Network security Interview Question

Q. What is a firewall?
A: A firewall is used to provide security to the private networks connected to the internet. They
can be implemented as hardware or software, or a combination of both. All incoming and
outgoing network traffic are examined and accepted/rejected by the firewall as per defined rules.
Q. What are the types of Firewall?
A: Packet Filtering (Work on Network Layer)
Application Firewall or Proxy (Work on Application Layer)
Circuit Level Firewall (Work On session Layer)
Stateful Firewall (Work all the Layers)

Q. What is the difference between network gateway and a firewall?

A: A network gateway joins two networks together and a network firewall protects a computer
network against unauthorized incoming or outgoing access. Network firewalls may be hardware
devices or software programs.
Q. What is the difference between IPS and a firewall?
A: The primary function of a firewall is to prevent/control traffic flow from an untrusted network
(outside). A firewall is not able to detect an attack in which the data is deviating from its regular
pattern, whereas an IPS can detect and reset that connection as it has inbuilt anomaly detection.
Q. What is a transparent firewall?
A: A transparent firewall is considered as Layer 2. Deploying a new firewall into a network can
be a complicated process due to various issues (e.g. IP address reconfiguration, network topology
changes, current firewall etc.) because the firewall is not a routed hop and you can easily
introduce a transparent firewall into an existing network.
Q. What is packet filtering?
A: Packet filtering is the process of permitting or blocking ip packets based on source and
destination addresses, ports, or protocols. The packet filter examines the header of each packet
based on a specific set of rules, and on that basis, decides to prevent it from passing or allow.
Packet filtering is also part of a firewall program for protecting a local network from unwanted
access.
Q. Difference between PIX Firewall and ASA?

Pix Firewall:   Dedicated Hardware.

PIX OS similar to IOS.

GUI Tool – PDM, used for secure configuration, Mgmt. & Monitoring.
Stateful packet filtering.
Not support Web VPN (SSL VPN).

ASA:   Hardware firewall includes Firewall, IPS (intrusion Prevention System),

Anti-X, Security Appliance, Anti Malware.
GUI Tool – ASDM, used for secure configuration, Mgmt. & Monitoring.
Stateful packet filtering.
Support Web VPN (SSL VPN).

Q. Define Stateful inspection?

A: Stateful inspection is known as dynamic packet filtering and is a firewall technology that
monitors the state of active connections and uses this information to determine which network
packets are allowed through the firewall. Stateful inspection analyses packets down to the
application layer.
Q. What is Authorization?
A: Authorization is a security mechanism used to determine user/client privileges or access levels
related to network resources, including firewalls, routers, switches and application features.
Authorization is normally preceded by authentication and during authorization. It’s system that
verifies an authenticated user’s access rules and either grants or refuses resource access.
Q. What is Stateful failover?
A: Every time a session is created for a flow of traffic on the primary node, it is synced to the
secondary node. When the primary node fails, sessions continue to pass traffic through the
secondary node without having to re-establish.
Q. How do you check the status of the tunnel’s phase 1 & 2 ?
A: Use following commands to check the status of tunnel phases:
Phase 1 : show crypto isakmp and State : MM_ACTIVE
Phase 2 : show crypto ipsec sa
Note: if you have lot of tunnels and the output is confusing use a ‘show crypto ipsec sa peer
12.12.12.12 command instead.
Q. What is SSL VPN? How it is different from IPsec VPN?
A: SSL VPN provides remote access connectivity from almost any internet enabled location
without any special client software at a remote site. You only need a standard web browser and
its native SSL encryption.
IPsec is a dedicated point-to-point fixed VPN connection where SSL VPNs provides anywhere
connectivity without any configuration or special software at remote site.
Q. What is GRE and why is it required?
A: Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route
other protocols over IP networks.
GRE enables a wrapper to be placed around a packet during transmission of the data. A receiving
GRE removes the wrapper, enabling the original packet to be processed by the receiving stack.
Advantages of GRE tunnels include the following:
 GRE tunnels connect discontinuous sub-networks.
 GRE tunnels allow VPNs across wide area networks (WANs).
 GRE tunnels encase multiple protocols over a single-protocol backbone.
 GRE tunnels provide workarounds for networks with limited hops.
Q. Firewalls work at what layer? Define firewall generations and their roles.
A: Firewalls work at layer 3, 4 & 7. First generation firewalls provide packet filtering and they
generally operate at layer 3 (Network Layer). Second generation firewalls operate up to the
Transport layer (layer 4) and records all connections passing through it and determines whether a
packet is the start of a new connection, a part of an existing connection, or not part of any
connection. Second generation firewall is mainly used for Stateful Inspection.
Third generation firewalls operate at layer 7. The key benefit of application layer filtering is that
it can “understand” certain applications and protocols (such as File Transfer Protocol (FTP),
Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)).

Q. What is DoS attack? How can it be prevented?

A: DoS (Denial of Service) attack can be generated by sending a flood of data or requests to a
target system resulting in a consume/crash of the target system’s resources. The attacker often
uses ip spoofing to conceal his identity when launching a DoS attack.
Q. What is IP Spoofing?
A: An IP spoofing attack enables an attacker to replace its identity as trusted for attacking host.
For example, if an attacker convinces a host that he is a trusted client, he might gain privileged
access to a host.
Q. What are the security-levels in cisco ASA?
A: ASA uses security levels to determine the parameters of trust given to a network attached to
the respective interface. The security level can be configured between 0 to100 where higher
number are more trusted than lower. By default, the ASA allows packets from a higher (trusted)
security interface to a lower (untrusted) security interface without the need for an ACL explicitly
allowing the packets.
Q. What is AAA?
A: AAA stands for authentication, authorization and accounting, used to control user’s rights to
access network resources and to keep track of the activity of users over a network. The current
standard by which devices or applications communicate with an AAA server is the Remote
Authentication Dial-In User Service (RADIUS).
Q. What is IPS? How does it work?
A: An Intrusion Prevention System (IPS) is a network security/threat prevention technology that
examines network traffic flows to detect and prevent vulnerability exploits. An Intrusion
Prevention System can play a good role to protect against various network security attacks such
as brute force attacks, Denial of Service (DoS) attacks, and vulnerability detection. Moreover, an
IPS also ensures prevention against protocol exploits.
Intrusion Prevention System uses four types of approaches to secure the network from intrusions
which include:
 Signature-Based
 Anomaly-Based
 Policy-Based
 Protocol-Analysis-Based
 VPN Interview Questions and Answers

Q. What is VPN?

Virtual Private Network (VPN) creates a secure network connection over a public network such
as the internet. It allows devices to exchange data through a secure virtual tunnel. It uses a
combination of security features like encryption, authentication, tunneling protocols, and data
integrity to provide secure communication between participating peers.
Q. What are the different types of VPN?
Answer:

 Remote Access VPN:- Also called as Virtual Private dial-up network (VPDN) is mainly
used in scenarios where remote access to a network becomes essential. Remote access VPN
allows data to be accessed between a company’s private network and remote users through a
third party service provider; Enterprise service provider. E.g Sales team is usually present over
the globe. Using Remote access VPN, the sales updates can be made.
 Site to Site VPN – Intranet based: This type of VPN can be used when multiple Remote
locations are present and can be made to join to a single network. Machines present on these
remote locations work as if they are working on a single network.
 Site to Site VPN – Extranet based: This type of VPN can be used when several different
companies need to work in a shared environment. E.g. Distributors and service companies. This
network is more manageable and reliable.

Q. What is IP-Sec?
IP Sec: Set of rules for securing data communication across a public, untrusted network such as
the Internet.
Q. What is VPN and describe IPsec VPN
A: Virtual Private Network (VPN) creates a secure network connection over a public network
such as the internet.
IPsec VPN means VPN over IP Security allows two or more users to communicate in a secure
manner by authenticating and encrypting each IP packet of a communication session.
Q. What is VPN & Types explain them?
VPN: Virtual Private Network – Establishing connection between two private networks (trusted
sites) over the internet (Untrusted sites) is called VPN.
Types of VPN:
 Site to Site VPN
Remote Access VPN
Site to Site VPN: Connect branch office to Head office. Branch office users can use the
resources such as email, files, printers are located in head office. Site to Site VPN user IPSEC to
provide data Security.
Remote Access VPN: Remote Access VPN provides secure access for remote users. Remote
users required VPN client software to connect & access the office resource from the remote
location or home.

Q. What is the difference between Cisco VPN Client and Anyconnect VPN Client?

A. The underlying protocol used by the client are different, IPSec client will use IKE where Any
Connect will use SSL encryption. There is difference in the compatibility with OS (support in
vista both 32 and 64 bit, win XP, win 2k, MAC OS X, and RED HAT linux version 9 or
higher ) , wherein it is required to install the package initially or pushed from ASA, and no admin
privilege are required subsequently, hence less admin overheads required for installing and
maintaining IPSec Client.

Q. I have AnyConnect configured but whenever I tried to connect it through web it connect
as clientless VPN rather running Any Connect profile. What could be issue? 

A. We will have to check the configuration from the ASA. However, the common issue will be
that SVC protocol is not enabled in the group-policy

Q. What is Site to Site and Remote Access VPN?

A site-to-site VPN allows offices in multiple locations to establish secure connections with each
other over a public network such as the Internet.
Remote Access VPN allows Remote users to connect to the Headquarters through a secure tunnel
that is established over the Internet. The remote user is able to access internal, private web pages
and perform various IP-based network tasks.
There are two primary methods of deploying Remote Access VPN:-
1.Remote Access IPsec VPN.
2. Remote Access Secure Sockets Layer (SSL) VPN.

Q. What is Authentication, Confidentiality & Integrity?

Authentication - Verifies that the packet received is actually from the claimed sender. It verifies
the authenticity of sender. Pre-shared Key, Digital Certificate are some methods that can be used
for authentication.

Integrity - Ensures that the contents of the packet has not been altered in between by man-in-
middle. Hashing Algorithm includes MD5, SHA.
Confidentiality - Encrypts the message content through encryption so that data is not disclosed to
unauthorized parties. Encryption algorithms include DES (Data Encryption Standard), 3DES
(Triple-DES), AES (Advanced Encryption Standard).

Q. What is Symmetric and Asymmetric Encryption?

In symmetric encryption, a single key is used both to encrypt and decrypt traffic. It is also
referred as shared key or shared secret encryption. Symmetric encryption algorithms include
DES, 3DES, AES.
In Asymmetric encryption two keys are used to encrypt and decrypt traffic, one for encryption
and one for decryption. The most common asymmetric encryption algorithm is RSA.
Q. What is IPSec VPN?
IP Security Protocol VPN means VPN over IP Security. It allows two or more users to
communicate in a secure manner by authenticating and encrypting each IP packet of a
communication session. IPsec provides data confidentiality, data integrity and data authentication
between participating peers.
Q. Different between IPSEC VPN (Client Base) & SSL (Clientless)?
IPSEC VPN – Full access VPN client installed in PC or Laptop. IPSEC initiate by VPN client
software.
SSL VPN – Initiate via browser https:// ASA address it will ask username and password. Cookies
should be enable.
Q. What is Cisco ANY Connect – VPN Client Process?
A. Cisco any connect VPN client using IPSEC and UDP.
VPN Client Process:
Client Starts IKE Phase 1 – Pre-shared Key
Client Propose IKE SA’s
Server accept SA proposal
Server initiate challenge (send Username and password)
Server configuration (DNS, Domain Name, IP)
Group level authentication.

Q. If i want to configure VPN over web what should i need to know?

A. For Any Connect VPN over Web TCP port 443 should be open (unless changed). If DTLS is
used; ISP should also have the DTLS port to be opened on the path. By Default on ASA TLS and
DTLS port are configured to 443.

Q. Can I enable Web VPN with Any Connect Essential License?

A.  No. We cannot enable Web VPN with Any Connect Essential license as the license is specific
for Any Connect only. You need to give the command Any Connect essential on the Web VPN
to disable Web VPN feature on the ASA.

Q. Is Client Authentication supported in SSL VPN?

A. Yes. Client Authentication is supported in SSL VPN including Any Connect. Client
Certificate is also supported. The ASA can check the Client Certificate and you can have the
certificate maps as well. Similar to LDAP Map Certificate Map can also be created. The user who
belongs to a department called sales will have the certificate with the OU as sales. This user is
automatically binded to the sales group.

Q. At what layer IPsec works?

IPsec secures IP traffic at the Layer 3 (Network Layer) of the OSI model.
Q. Name a major drawback of IPSEC?
IPSec only supports unicast IP traffic.
Q. What is the difference between Transport and Tunnel mode?
Tunnel mode - Protects data in network-to-network or site-to-site scenarios. It encapsulates and
protects the entire IP packet—the payload including the original IP header and a new IP header
(protects the entire IP payload including user data).
Transport mode - Protects data in host-to-host or end-to-end scenarios. In transport mode, IPsec
protects the payload of the original IP datagram by excluding the IP header (only protects the
upper-layer protocols of IP payload (user data)).
IPSec protocols AH and ESP can operate in either transport mode or tunnel mode.
Q. What are the three main security services that IPSec VPN provides?
IPsec offers the following security services:-
1.Peer Authentication.
2. Data confidentiality.
3. Data integrity.
Q. Define Digital Signatures?
Digital signature is an attachment to an electronic message used for security purposes. It is used
to verify the authenticity of the sender.
Q. What is Authorization?
Authorization is a security mechanism used to determine user/client privileges or access levels
related to network resources, including firewalls, routers, switches and application features.
Authorization is normally preceded by authentication and during authorization, It’s system that
verifies an authenticated user’s access rules and either grants or refuses resource access.
Q. What are the 3 protocols used in IPSec?
1. Authentication Header (AH).
2. Encapsulating Security Payload (ESP).
3. Internet Key Exchange (IKE).
Q. Explain IPsec Protocol Headers?
1. Encapsulating Security Payload (ESP) - It is an IP-based protocol which uses port 50 for
communication between IPsec peers. ESP is used to protect the confidentiality, integrity and
authenticity of the data and offers anti-replay protection.
Drawback - ESP does not provide protection to the outer IP Header
2.Authentication Header (AH) - It is also an IP-based protocol that uses port 51 for
communication between IPsec peers. AH is used to protect the integrity and authenticity of the
data and offers anti-replay protection.
Unlike ESP, AH provides protection to the IP header also.
Drawback - AH does not provide confidentiality protection.
Q. How ESP & AH provides anti-replay protection?
Both ESP and AH protocols provide an anti-reply protection based on sequence numbers. The
sender increments the sequence number after each transmission, and the receiver checks the
sequence number and reject the packet if it is out of sequence.
Q. What is IKE?
It is a hybrid protocol that implements Oakley and SKEME key exchanges inside the Internet
Security Association and Key Management Protocol (ISAKMP) framework. It defines the
mechanism for creating and exchanging keys. IKE derives authenticated keying material and
negotiates SAs that are used for ESP and AH protocols.
Q. At what protocol does IKE works?
IKE uses UDP port 500.
Q. Explain how IKE/ISAKMP Works?
IKE is a two-phase protocol-
Phase 1 
IKE phase 1 negotiates the following:-
1.It protects the phase 1 communication itself (using crypto and hash algorithms).
2. It generates Session key using Diffie-Hellman groups.
3. Peers will authenticate each other using pre-shared, public key encryption, or digital signature.
4. It also protects the negotiation of phase 2 communication.
There are two modes in IKE phase 1:-
Main mode - Total Six messages are exchanged in main mode for establishing phase 1 SA.
Aggressive mode - It is faster than the main mode as only three messages are exchanged in this
mode to establish phase 1 SA. It is faster but less secure.
At the end of phase 1, a bidirectional ISAKMP/IKE SA (phase 1 SA) is established for IKE
communication.
Phase 2
IKE phase 2 protects the user data and establishes SA for IPsec.
There is one mode in IKE phase 2:-
Quick mode - In this mode three messages are exchanged to establish the phase 2 IPsec SA.
At the end of phase 2 negotiations, two unidirectional IPsec SAs (Phase 2 SA) are established for
user data—one for sending and another for receiving encrypted data.
Q. Explain the messages exchange between the peers in IKE/ISAKMP?
Phase 1 - Main Mode
MESSAGE 1: Initiator offers Policy proposal which includes encryption, authentication, hashing
algorithms (like AES or 3DES, PSK or PKI, MD5 or RSA).
MESSAGE 2: Responder presents policy acceptance (or not).
MESSAGE 3: Initiator sends the Diffie-Helman key and nonce.
MESSAGE 4: Responder sends the Diffie-Helman key and nonce.
MESSAGE 5: Initiator sends ID, preshare key or certificate exchange for authentication.
MESSAGE 6: Responder sends ID, preshare key or certificate exchange for authentication.
Only First Four messages were exchanged in clear text. After that all messages are encrypted.
Phase 2 - Quick Mode
MESSAGE 7: Initiator sends Hash, IPSec Proposal, ID, nonce.
MESSAGE 8: Responder sends Hash, IPSec Proposal, ID, nonce.
MESSAGE 9: Initiator sends signature, hash, ID.
All messages in Quick mode are encrypted.
Q. What is Diffie-Hellman?
DH is a public-key cryptography protocol which allows two parties to establish a shared secret
over an insecure communications channel. Diffie-Hellman is used within IKE to establish session
keys and is a component of Oakley.
Q. How Diffie-Hellman works?
Each side have a private key which is never passed and a Diffie-Hellman Key (Public Key used
for encryption). When both side wants to do a key exchange they send their Public Key to each
other. for example Side A get the Public Key of Side B, then using the RSA it creates a shared
key which can only be opened on Side B with Side B's Private Key So, even if somebody
intercepts the shared key he will not be able to do reverse engineering to see it as only the private
key of Side B will be able to open it.
Q. What are Security Associations?
The SAs define the protocols and algorithms to be applied to sensitive packets and specify the
keying material to be used by the two peers. SAs are unidirectional and are established per
security protocol (AH or ESP).
Q. What is Transform set?
An IKE transform set is a combination of security protocols and algorithms. During the IPsec SA
negotiation, the peers agree to use a particular transform set for protecting a particular data flow.
Q. What are Crypto access lists?
Crypto access lists specifies which IP traffic is protected by crypto and which traffic is not
protected by crypto. To protect IP traffic "permit" keyword is used in an access list. If the traffic
is not to be protected than "deny" keyword is used in access list.
Q. What are Crypto map?
Crypto map is used to pull together the various parts used to set up IPsec SAs including:-
1.Which traffic should be protected by IPsec (crypto access list).
2. Where IPsec-protected traffic should be sent (remote IPsec peer).
3. What IPsec SA should be applied to this traffic (transform sets).
Multiple interfaces can share the same crypto map set in case we want to apply the same policy to
multiple interfaces.
If more than one crypto map is created for a given interface than use the sequence number of
each map entry to rank the map entries, the lower the seq-num argument the higher the priority.
Q. How do you check the status of the tunnel’s phase 1 & 2 ?
Use following commands to check the status of tunnel phases:-
Phase 1 - show crypto isakmp sa
Phase 2 - show crypto IPsec sa
Q. What are the commands are using to Troubleshooting IPSEC VPN on ASA?

To see ISAKMP configuration: show run crypto isakmp

To see IP-Sec configuration:  show run crypto ipsec

To see crypto map configuration: show run crypto map

To see IPsec operational data:  show crypto ipsec sa
To see ISAKMP operational data: show crypto isakmp sa
Q. Debug commands for VPN tunnels:

To debug isakmp:  debug crypto isakmp

To debug ipsec:  debug crypto ipsec
To manually clear an ISAKMP or IPSEC SA:
Clear crypto ipsec
Clear crypto isakmp
Q. To clear isakmp or ipsec sa based on ip address or crypto map:

 To clear IPsec SA counters:  Clear crypto ipsec sa counters

 To clear IPsec SAs by entry: Clear IPsec SAs entry ip address

 To clear IPsec SAs by map:  Clear IPsec SAs map cryptomap _name

 To clear IPsec SA by peer: Clear IPsec SA peer ip address

 To clear ISAKMP SA by ipaddress : clear crypto Isakmp SA ipaddress

Q. How to reset all the tunnels?
Clear crypto Isakmp sa
Q. How to reset only one tunnel rest?
Clear ipsec sa peer <Address of the other end of the tunnel>
Clear ipsec sa peer 202.192.168.12
Q. What is IPsec Virtual Tunnel Interface?
IPsec VTI is the concept of using a dedicated IPsec interface called IPsec Virtual Tunnel
Interface for highly scalable IPsec-based VPNs. IPsec VTI provides a routable interface for
terminating IPsec tunnels. VTI also allows the encrypting of multicast traffic with IPsec.
Q. What is the difference between Static Crypto Maps and Dynamic Crypto Maps?
Static Crypto Maps are used when peers are predetermined. It is basically used in IPSec site to
site VPNs.
Dynamic crypto maps are used with networks where the peers are not always predetermined. It is
basically used in IPSEC Remote Access VPNs.
There are two types of IPsec VTI interfaces:
1.Static VTI (SVTI): This can be used for site-to-site IPsec-based VPNs.
2.Dynamic VTI (DVTI): DVTI replaces dynamic crypto maps. It can be used for remote-access
VPNs.
Q. What is Cisco Easy VPN?
Remote Access VPN when implemented with IPsec is called Cisco Easy VPN. The Easy VPN is
easy to set up, with minimal configuration required at the remote client site. Cisco Easy VPN
allows us to define centralized security policies at the head-end VPN device (VPN Server) which
are then pushed to the remote site VPN device upon connection.
Q. What is DMVPN?
DMVPN allows IPsec VPN networks to better scale hub-to-spoke and spoke-to-spoke topologies
optimizing the performance and reducing latency for communications between sites.
It offers following benefits:-
1. It Optimizes network performance.
2. It Reduces router configuration on the hub.
3. Support for dynamic routing protocols running over the DMVPN tunnels.
4. Support for multicast traffic from hub to spokes.
5. The capability of establishing direct spoke-to-spoke IPsec tunnels for communication between
sites without having the traffic to go through the hub.
Q. What is SSL VPN? How it is different from IPsec VPN?
SSL VPN provides remote access connectivity from any internet enabled device through a
standard web browser and its native SSL encryption. It does not require any special client
software at a remote site. In IPsec VPN connection is initiated using a preinstalled VPN client
software so it requires installation of a special client software. In SSL VPN connection is initiated
through a web browser so it does not requires any special purpose VPN client software, only a
web browser is required.
Q. At which Layer does SSL VPN operates?
SSL is an Application layer (Layer 7) cryptographic protocol that provides secure
communications over the Internet for web browsing, e-mail and other traffic. It uses TCP port
443.
Q. What are different SSL VPN Modes?
SSL VPN can be deployed in one of the following three modes:-
1.Clientless mode - It works at Layer 7, Clientless mode provides secure access to web resources
and web-based content. This mode can be used for accessing most content that you would expect
to access in a web browser such as Internet, databases and online tools. Clientless mode also
supports common Internet file system (CIFS). Clientless mode is limited to web-based content
only. It does not provide access to TCP connections such as SSH or Telnet.
2. Thin client mode - It works at Layer 7 and is also known as port forwarding. Thin client mode
provides remote access to TCP-based services such as Telnet, Secure Shell (SSH), Simple Mail
Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP) and Post Office Protocol
(POP3) applications. Thin client is delivered via a Java applet that is dynamically downloaded
from the SSL VPN appliance upon session establishment.
3. Thick client mode - It works at Layer 3 and is also known as tunnel mode or full tunneling
client. The thick client mode provides extensive application support through dynamically
downloaded SSL VPN Client software or the Cisco Any Connect VPN client software from the
VPN server appliance. This mode delivers a lightweight, centrally configured, and easy-to-
support SSL VPN tunneling client that provides full network layer (Layer 3) access to virtually
any application.
Q. Explain SSL Handshake?
1.Client initiates by sending a CLIENT HELLO message which contains SSL version that the
client supports, in what order the client prefer the versions, Ciphersuits (Cryptographic
Algorithms) supported by the client, Random Number.
2. Server will send back a SERVER HELLO message which contains Version Number (Server
selects SSL version that is supported by both the server and the client), Cipher Suits (selected by
server the best cipher suite version that is supported by both of them), Session ID, and Random
Data.
3. Server also sends PKI certificate for authenticating himself signed and verified by Certificate
Authority along with the public key for encryption.
4. Server will than send Server Hello Done indicating that the server has finished sending its
hello message, and is waiting for a response from the client.
5. Client will sends its certificate if the server has also requested for client authentication in
server hello message.
6. Client will sends Client Key Exchange message after calculating the premaster secret with the
help of the random values of both the server and the client. This message is sent by encrypting it
with the server's public key which was shared through the hello message.
Server will decrypt the premaster secret with its private key. Now both client and server will
perform series of steps to generate session keys (symmetric) which will be used for encryption
and decryption of data exchanges during SSL session and also to verify its integrity.
7. Client will send CHANGE CIPHER SUITE message informing the server that future messages
will be encrypted using session key.
8. Client will send CLIENT FINISH (DONE) message indicating that client is done.
9. Server will also send CHANGE CIPHER SUITE message.
10. Client will also send CLIENT FINISH (DONE) message.