3.1 Flashcards
Protocol
Allow different components from a computer to talk using using a commonly shared set of commands.
Domain Name System Security Extensions (DNSSEC)
DNSSEC is a set of extensions to the DNS protocol that enable origin authentication of DNS data, authenticated denial of existence, and data integrity. DNSSEC responses are authenticated but not encrypted so that unauthorized DNS responses won’t be interpreted as correct. Authenticated denial of existence allows a resolver to validate if a domain doesn’t exist.
UDP/TCP port 53.
Secure Shell (SSH)
Encrypted remote terminal program for servers. SSH uses asymmetric encryption but may also require an independent source of trust with a server.
TCP port 22
Secure/Multipurpose Internet Mail Extensions (S/MIME)
While MIME sends binary data in plaintext via email, S/MIME uses a public key encryption for signing of MIME data in emails. It provides cryptography. It is built into a majority of modern email software today. It provides authentication, message integrity, and nonrepudiation in e-mails.
Secure Real-time Transport Protocol (SRTP)
Used to securely deliver audio and video over IP networks. SRTP provides encryption, message authentication and integrity, and replay protection to the RTP data.
Port 5004(UDP)
Lightweight Directory Access Protocol over SSL (LDAPS)
LDAPS uses an SSL/TLS tunnel to connect LDAP services and transmit them securely.
LDAPS communication: TCP 636
LDAPS communication to a global server: TCP 3269
File Transfer Protocol, Secure (FTPS)
Implementation of FTP over an SSL/TLS secure channel. Only TLS is used for FTPS
Data connection port: TCP 989
Control connection port: TCP 990
SSH File Transfer Protocol (SFTP)
Use of FTP over an SSH channel. Leverages SSH to secure FTP transfers. SFTP uses TCP port 22.
Simple Network Management Protocol, Version 3 (SNMPv3)
An application-layer protocol that is a part of the IP suite of protocols and can be used to manage and monitor devices. These include network devices, computers, and other devices over an IP network.
Port 161/162.
If presented with a network device management scenario, remember the only secure version of SNMP is SNMPv3.
Hypertext Transfer Protocol over SSL/TLS (HTTPS)
The use of SSL/TLS (now mainly TLS) to encrypt a channel that HTTP traffic is transmitted. TLS replaced SSL because it was outdated and not as secure.
Uses port 443
IPSec
IPSec is a set of protocols that securely exchange packets at the network layer. The set of protocols are designed to provide access control, connectionless integrity, traffic-flow confidentiality, rejection of replayed packets, data security (encryption), and data origin authentication.
IPSec has two defined modes: transport and tunnel
IPSec has three modes of connection: host-to-server, server-to-server, and host-to-host.
Authentication Header (AH) / Encapsulated Security Payload (ESP)
To provide traffic security, AH and ESP have been defined for IP datagrams.
AH ensures the integrity of the data and also the authenticity of the data’s origins. AH protects the IP and this enables data origin authentication.
ESP provides security services for the higher-level protocol portion of the packet only.
AH protects integrity, but not privacy. ESP provides confidentiality, but no integrity.
Tunnel/Transport
Transport mode encrypts only the data portion of the packet but not the source or destination IP addresses.
Tunnel mode provides encryption of source and destination IP addresses as well as the data itself. It can only be done between IPSec servers or routers because final destination needs to be known for delivery.
Post Office Protocol (POP) / Internet Message Access Protocol (IMAP)
110 for POP3
143 for IMAP
POP3S TCP port 995
IMAPS TCP port 993
Voice and Video
Voice and video are frequently streaming media and, as such, have their own protocols for the encoding of the data streams. To securely transfer this material, you can use the Secure Real-time Transport Protocol (SRTP), which securely delivers audio and video over IP networks.
