3.1 - Secure Protocols

Question 1

SRTP

Answer 1

• Secure Real- Time Transport Protocol
• Goal is to take RTP and add encryption (think of voice or video calls)
• Keep conversations private

Question 2

AES

Answer 2

• Advance Encryption Standard
• Encryption method used for SRTP (Secure Real-Time Transport Protocol)
• symmetrical

Question 3

HMAC-SHA1

Answer 3

• Hash-based message authentication code using SHA1 (hashing protocol)
• With SRTP, it’s not just the communication that needs to be secure, but also authentication, integrity, and reply protection

Question 4

NTP

Answer 4

• Network Time Protocol
• Classic NTP has no security features
• Exploited as amplifiers in DDoS attack
• NTP was around before 1985, example of a legacy protocol (never originally designed with security features)

Question 5

NTPSec

Answer 5

• Secure Network Time Protocol
• Added many security features and cleaned up old code
• Development began in 2015

Question 6

S/MIME

Answer 6

• Secure/Multipurpose Internet Mail Extensions
• A way to keep email secure
• Public key encryption on digital signing of mail content
• Requires a PKI (public key infrastructure) or similar organization of keys

Question 7

POP3

Answer 7

• Secure POP

- Use a STARTTLS extension to encrypt POP3 with SSL

Question 8

Secure IMAP

Answer 8

• Uses IMAP with SSL to make it more secure

Question 9

SSL/TLS

Answer 9

• Secure Socket Layer/ Transport Layer Security
• SSL is the older version, TLS is the updated version
• If your mail is browswer based, always encrypt with SSL

Question 10

HTTPS

Answer 10

• If you’re sending secure communication over SSL/TLS then you’re using HTTPS (stands for Http over TLS or SSL)
• HTTP over TLS / HTTP over SSL / HTTP Secure
• most common for of HTTPS will use public key encryption, private key on the server, symmetric session key is transferred using asymmetric encryption, security and speed

Question 11

IPSec

Answer 11

• Internet Protocol Security
• an encrypted tunnel allows you to send information over the layer 3 internet but encrypt it
• Security for OSI Layer 3
• Authentication and encryption for every packet
• includes encryption and packet signing for anti-replay features
• Very standardized (can use different manufactures equipment), makes it easy to use, multi-vendor implementations
• 2 core protocols: AH (Authentication Header) and ESP (Encapsulation Security Payload)

Question 12

AH

Answer 12

• Authentication Header
• provides integrity
• One of two IPSec protocols (Other is ESP - Encapsulation Security Payload)

Question 13

ESP

Answer 13

• Encapsulation Security Payload
• provides the encryption
• one of two IPSec protocols (other is AH - Authentication Header)

Question 14

FTPS

Answer 14

• File Transfer Protocol Secure
• Secure way to transfer files
• FTP over SSL = FTP-SSL (uses SSL to encrypt the file that’s being sent via the FTP client)
• One of the most common (the other is SFTP) - but they use completely different mechanisms to communicate

Question 15

SFTP

Answer 15

• SSH File Transfer Protocol
• This uses SSH to securely transport (not SSL like FTPS)
• Provides file system functionality
• Includes additional management capabilities: Resuming interrupted transfers, directory listings, remote file removal

Question 16

LDAP

Answer 16

• Lightweight Directory Access Protocol
• Lightweight, uses TCP / IP
• An organized set of records, like a phone directory
• Standard for LDAP written in X500 specification by the ITU (International Telecommunications Union)
• Ex: Microsoft Active Directory, Apple Open Directory, OpenLDAP, etc
• Originally DAP ran out of the OSI protocol stack, this was updated to TCP / IP and created LDAP

Question 17

ITU

Answer 17

• International Telecommunications Union

- Wrote the X.500 which governs LDAP (Lightweight Directory Access Protocol)

Question 18

LDAPS

Answer 18

• LDAP (Lightweight Directory Access Protocol Secure)

- A non-standard implementation of LDAP over SSL

Question 19

SASL

Answer 19

• Simple Authentication and Security Layer
• Provides authentication using many different methods, ie Kerberos or client certificate
• framework that many different application protocols to communicate securely.
• LDAP uses this Kerberos, client certificates etc.
• More common form of security than LDAPS

Question 20

SSH

Answer 20

• Secure Shell
• encrypted terminal communication
• Replaces Telnet (and FTP). (Telnet provided terminal screen but no encryption)
• Provides secure terminal communication screen and transfer features
• Encryption screen that encrypts communication b/n the client and server
• Very common to use SSH almost exclusively when doing any sort of terminal communication

Question 21

SSH

Answer 21

• Secure Shell
• encrypted terminal communication
• Replaces Telnet (and FTP). (Telnet provided terminal screen but no encryption)
• Provides secure terminal communication screen and transfer features
• Encryption screen that encrypts communication b/n the client and server
• Very common to use SSH almost exclusively when doing any sort of terminal communication

Question 22

DNSSEC

Answer 22

• Domain Name System Security Extensions
• Provides a way to validate information coming from a DNS server
• Provides Origin Authentication and Data Integrity

Question 23

DNSSEC

Answer 23

• Domain Name System Security Extensions
• Provides a way to validate information coming from a DNS server
• Provides Origin Authentication and Data Integrity
• This is accomplished through Public Key Cryptography

Question 24

Public Key Cryptography

Answer 24

• DNS records are signed with a trusted third party

- Signed DNS records are published in DNS

Question 25

SNMPv3

Answer 25

• Simple Network Management Protocol version 3
• If you’re querying switches/ routers for information, want to use v3
• Confidentiality (encrypted data)
• Integrity (No tampering of data)
• Authentication (Verifies the source)
• Prior to version 3, no encryption

Question 26

HTTPS

Answer 26

• Browswer-based management
• Encrypted communication
• (HTTP is insecure)

Question 27

DHCP

Answer 27

• Dynamic Host Control Protocol
• Used to automatically assign IP addresses to the devices on our network
• Does not include any built in security in original specification
• There is no “secure” version of the DHCP protocol
• in order to enhance security, we’ve added additional protocols outside of the DHCP protocol (Ex: In Active Directory, DHCP servers must be authorized - avoids rogue DHCP servers. Ex: some switches can be configured with “trusted” interfaces, only trusted sites will pass through switches. It can block untrusted sites. aka DHCP Snooping in Cisco switches)

Question 28

DHCP Snooping

Answer 28

• In Cisco switches, adding an additional layer of security to DHCP using trusted switches.
• Security feature that acts like a firewall between untrusted hosts and trusted DHCP servers
• If an untrusted site attempts to communicate through a switch that has been configured with “trusted” interfaces, it will be blocked.

Question 29

DHCP client DoS - Starvation attack

Answer 29

• Uses spoofed MAC addresses to exhaust the DHCP protocol
• Uses all the IP address in DHCP pool, which “starves” other devices
• To combat: switches can be configured to limit the number of MAC addresses that can be seen by any one particular interface. If you see a large number of MAC address suddenly appear from one interface (where you’d only expect to see one MAC address from one device) you can automatically disable it.

Question 30

Automated Subscriptions

Answer 30

• Ex: Anti-virus/ anti-/malware
• IPS updates
• Malicious IP address databases / Firewall updates
• Challenge to managing updates, each device uses different protocols and methods to run automated updates
• To combat: check for encryption and integrity checks
• may require additional public key configuration (se up a trust relationship) - certificates, IP addresses and only allow devices to receive updates from trusted/ known servers