Make sure you know what each protocol is used for and what classification they fall into!
AUTHENTICATION |
Used for |
|
MS-CHAP v2 |
Mutual (2-way) Encrypted Authentication. 2000/XP/2003 |
|
MS-CHAP v1 |
Encrypted Authentication. 9x,Me, NT 4.0, 2000/XP/2003 |
|
EAP-TLS |
Mutual Encrypted Authentication for Smart Card |
|
CHAP |
Encrypted Authentication for Windows and non-Windows clients |
|
SPAP |
Encrypted Authentication for Shiva RAS clients |
|
PAP |
Unencrypted authentication. Works when nothing else does! |
DATA ENCRYPTION |
Used for |
|
MPPE |
Uses RC4 to encrypt data. Requires MS-CHAP1 or 2 or EAP |
|
IPSEC |
Uses machine based certificates. 40bit, DES (56bit), or 3 DES |
|
TUNNELING PROTOCOLS |
Used for |
|
L2TP |
For exam, 2000/xp/2003 only VPN. Needs IPSEC for encryption. Header compression. Provides machine authentication |
|
PPTP |
NT4.0 9X and greater. VPN. Encapsulates payload with GRE header (protocol ID 47). Also filter port 1723 for PPTP filters. |
|
IPSEC |
Tunnels between routers, gateways, or end-to-end systems that do not support PPTP or L2TP. Usually need Kerberos or Certificates. |
|
REMOTE ACCESS |
Used for |
|
PPP |
Primary Standard for most remote access computing. Basis for PPTP and L2TP VPN connections. |
|
ARAP |
Apple |
|
SLIP Serial Line Internet Protocol |
UNIX. MS provides client side only. Old. UNIX |
|
MS-RAS |
Old MS no longer used |
|
PPP PROTOCOLS |
Used for |
|
LCP Link Control Protocol |
LCP is used to establish and configure PPP link and framing settings such as maximum frame size. |
|
NCP Network Control Protocol |
NCPs are used to establish and configure different network protocol settings for IP and IPX.. IPCP and IPXCP |
|
IPSEC DATA SECURITY |
Used for |
|
AH Authentication Header |
Authentication and Integrity, but NO encryption |
|
ESP Encapsulating Security Payload |
ENCRYPTION, authentication and Integrity |
|
IPSEC INTEGRITY/AUTHENTICATION |
Used for |
|
SHA-1 (160 bits) |
IPSEC Protection. Slower, but more secure |
|
MD-5 (128 bit) |
Faster, but less secure |
|
IPSEC ENCRYPTION ALGORITHMS |
Used for |
|
40 bit DES |
Short key usable out of US. Faster performance |
|
56-bit DES |
Good for low security. |
|
Triple DES 168 bit |
Reduced performance, but higher security. |
|
IPSEC SECURITY KEYS |
Used for |
|
ISAKMP. Internet Security Association Key Management Protocol |
Centralizes Security Association (SA) management, reducing connection time. Filter port 500 |
|
Oakley Key |
Manages the authentication keys to secure the information |
|
ROUTING |
Used for |
|
RIP v1 Routing Information Protocol |
IP/IPX. Broadcasts. 14 hops. Vector Based. No VLSM/CIDR |
|
RIP v2 |
IP/IPX Multicasts. Simple Authentication (Clear Text). Supports VLSM/CIDR |
|
OSPF Open Shortest Path First |
Larger enterprise. Unicast. Link State Based |
|
IGMP Internet Group Message Protocol |
Multicasts. Video/voice conferencing. Windows Media Server. Can act as IGMP Proxy (Pretends to be a real MBONE server) or IGMP Router mode (Acts as a client to a MBONE server) |
|
SAP Service Advertising Protocol |
Used with Netware to locate servers and resources...like browsing |
|
BGP Border Gateway Protocol |
An Exterior Gateway Protocol (EGP) which routes between multiple AS’s |