CISA Certified Information Systems Auditor – Question2178
Which of the following statement correctly describes the difference between IPSec and SSH protocols? A. IPSec works at the transport layer where as SSH works at the network layer of an OSI Model B. IPSec works at the network layer where as SSH works at the application layer of an OSI Model C. IPSec works at the network layer and SSH works at the transport layer of an OSI Model D. IPSec works at the transport layer and SSH works at the network layer of an OSI Model
Correct Answer: B
Explanation:
Explanation:
For CISA exam you should know below information about SSH and IPSec protocol
SSH – A client server program that opens a secure, encrypted command-line shell session from the Internet for remote logon. Similar to a VPN, SSH uses strong cryptography to protect data, including password, binary files and administrative commands, transmitted between system on a network. SSH is typically implemented between two parties by validating each other’s credential via digital certificates. SSH is useful in securing Telnet and FTP services, and is implemented at the application layer, as opposed to operating at network layer (IPSec Implementation)
IPSec – The IP network layer packet security protocol establishes VPNsvia transport and tunnel mode encryption methods. For the transport method, the data portion of each packet referred to as the encapsulation security payload(ESP) is encrypted, achieving confidentiality over a process. In the tunnel mode, the ESP payload and its header’s are encrypted. To achieve non-repudiation, an additional authentication header (AH) is applied. In establishing IPSec sessions in either mode, Security Association (SAs) are established. SAs defines which security parameters should be applied between communication parties as encryption algorithms, key initialization vector, life span of keys, etc. Within either ESP or AH header, respectively. An SAsis established when a 32-bit security parameter index (SPI) field is defined within the sending host. The SPI is unique identifier that enables the sending host to reference the security parameter to apply, as specified, on the receiving host. IPSec can be made more secure by using asymmetric encryption through the use of Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows the key management, use of public keys, negotiation, establishment, modification and deletion of SAs and attributes.
For authentication, the sender uses digital certificates. The connection is made secure by supporting the generation, authentication, distribution of the SAs and those of the cryptographic keys.
The following were incorrect answers:
The other options presented are invalid as IPSec works at network layer where as SSH works at application layer of an OSI Model.
Reference:
CISA review manual 2014 Page number 352 and 353
Please disable your adblocker or whitelist this site!