A company has client computers that run Windows 8.1. The client computer systems frequently use IPSec tunnels to securely transmit data.
You need to configure the IPSec tunnels to use 256-bit encryption keys. Which encryption type should you use?
Correct Answer: D
http://technet.microsoft.com/en-us/library/dd125356%28v=ws.10%29.aspx Descriptions of the IPsec Algorithms and Methods
Data encryption algorithms are used to provide confidentiality to the data payload of an IPsec-protected network packet. Encryption algorithms can be very computationally intensive and can significantly impact computer performance. We recommend that you only encrypt network traffic that requires encryption. If you find that encryption impacts performance more than expected, consider using a network adapter that supports IPsec task offload.
DES is a block cipher encryption protocol that uses a 56-bit key and is documented in Federal Informa- tion Processing Standards Publication 46-3 (http://go.microsoft.com/fwlink/?linkid=128014). A block ci- pher is an encryption algorithm that operates on a fixed size block of data. DES encrypts data in 64-bit blocks using a 64-bit key. The key appears to be a 64-bit key, but one bit in each of the 8 bytes is used for error checking, resulting in 56 bits of usable key.
Triple-DES or 3DES is an encryption protocol that provides stronger encryption than DES. It is docu- mented in Federal Information Processing Standards Publication 46-3 (http://go.microsoft.com/fwlink/? linkid=128014). 3DES is a block cipher that uses a three-step encryption process that is more secure than DES. A block cipher is an encryption algorithm that operates on a fixed size block of data.
AES-CBC 128, 192, and 256
The AES in Cipher Block Chaining mode (AES-CBC) encryption algorithms are part of the NSA “Suite B” and are documented in RFC 3602 (http://go.microsoft.com/fwlink/?linkid=127990). AES is documented in Federal Information Processing Standards Publication 197 (http://go.microsoft.com/fwlink/? linkid=127986). The AES algorithm is a symmetric block cipher that can encrypt and decrypt information in data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. Longer key lengths provide better security at the cost of CPU performance due to the more intensive computational re- quirements. Cipher block chaining (CBC) is used to hide patterns of identical blocks of data within a packet. An initialization vector (an initial random number) is used as the first random block to encrypt and decrypt a block of data. Different random blocks are used in conjunction with the secret key to en- crypt each successive block. This ensures that identical sets of unsecured data (plaintext) result in unique, encrypted data blocks.
AES-GCM 128, 192, and 256
AES-GCM is both an integrity and encryption algorithm and is described in the Integrity algorithms sec- tion.