3.1 Implement secure protocols Flashcards
A security improvement to the existing DNS infrastructure. Its primary function is to provide mutual certificate authentication an encrypted sessions between devices during DNS operations.
Domain Name System Security Extension (DNSSEC)
A secure replacement for Telnet (TCP port 23) and many of the Unix “r” tools, such as rlogin, rsh, rexec, and rcp. All SSH transmissions (both authentication and data exchange) are encrypted over TCP port 22.
SSH
An Internet standard for encrypting and digitally signing email. It uses X.509 v3 standard certificates issued by a trusted CA.
Secure/Multipurpose Internet Mail Exchanger (S/MIME)
A security improvement over Real-Time Transport Protocol (RTP) that is used in many Voice over Internet Protocol (VoIP) communications. It aims to minimize the risk of VoIP DoS through robust encryption and reliable authentication.
Secure Real-Time Protocol (SRTP)
accomplished by enabling the Simple Authentication and Security Layer (SASL) on LDAP, which implements Transport Layer Security (TLS) on the authentication of clients as well as all data exchanges.
Lightweight Directory Access Protocol Over SSL (LDAPS)
An in-the-clear file-exchange solution. An FTP server system is configured to allow authenticated or anonymous FTP clients to log on to upload or download files. FTP employs TCP ports 20 and 21.
File Transfer Protocol (FTP)
A secured alternative to standard FTP that uses SSH to encrypt both authentication and data traffic.
Secured File Transfer Protocol (SFTP)
The current standard network-management protocol supported by most network devices and TCP/IP compliant hosts. It allows for encrypted communications between devices and the management console, as well as robust authentication protection customized authentication factors.
Simple Network Management Protocol, version 3 (SNMPv3)
When TLS is used to secure HTTP transactions, It can operate (with TLS) over TCP ports 443 or 80. It uses digital certificates to perform single-sided (i.e., web server only) or mutual authentication.
Hypertext Transfer Protocol over SSL/TLS (HTTPS)
A VPN protocol for IPv4 derived from the security features of IPv6. It uses public-key cryptography and symmetric cryptography to provide encryption, secure key exchange, access control, non-repudiation, and message authentication, all using standard Internet protocols and algorithms.
IPSec
A primary protocol of IPSEC that provides encryption of the transferred data as well as limited authentication.
Encapsulated Security Payload (ESP) -
In this mode IPSec provides encryption protection for both the payload and the message header by encapsulating the entire original LAN protocol packet and adding its own temporary IPSec header.
Tunnel Mode - IPSEC
These protocols are secured by implementing TLS (or SSL in the past) encryption. This converts these protocols into POPS (or POP3S) and IMAPS (or IMAP4S) and also alters their ports from 110 to 995 and 143 to 993, respectively.
Secure Post Office Protocol (POP) / Internet Message Access Protocol (IMAP)
FTP Secure/Secured, which indicates that it’s a variation of FTP secured by TLS (previously SSL).
(Page 261).
File Transport Protocol, Secured (FTPS)
FTP Secure/Secured, which indicates that it’s a variation of FTP secured by TLS (previously SSL).
File Transport Protocol, Secured (FTPS)
