61⟩ What is Data encryption?
Data encryption ensures data safety and very important for confidential or critical data. It protect data from being read, altered or forged while transmission.
“MCSE Interview Questions and Answers will guide you that Microsoft Certified Systems Engineer (MCSE) refers to the broad certification program for Microsoft, although it can also refer to an individual candidate who had completed any one exam within the program (subject to some exclusions). This MCSE Interview Questions and Answers will help you to get preparation of MCSE job or MCSE Certification. This MCSE Interview Questions and Answers guide is based on research and latest techniques.”
Data encryption ensures data safety and very important for confidential or critical data. It protect data from being read, altered or forged while transmission.
Public key encryption use public and private key for encryption and decryption. In this mechanism, public key is used to encrypt messages and only the corresponding private key can be used to decrypt them. To encrypt a message, a sender has to know recipient’s public key.
Digital signature is an attachment to an electronic message used for security purpose. It is used to verify the authenticity of the sender.
A firewall is a hardware or software installed to provide security to the private networks connected to the internet. They can be implemented in both hardware and software, or a combination of both. All data entering or leaving the Intranet passes through the firewall which allows only the data meeting the administrators’ rules to pass through it.
TCP ensures reliable and end to end delivery of segments of information. Segments are acknowledged to the source when received by the destination. Data is broken up into segments and sequenced properly before transmission. This arrangement of segments allows destination to trace lost data in transmission.
The UDP is a connectionless, unreliable service. UDP messages can be lost and duplicated.
TCP windowing concept is primarily used to avoid congestion in the traffic. It controls the amount of unacknowledged data a sender can send before it gets an acknowledgment back from the receiver that it has received it.
Transmission control Protocol is used to establish communication between nodes or networks and exchange data packets. It guarantees delivery of data packets in the order they were sent. Hence it is most commonly used in all applications that require guaranteed delivery of data. It can handle both timeouts (if packets were delayed) and retransmission (if packets were lost). The stream of data is transmitted in segments. The segment header is 32 bit. it is a connectionless communication protocol at the third level (network) of the OSI model.
User Data Protocol is a communication protocol. It is normally used as an alternative for TCP/IP. However there are a number of differences between them. UDP does not divide data into packets. Also, UDP does not send data packets in sequence. Hence, the application program must ensure the sequencing. UDP uses port numbers to distinguish user requests. It also has a checksum capability to verify the data.
TCP guarantees the delivery of data. UDP on the other hand, does not guarantee delivery of data. TCP delivers messages in the order they were sent. UDP has no ordering mechanisms. In TCP data is sent as a stream while UDP sends data as individual packets. UDP is faster than TCP. TCP is a connection oriented protocol while UDP is connectionless.
Trusted networks:
Such Networks allow data to be transferred transparently. The machines using a trusted network are usually administered by an Administrator to ensure that private and secured data is not leaked. Access to this network is limited. Computers using trusted networks are more secured and confidential because of strong firewalls.
Untrusted networks:
Such networks are usually administered by the owners. They can allow improper access to sensitive or personal data. These machines are usually separate. Such machines could me more prone to attacks.
Virtual Private network is a network that used the public telecommunication infrastructure. This means that it used public wires to connect the nodes. E.g. Internet. VPN supports remote access to computers and allow data to be transmitted over this public network. Even though the data is transmitted over a public network, encryption and decrypting data to ensure security.
* Remote Access VPN:- Also called as Virtual Private dial-up network (VPDN) is mainly used in scenarios where remote access to a network becomes essential. Remote access VPN allows data to be accessed between a company’s private network and remote users through a third party service provider; Enterprise service provider. E.g Sales team is usually present over the globe. Using Remote access VPN, the sales updates can be made.
* Site to Site VPN – Intranet based: This type of VPN can be used when multiple Remote locations are present and can be made to join to a single network. Machines present on these remote locations work as if they are working on a single network.
* Site to Site VPN – Extranet based: This type of VPN can be used when several different companies need to work in a shared environment. E.g. Distributors and service companies. This network is more manageable and reliable.
The authentication method uses an authentication protocol. The methods are:
* EAP authentication method: Extensible authentication protocol authenticates remote access connection. The authentication mechanism is decided between the remote VPN client and authenticator (ISA). The mechanism is typical in which authenticator requests for authentication information and the responses are given by the remote VPN client.
* MS Chap Authentication method: Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) starts with the authenticator (Remote access server) challenge. The challenge to the remote access client sends a session identifier and challenge string. The client in response sends the nonreversible encryption of the string, the identifier and password. Authenticator checks the credentials and grants access on a successful authentication.
* Unencrypted passwords (PAP):- Uses plain text passwords. Does not involve encryption. Used for less secure clients.
* Shiva Password Authentication Protocol (SPAP):- It is a password authentication protocol. It is less secure as the same user password is always sent in the same reversibly encrypted form
Tunneling is a mechanism provided to transfer data securely between two networks. The data is split into smaller packets and passed through the tunnel. The data passing through the tunnel has 3 layers of encryption. The data is encapsulated. Tunneling can be approached by Point to Point tunneling protocol.
Voluntary Tunneling:
Users computer is an end point of the tunnel and acts as tunnel client. Here the client or user issues a request to configure and create a voluntary tunnel. They require a dial up or LAN connection. Example of dial up connection is internet at home where a call is made to the ISP and connection is obtained.
Compulsory tunneling:
In compulsory tunneling, instead of the user a vpn remote access server configures and creates a tunnel. Hence, the end point is the Remote sever not the user.
Tunnels that are created manually are static tunnels. Tunnels that are auto discovered are dynamic tunnels. In dynamic tunneling, tcp connections can be checked dynamically. If no connections exist that are routed through the tunnel, a check for more suitable gateway can be done. Static tunneling may at times require dedicated equipments.
Subneting is a process of breaking the network into smaller units. These units care called as subnets. Here a subnet could be several machines in a single LAN. Networks using IP can create sub networks of logical addresses. With every IP address there some of the bits in the machine can be used to identify a specific subnet. The IP address then contains three parts: the network number, the subnet number, and the machine number
Advantages of using Subneting:-
* Easier network management and trouble shooting
* Routing table’s size is reduced which means faster network transfers
* Solves network congestion problems:- Since the complete network is divided into smaller networks
* Network addresses can be decentralized e.g. the administrator of the network can monitor the subnet
Subnets that can be customized; i.e. modifying the dividing point between subnet ID and host ID to suit the needs of our network. The subnet mask that we use when creating a customized subnet is, called a custom subnet mask. This custom subnet mask is used to find the customization.