1.4c - Other Useful Protocols: Professor Messer

Vocabulary flashcards covering ICMP, ping, TTL and destination unreachable messages, GRE, VPN concentrators, VPN basics, IPSec, AH, ESP, IKE, ISAKMP, Diffie-Hellman, phase concepts, and IPSec transport vs tunnel modes.

ICMP

Internet Control Message Protocol; a network-layer protocol used by IP to send error messages and operational information (e.g., reachability tests). It does not use TCP or UDP and is commonly used by ping to check if a device is alive on the network; ICMP can report destination unreachable and time-exceeded messages.

Ping

A utility that uses ICMP Echo Request and Echo Reply messages to test whether a host is reachable on the network.

TTL Exceeded

An ICMP message indicating that the Time To Live field of a datagram expired before reaching its destination, used for diagnosing routing problems.

Destination Unreachable

An ICMP message indicating that a destination could not be reached for a given packet.

GRE

Generic Routing Encapsulation; a tunneling protocol that encapsulates an IP packet inside another IP packet to create a tunnel. It does not provide encryption.

VPN concentrator

A device, either hardware or software, that performs VPN encryption and decryption at a central point, often inside a firewall or router, used to connect networks via a VPN.

VPN

Virtual Private Network; a secure connection over a public network that uses tunneling and encryption to protect data between two endpoints.

IPSec

Internet Protocol Security; a suite of protocols to provide confidentiality, integrity, and authentication for IP traffic across VPNs. It commonly uses AH and ESP.

AH

Authentication Header; an IPSec protocol that provides authentication and integrity for packets but does not encrypt the payload by itself.

ESP

Encapsulation Security Payload; an IPSec protocol that provides encryption of the payload and can also provide integrity and authentication via an ESP trailer.

IKE

Internet Key Exchange; a protocol that negotiates cryptographic keys and security associations for IPSec tunnels.

SA

Security Association; a unidirectional agreement that defines the keys, algorithms, and lifetimes used to protect traffic in IPSec.

ISAKMP

Internet Security Association and Key Management Protocol; the framework used in Phase 1 to negotiate IKE and establish a secure channel, typically using UDP port 500.

Diffie-Hellman

A key exchange method enabling two parties to establish a shared secret over an insecure channel, used in Phase 1 of IPSec/IKE.

Phase 1

Phase 1 of IPSec/IKE; establishes a secure channel by negotiating ISAKMP/IKE parameters and performing a Diffie-Hellman exchange.

Phase 2

Phase 2 of IPSec; negotiates the actual IPSec SAs, including cipher choices and key sizes, and uses ESP to protect the data.

Transport mode

An IPSec mode where the original IP header remains and an IPSec header is inserted; only the payload is encrypted; the outer header remains unchanged.

Tunnel mode

An IPSec mode where the entire original IP packet is encrypted and wrapped with a new IP header; provides stronger protection by hiding the original header.

ESP trailer

The part of ESP that provides integrity and authentication for the encrypted payload and accompanies the encrypted data.

Anti-replay

A feature of IPSec that prevents packets from being resent to ensure data integrity and freshness on the tunnel.