Implementing Security Protocols

Question 1

Protocols

Answer 1

Act as a common language allowing different components to talk using a common, known set of commands.

Question 2

Secure Protocols

Answer 2

Those that have built-in security mechanisms, so that by default security can be enforced via the protocol.

Question 3

DNS

Answer 3

The Domain Name Service is a protocol for the translation of names into IP addresses.

When users enter a name such as www.example.com, the DNS system converts this name into the actual numerical IP address.

Question 4

DNSSEC

Answer 4

Domain Name System Security Extensions is a set of extensions to the DNS protocol that, through the use of cryptography, enables origin authentication of DNS data, authenticated denial of existence, and data integrity, but does not extend to availability or confidentiality.

Question 5

SSH

Answer 5

The Secure Shell (SSH) protocol is an encrypted remote terminal connection program used for remote connections to a server.

SSH uses asymmetric encryption but generally requires an independent source of trust with a server, such as manually receiving a server key, to operate.

SSH uses TCP port 22 as its default port.

Question 6

MIME

Answer 6

Multipurpose Internet Mail Extensions is a standard for transmitting binary data via an e-mail.

E-mails are sent as plaintext files, and any attachments need to be encoded so as to fit the plaintext format, and MIME specifies how this is done with base64 encoding.

Because it is plaintext, there is no security associated with the attachments; they can be seen by any machine between the sender and receiver.

Question 7

S/MIME

Answer 7

Secure/Multipurpose Internet Mail Extensions is a standard for public-key encryption and signing of MIME data in e-mails.

S/MIME is designed to provide cryptographic protections to e-mails and is built into the majority of modern e-mail software to facilitate interoperability.

Question 8

SRTP

Answer 8

The Secure Real-time Transport Protocol (SRTP) is a network protocol for securely delivering audio and video over IP networks.

SRTP uses cryptography to provide encryption, message authentication and integrity, and replay protection to the RTP data.

Question 9

LDAP

Answer 9

Lightweight Directory Access Protocol is the primary protocol for transmitting directory information.

Directory services may provide any organized set of records, often with a hierarchical structure, and are used in a wide variety of situations including Active Directory datasets.

By default, Lightweight Directory Access Protocol (LDAP) traffic is transmitted insecurely.

Question 10

LDAPS

Answer 10

Lightweight Directory Access Protocol Secure (LDAPS) is LDAP used with SSL/TLS.

LDAPS uses a TLS/SSL tunnel to connect LDAP services. Technically, this method was retired with LDAPv2, and replaced with Simple Authentication and Security Layer (SASL) in LDAPv3. SASL is a standard method of using TLS to secure services across the internet.

LDAPS communication occurs over port TCP 636.

LDAPS communication to a global catalog server occurs over TCP 3269.

When connecting to ports 636 or 3269, SSL/TLS is negotiated before any LDAP traffic is exchanged.

Question 11

SASL

Answer 11

Simple Authentication and Security Layer

Question 12

FTPS

Answer 12

The implementation of FTP over an SSL/TLS secured channel. This supports complete FTP compatibility, yet provides the encryption protections enabled by SSL/TLS.

FTPS uses TCP ports 989 and 990.

Question 13

SFTP

Answer 13

The use of FTP over an SSH channel. This leverages the encryption protections of SSH to secure FTP transfers.

Because of its reliance on SSH, it uses TCP port 22.

Question 14

SNMPv3

Answer 14

The Simple Network Management Protocol version 3 (SNMPv3) is a standard for managing devices on IP-based networks.

SNMPv3 was developed specifically to address the security concerns and vulnerabilities of SNMPv1 and SNMPv2.

Question 15

SNMP

Answer 15

Simple Network Management Protocol (SNMP) is an application layer protocol, part of the IP suite of protocols, and can be used to manage and monitor devices, including network devices, computers, and other devices connected to the IP network.

All versions of SNMP require ports 161 and 162 to be open on a firewall.

Question 16

SSL

Answer 16

Secure Socket Layer is an application of encryption technology developed for transport-layer protocols across the web.

This protocol uses public-key encryption methods to exchange a symmetric key for use in confidentiality and integrity protection as well as authentication.

Question 17

TLS

Answer 17

Transport Layer Security (TLS) is an IETF standard for the employment of encryption technology and replaces SSL.

Using the same basic principles, TLS updates the mechanisms employed by SSL. Although sometimes referred to as SSL, it is a separate standard.

The standard port for SSL and TLS is undefined, for it depends upon what the protocol that is being protected uses; for example, port 80 for HTTP becomes port 443 when it is for HTTPS.

Question 18

HTTPS

Answer 18

Hypertext Transfer Protocol Secure (HTTPS) is the use of SSL or TLS to encrypt a channel over which HTTP traffic is transmitted. Because of issues with all versions of SSL, only TLS is recommended for use.

HTTPS is the most widely used method to secure HTTP traffic.

HTTPS uses TCP port 443.

Question 19

HTTP

Answer 19

Hypertext Transfer Protocol.

This uses port 80. However, when it is secured as HTTPS, then it uses port 443.

Question 20

Secure POP/IMAP

Answer 20

refers to POP3 and IMAP over an SSL/TLS session.

Secure POP3 utilizes TCP port 995 and Secure IMAP uses TCP port 993.

Question 21

SRTP

Answer 21

Secure Real-time Transport Protocol (SRTP) securely delivers audio and video over IP networks.

Question 22

NTP

Answer 22

Network Time Protocol (NTP) is the standard for time synchronization across servers and clients.

NTP is transmitted over UDP port 123.

Question 23

E-mail and Web

Answer 23

Both native plaintext-based systems. HTTPS, which relies on SSL/TLS, is used to secure web connections. The use of HTTPS is widespread and common. Keep in mind that SSL is no longer considered secure.

E-mail is a bit more complicated to secure, and the best option is via S/MIME, slso discussed previously in this chapter.

Question 24

FTP

Answer 24

File Transfer Protocol is not secure, but SFTP and FTPS are secure alternatives that can be used.

Question 25

Directory Services

Answer 25

Use LDAP as the primary protocol. When security is required, LDAPS is a common option, as described previously. Directory services are frequently found behind the scenes with respect to logon information.

Question 26

Remote Access

Answer 26

The means by which users can access computer resources across a network. Securing remote access can be done via many means, some for securing the authentication process and others for the actual data access itself. As with many situations that require securing communication channels or data in transit, organizations commonly use SSL/TLS to secure remote access. Depending upon the device being accessed, a variety of secure protocols exist.

For networking equipment, such as routers and switches, SSH is a secure alternative to Telnet.

For servers and other computer connections, access via VPN, or use of IPSec, is common.

Question 27

DNS

Answer 27

Domain Name Resolution is performed primarily by the DNS protocol. DNS is a plaintext protocol and the secure version, DNSSEC, is not widely deployed as yet.

Question 28

DNSSEC

Answer 28

Domain Name System Security Extension

Question 29

Routing and Switching

Answer 29

The backbone functions of networking in a system.

Question 30

Network Address Allocation

Answer 30

Functions in a network require multiple decision criteria, including the reduction of complexity and the management of device names and locations.

Question 31

Subscription Services

Answer 31

The management of data flows to and from a system based on either a push (publish) or pull (subscribe) model.

Managing what data elements are needed by which nodes is a problem that you can tackle by using directory services, such as LDAP.

Question 32

SaaS

Answer 32

Software as a Service (SaaS) is where software is licensed on a subscription basis.