3.1 Given a scenario, implement a secure protocol Flashcards
Summarize DOMAIN NAME SYSTEM SECURITY(DNSSEC)
PORT 53
DNSSEC takes advantage of DNS’s tree-like structure to digitally sign every zone file for (eventually) every domain in the DNS hierarchy. DNSSEC implements additional resource record types to DNS.
Summarize SSH
The Secure Shell (SSH) protocol was invented as a direct replacement for Telnet and other non-secure remote terminal programs. Plus, in a bit of foresight that over time has proven to be utterly amazing, SSH was designed to run in a tunneling mode, enabling any other application to run within an encrypted SSH tunnel.
Summarize SECURE/MULTIPURPOSE INTERNET MAIL EXTENTIONS (S/MIME)
S/MIME was developed from MIME, but took the concept a step further, as S/MIME enables individual e-mail clients to attach personal certificates and digital signatures to e-mail messages just like any other MIME attachment. Using these attachments, S/MIME enables users to encrypt e-mail messages to each other.
Summarize SECURE REAL-TIME TRANSPORT (SRTP)
PORT 5004
Secure Real-time Transport Protocol (SRTP), an extension to RTP that uses the same port as RTP (by default UDP 5004, although this is easily and often changed).
Summarize LIGHTWEIGHT DIRECTORY ACCESS OVER SSL(LDAPS)
389 LDAP
636 LDAPS
The CompTIA Security+ objectives mention LDAP over SSL (LDAPS) as one of the secure protocols. While this is technically true, LDAPS was deprecated right along with LDAPv2 way back in 2003. LDAPv3 uses extensions that make use of secure protocols such as TLS to provide security today.
Summarize FILE TRANSFER PROTOCOL, SECURE (FTPS)
PORT 990
File Transfer Protocol, Secure (FTPS) is a secure version of FTP that can be used over a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) secure session connection. Adding SSL or TLS enables users to perform FTP file transfers securely, using built-in encryption and authentication mechanisms (usually involving public and private keys). Unlike other applications that use SSL or TLS, FTPS uses TCP port 990.
Summarize SIMPLE NETWORK MANAGEMENT PROTOCOL, VERSION 3(SNMPv3)
PORTS 161/162
is the basis for many network management tools. SNMP uses SNMP agents, installed by default on most network devices, that respond to queries (gets) from SNMP manager programs. Agents can also be configured to send traps, asynchronous communication from agents to managers. SNMPv3 is identical to SNMPv2 but adds robust and flexible encryption.
Summarize HYPERTEXT TRANSFER PROTOCOL OVER SSL/TLS(HTTPS)
80 HTTP
443 HTTPS
Hypertext Transfer Protocol over SSL/TLS (HTTPS) sends normal HTTP traffic over an encrypted SSL or TLS connection. SSL and TLS can be used to send almost any protocol, though, providing security services for that traffic. A typical use-case scenario for substituting HTTPS for HTTP is when a client wants a Web store that can handle secure monetary transactions. HTTPS is essential for e-commerce. Another use-case scenario is with subscription services, such as Microsoft Office 365. All the big software as a service (SaaS) providers use HTTPS by default to secure authentication. HTTP uses TCP port 80, and HTTPS uses TCP port 443, the port used by SSL and TLS.
Summarize IPSEC
Internet Protocol Security (IPsec) is a security protocol that works at the Network layer of the OSI model. IPsec was developed to provide security services (authentication and encryption) for IP traffic, since IP does not have any built-in native security protections. Three major protocols make up IPsec: AH, ESP, and ISAKMP.
Summarize AUTHENTICATION HEADER(AH)
The Authentication Header (AH) protocol provides authentication and integrity services for IP traffic. AH can be used on the entire IP packet, including the header and data payload.
Summarize ENCAPSULATED SECURITY PAYLOADS(ESP)
The Encapsulating Security Payload (ESP) protocol takes care of encryption services. ESP can provide protection for the entire IP packet, depending the IPsec mode used, transport or tunnel.
Summarize TRANSPORT MODE
Between hosts on a network, the header information isn’t usually required to be encrypted, so ESP doesn’t have to be used. This is called IPsec’s transport mode. In transport mode, header information is not encrypted so that hosts and network devices can read it. The data, on the other hand, can be encrypted to protect it, even within a LAN.
Summarize TUNNEL MODE
IPsec tunnel mode is used when IP traffic is encapsulated and sent outside of a LAN, across WAN links to other networks. This is what happens in VPN implementations that use IPsec. In tunnel mode, since the IP packet is encapsulated in a tunneling protocol (such as L2TP), all the information in the packet, including headers and data payload, can be encrypted. So, ESP is typically used only in tunnel mode.
Summarize POST OFFICE PROTOCOL(POP)
TCP PORT 110
The Post Office Protocol version 3 (POP3) is an e-mail client protocol used to receive e-mail through client applications. Client applications that use POP3 access the user’s mailbox and download all the e-mail in the inbox, and then delete the mail from the server.
Summarize INTERNET MESSAGE ACCESS PROTOCOL(IMAP)
TCP PORT 143
The Internet Message Access Protocol version 4 (IMAP4) is also a client e-mail protocol. IMAP4, which uses TCP port 143 by default, can connect to an organizational or Web-based e-mail server and download client e-mail messages. It differs from POP3 in that you can have multiple connections to the server from multiple user clients, and e-mail isn’t automatically deleted from the server. Like POP3, IMAP4 is also a non-secure protocol.
