VPN

VPN multiple choice exam

http://compnetworking.about.com/od/vpn/l/aa012101a.htm 

What is a Virtual Private Network (VPN)?

A Virtual Private Network (VPN) uses advanced encryption and tunneling to establish secure, private network connections over "third-party" networks. Using the Cisco VPN Client will allow the University of Michigan community to access the University network via the Internet over a secure, encrypted connection from their machines.

 Does using a VPN make all of my network traffic secure?

No. The VPN only adds security to traffic that goes over the tunnel. If using the wireless profile, it encrypts the traffic from your computer to the VPN concentrator located on the UMnet Backbone. If you use the Cisco VPN Client from off-campus, only the traffic from your computer to U-M resources located on the UMnet Backbone is encrypted. All traffic to non U-M sites is sent in the clear.

To ensure that all of your network traffic is secure (including your password) once it hits the Internet, you should always use encrypted protocols such as SSH, SFTP, SCP, and SSL.

Why use the VPN from home?

Services such as Microsoft Exchange and Windows file sharing are not always available to off-campus computers, without a U-M IP address. Typically, the users affected are those who are connecting from home, using a commercial Internet Service Provider (ISP).
In order to be able to use services like Exchange from home, you must use a Virtual Private Network (VPN) client. Connecting with the Cisco VPN Client will give you a U-M IP address so that you may access these services.

What is the difference among the profiles?

There are two profiles provided for U-M faculty, staff, students and sponsored affiliates: UMVPN - All Traffic and UMVPN - Only U-M Traffic. Both of these profiles are treated as an on-campus U-M network:

• UMVPN - All Traffic — All traffic, no matter the destination, is sent over the encrypted tunnel to the VPN server on the UMnet Backbone.
• UMVPN - Only U-M Traffic — Only traffic that is destined for a resource on the UMnet Backbone is sent over the VPN tunnel. All other traffic is sent out your network connection as normal.

A third profile is provided for alumni and retirees. This profile is treated as a non-UM network:

• UMVPN - Alumni-Retiree — All traffic, no matter the destination, is sent over the encrypted tunnel to the VPN server on the UMnet Backbone.

Traffic that is sent over the VPN tunnel is only encrypted to the VPN server. To ensure that all of your network traffic is secure (including your password) once it hits the Internet, you should always use encrypted protocols such as SSH, SFTP, SCP, and SSL.

What IP address will my VPN client be assigned?

Connecting with the UMVPN - All Traffic, UMVPN - Only U-M Traffic or UMVPN - All Traffic will give you a U-M IP address so that you may access many University services. The IP address assigned will be between 141.213.168.10-141.213.175.255. If you want to create a rule on a local machine to either deny or allow access from this range you should use the network of 141.213.168.0/21
Connecting with the UMVPN - Alumni-Retiree profile will provide a secure connection to the UMnet Backbone but the connection will be treated like a non-UM network. Access to some U-M resources such as Library journals is not available. The IP address assigned will be in the 35.xx.xx.xx. pool.

How do I upgrade to the newest version of the Cisco VPN Client?

The newest version of the Cisco VPN Client is available from this website. If you are running an older version of the client, it is recommended that you upgrade to this version. Many issues have been resolved with this new version; see the Cisco Release Notes for VPN Client for more information.
To upgrade your Cisco VPN Client in Windows, you will first need to manually uninstall the old version of the client:

1. From the Start menu, select Settings > Control Panel > Add or Remove Programs.
2. Select VPN Client from the program list, and click the Change/Remove button.
3. When it asks if you want to completely remove the Cisco VPN Client, including Profiles and Certificates, click OK.
4. You will be asked to reboot your machine. Click OK.
5. After your machine boots up, download the newest version of the Cisco VPN Client from this site, and install it.

For Mac OS X, first download the new Cisco VPN Client installer from this website to your desktop. Open the compressed file and double-click on the Cisco VPN Client.mpkg icon to launch the installer. You do not need to uninstall the old client before installing the new client; the installer will prompt you to simply Upgrade your current installation. A reboot will be necessary.

How do I import a new profile into the Cisco VPN Client?

Importing a profile into the Cisco VPN Client is quick and easy. For Windows and Mac OS X, simply follow these steps:

1. Download a copy of the new profile to your desktop.
2. Start the Cisco VPN Client and click the Import button.
3. Browse to your desktop, select the new profile that you just downloaded, and click OK.

You should now be ready to use the new profile with your Cisco VPN Client. Make sure to highlight the correct profile listed in the Connection Entries before clicking the Connect button.
In Linux:

1. Change directories to /etc/CiscoVPNClient and create a Profiles directory.
2. Copy the {profile}.pcf file into the Profiles directory.

Where can I get a previous version of the Cisco client?

Using older versions of the Cisco VPN client is not usually recommended. However, there may be some situations in which a user may need to downgrade to a previous version. We recommend you contact the ITS Service Center (4-HELP) for assistance before downgrading the VPN client on your machine.

I installed the Cisco VPN Client successfully, and it appears I have a network connection, but I cannot connect to sites on the Internet. Why is this happening?

There are a few ways to troubleshoot this problem. In the majority of cases, though, the issue is having old or outdated drivers installed for your network card. Updating the drivers for your network card will usually resolve the connection problem.
To obtain the newest drivers, search the website of the company that makes your network card. Manufacturers often post updated drivers on their sites for free download. Another tip is to execute a search on your favorite search engine. A typical search would include the make and model/number of your card, as well as the word drivers. For example: Cisco Aironet 340 drivers
After you download the drivers, it is quite simple to update them. For example, in Windows, follow these steps:

1. Right-click on My Computer and select Properties.
2. Click the Hardware tab.
3. Click the Device Manager button.
4. Find your network card under the Network adapters section of the hardware list, and double click its icon.
   Note: If the drivers for your network card have not been properly installed at all, you will find your network card listed under the Other devices section (shown next to a big, yellow question mark ).
5. In the resulting window, click the Driver tab.
6. Look at the Driver Date and Driver Version, and make sure the drivers you downloaded from the manufacturer's site are newer. If so, click the Update Driver button.
7. The Hardware Update Wizard will appear. Click the button next to Install from a list or specific location (Advanced), and click Next.
8. Click the Browse button to find the folder on your Desktop that contains the updated drivers you downloaded, and click Next.
9. The Wizard will update your drivers automatically. You will need to reboot your computer when the Wizard completes.

If updating the drivers of your network card still does not fix the connection problem, you may need to uninstall then reinstall the Cisco VPN Client. This is especially important if you are running an older version of the Client than what is offered on this website. Make sure your Network Connections (in the Control Panel) are NOT part of a Network Bridge.
If the problem persists after completing all of the troubleshooting steps described above, please call the ITS Service Center (4-HELP) and a staff member will help troubleshoot your problem further.

How can I see the status of my VPN connection? How can I disconnect?

After you authenticate to the VPN server, there will be a bright yellow padlock icon appearing in the System Tray (lower-right corner) next to your clock. If the lock icon appears "locked," it means you are authenticated. If the lock icon appears "unlocked," it means that you are not authenticated and are not connected to the Internet.
To see the status of your VPN connection, right-click on the padlock and select Statistics. This will give you the status of your connection, as well as the option to disconnect.
If the Cisco VPN Client is not running, the padlock will not appear in the system tray.

What is Trusted and Untrusted Networks?

Trusted networks: Such Networks allow data to be transferred transparently. The machines using a trusted network are usually administered by an Administrator to ensure that private and secured data is not leaked. Access to this network is limited. Computers using trusted networks are more secured and confidential because of strong firewalls.
Untrusted networks: Such networks are usually administered by the owners. They can allow improper access to sensitive or personal data. These machines are usually separate. Such machines could me more prone to attacks

What is the Cisco Systems VPN Adapter?

The VPN Adapter is a "software-only" driver that provides an interface to solve protocol incompatibility problems. With this installed, more applications are able to run while connected with the Cisco VPN Client. Removing this adapter from your Network Connections Control Panel may cause the Cisco VPN Client to stop working properly.
See the Cisco Release Notes for VPN Client for more information on the VPN Adapter.

What are the different types of VPN?

• Remote Access VPN:- Also called as Virtual Private dial-up network (VPDN) is mainly used in scenarios where remote access to a network becomes essential. Remote access VPN allows data to be accessed between a company’s private network and remote users through a third party service provider; Enterprise service provider. E.g Sales team is usually present over the globe. Using Remote access VPN, the sales updates can be made.
• Site to Site VPN – Intranet based: This type of VPN can be used when multiple Remote locations are present and can be made to join to a single network. Machines present on these remote locations work as if they are working on a single network.
• Site to Site VPN – Extranet based: This type of VPN can be used when several different companies need to work in a shared environment. E.g. Distributors and service companies. This network is more manageable and reliable.

What are the different authentication methods used in VPNs?

The authentication method uses an authentication protocol. The methods are:

• EAP authentication method: Extensible authentication protocol authenticates remote access connection. The authentication mechanism is decided between the remote VPN client and authenticator (ISA). The mechanism is typical in which authenticator requests for authentication information and the responses are given by the remote VPN client.
• MS Chap Authentication method: Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) starts with the authenticator (Remote access server) challenge. The challenge to the remote access client sends a session identifier and challenge string. The client in response sends the nonreversible encryption of the string, the identifier and password. Authenticator checks the credentials and grants access on a successful authentication.
• Unencrypted passwords (PAP):- Uses plain text passwords. Does not involve encryption. Used for less secure clients.
• Shiva Password Authentication Protocol (SPAP):- It is a password authentication protocol. It is less secure as the same user password is always sent in the same reversibly encrypted form