSec VPN Support  both IPv4 and IPv6. It work on layer 3 i.e Network Layer. It is open standard protocol. 

IPSec have three flavor of protocol which it use for VPN:

1. ESP ( Encapsulation Security Payload):  ESP provide CIA i.e confidentiality, Integrity and Authenticity. It use port number 50 for communication between two IPSec Peers. Also it offer anti-reply protection. 

Anti-Replay Protection: It works on sequence number. The sender increment the sequence number after each transmission, and the receivers checks the S.N and reject the packet if it is out of sequence.

For example if sender send sequence number 100, 101, 102, 103 with data and receiver receive sequence number 100, 101, 95, 103 then receiver reject the data when he got sequence number 95.

AH ( Authentication Header): It use port no 51 for communication between IPSec Peers. It is used to protect the integrity and authenticity of the data and offers anti-replay protection. But it does not support confidentiality of data.

SA (Security Association): Security Association is a bundle of algorithm which support ESP and AH. ISAKMP provide framework for authentication and key exchange. 
SA is a one-way relationship between a sender and a receiver that defines the security services that are provided to a user. 
SA is unidirectional. It defines the operations that occur in the transmission in one direction only. Bi-directional transport of traffic requires a pair of SAs. 

To Download pdf file for : Checkpoint Interview Question_VPN_Part_2

To see Complete Animated Video on all these topic. Please click on below video and don't forgot to subscribe our YouTube channel. 


Post a Comment

Popular posts from this blog

Download IOS Image for Router

tcpdumps in Checkpoint Firewall