3.1 Secure Protocols

Question 1

List all of the secure protocols

Answer 1

SRTP
NTPsec 
S/MIME 
HTTPS 
IPSec
FTPS
SFTP
LDAPS
SSH
SST/TLS

Question 2

SRTP

Answer 2

Secure Real Time Transport Protocol

Port: 3389 UDP

Encryption: AES
Hash: HMAC-SHA1

Question 3

NTPsec

Answer 3

Just know it may be on the test as a secure protocol.

Question 4

S/MIME

Answer 4

Secure Multipurpose Internet Mail Extensions

Uses encryption and digital signatures.

Can be used in Outlook, GMail, AppleMail etc.

Provides authentication, integrity, non-repudiation.

Question 5

Secure POP

Answer 5

Port: 994 TCP

Uses a STARTTLS extension to encrypt with SSL

Question 6

Secure IMAP

Answer 6

Port: 993 TCP

You can opt-in for SSL

Question 7

Browser based Mail (Gmail, Hotmail, Yahoo)

Answer 7

Your browser will always use SSL for these

Question 8

HTTPS

Answer 8

Port: 443 TCP

Uses public key cryptography to transfer symmetric key

Question 9

IPsec

Answer 9

OSI Layer 3 - Used in VPN’s

Uses Internet Key Exchange (IKE)

Provides:

Confidentiality (encryption)
Integrity (hashing)
Authentication (key exchange)

By using:

Uses Authentication Header (AH) (Integrity, Authentication)

and

Encapsulation Security Payload (ESP) (Integrity, Authenticity, Confidentiality)

Question 10

Internet Key Exhange

Answer 10

Uses X.509 certificates

Used by IPsec to create a secure tunnel by encrypting the connection between authenticated peers.

3 Modes - Main, Aggressive, Quick

Phase 1 (Main or Aggressive only) 
- Connection by Diffie Hellman and shared secret key for more encryption.  Authentication then by pre shared key (shared secret),  signature or public key encryption.  Tunnel inside tunnel is established.

Phase 2 (Quick Mode) - Security Association established

Question 11

What is a Security Association

Answer 11

The establishment of a secure connection and shared security information using X.509 certificates or cryptographic keys.

Question 12

LDAPS

Answer 12

Port: 636 TCP/UDP

Uses SSL, SASL, X.509 certificates

The protocol for using a directory service

Used in Windows, Apple, OpenLDAP

Question 13

SASL

Answer 13

Simple Authentication and Security Layer

Provides authentication using many different methods

Question 14

SSH

Answer 14

Port: 22 TCP

Used for remote controlling of other devices.

SSH requires a server (daemon) and an SSH (client)

The client connects to the server to control it.

SSH 2.0 uses Diffie Hellman and Message Authentication Code

Question 15

DNSsec

Answer 15

Port: 53 UDP

DNS Security Extensions

Validates where info came from and insures integrity using digital signatures.

Question 16

SNMPv3

Answer 16

Port: 161 UDP
Port: 162 TCP/UDP (SNMP Trap)

Uses 3DES or AES

Provides confidentiality (encryption)
Integrity (hashing)
Authentication

Question 17

DHCP

Answer 17

In active directory, DHCP servers must be authorized since DHCP has no secure version.

Some switches will have “trusted” configurations. If the switch sees DHCP from an untrusted interface, the switch will block it. On CISCO switches, this is called “DHCP Snooping”

Question 18

What is a DHCP Attack?

Answer 18

Attackers can use DHCP starvation attacks.

The attacker creates many spoofed MAC addresses to exhaust the DHCP pool

It creates a DOS attack.

Switches can be configured to limit the number of MAC address that come from a specific interface.

Question 19

SSL/TLS

Answer 19

Fun fact, it was developed for e-commerce.

Uses X.509 digital certificates then symmetric cryptography.

Can be attacked using a downgrade attack. Configure your webserver to not support downgrades.

Question 20

PPTP

Answer 20

Port: 1723 TCP/UDP

Protocol that encapsulates PPP (point to point protocol)

Uses CHAP authentication which is bad.

Question 21

L2TP

Answer 21

Port: 1701 UDP

No inherent security. Mostly uses IPSec for encryption

Question 22

FTPS
and
SFTP

Answer 22

FTP with SSL - Port 989/990 TCP

FTP with SSH - Port: 22 TCP/UDP

These are not the same