Sec+ misc items

Question 1

What ports and protocols are used for DNS

Answer 1

UDP/TCP 53
Secure protocol is DNSSEC and uses TCP port 53 as UDP can not be larger than 512 bytes
DNS queries use UDP port 53
Uses digital signatures to validate signature match.
Resource Records Set (RRset) zone signing key

Question 2

File Transfer Protocol (FTP) & FTPS

Answer 2

FTP 
port TCP 20 (data port)
port TCP 21 (command port)
FTPS
TCP 21 FTPES (File tranfer protocol explicate mode.
TCP 990 (implicit mode) control port
TCP 989 data port

Question 3

SFTP

Answer 3

port TCP 22
Secure Shell (SSH)

Question 4

HTTP & HTTPS

Answer 4

HTTP TCP port 80

HTTPS TCP port 443 (uses Secure Socket Layer (SSL) or Transport Layer Security (TLS))

Question 5

Internet Message Access Protocol (IMAP)

IMAPS

Answer 5

Incoming mail protocol
IMAP TCP 143
IMAPS TCP 993 (TLS)

Question 6

Lightweight Directory Access Protocol (LDAP)

and LDAPS

Answer 6

UDP/TCP 389
LDAPS UDP/TCP 636-uses SSL(TLS) encryption.
Uses a digital certificate on server that is hosting directory services to set up a secure tunnel for credential exchange

Question 7

Post Office Protocol (POP3)-Incoming mail protocol)

POPS

Answer 7

POP3-TCP 110

POP3S-TCP 995 (uses TLS)

Question 8

Real-time Transport Protocol (RTP) and RTPS

Answer 8

RTP-UDP 16384-32767
RTPS-UDP 5004
(uses TLS tunnel for
Real-time Transport Protocol (RTP) to pass through

Question 9

Session Initiation Protocol (SIP) and SIPS

Answer 9

SIP-Port 5060 for queries

SIPS-Port 5061 (establishes a TLS tunnel to encrypt session packets)

Question 10

simple Network Management Protocol (SNMP) and SNMPv3

Answer 10

SNMP-stores device info in a Management Information Base (MIB).
port UDP 161 (GET requests to receive info from devices)
port UDP 162 (TRAP data-a service report that indicates problems like a port failure)
SNMPv3-

Question 11

Telnet-unsecure

SSH-secure

Answer 11

Telnet-TCP 23 (sends info in clear or plain text)

SSH-TCP 22 (uses certificate or key based authentication)

Question 12

RADIUS (Remote authentication dial-in Service)

Answer 12

UDP 1812 or 1645 for authentication messages

UDP 1813 or 1646 for accounting messages

Question 13

TACACS+

Terminal Access Controller Access Control System

Answer 13

TCP 49

It is a remote authentication protocol used by CISCO that works with AAA

Question 14

Keberos

Answer 14

Port 88 (inbound port must be open (not blocked by firewall) to work

Question 15

SMTP and SMTPS

Simple Mail Transport Protocol (outgoing email protocol)

Answer 15

SMTP- Port 25
SMTPS- 465 (implicit mode is deprecated)-uses a secure connection before data is called implicit)
STARTTLS 587 (upgrades SMTP connection to use TLS or explicit TLS mode)

Question 16

SQL Sever

Answer 16

Port 1433

Question 17

Syslog

Answer 17

Port UDP 514

Question 18

Remote Desktop Protocol (RDP)

Answer 18

port 3389

Question 19

Network Time Protocol (NTP) and NTS (Network Time Secure)

Answer 19

Port 123 (use TLS)
Receives UTC from an atomic clock from Stratum 1 server

Question 20

Trivial File Transfer Protocol (TFTP)

Answer 20

TCP port 69

Question 21

rpcbind
msrpc
netbios-ssn
microsoft-ds

Answer 21

rpcbind-TCP 111
msrpc-tcp 135
netbios-tcp 139
microsoft-ds-tcp445

Question 22

VOIP H.323

Answer 22

VOIP H.323-port 1720

Question 23

X.509 digital certificates

Answer 23

• Standard format for digital certs (DER, CER,
• format can take different forms
• can sue openssl or similar app to view the certs

Question 24

(DER) Distinguished Encoding Rules

Answer 24

• Common format used across many platforms
• designed to transfer syntax for data structures
• Perfect for use in X.509 certs
• Comes in binary format (not readable by humans)
• common with Java certs

Question 25

PEM (Privacy-Enhanced mail)

Answer 25

• Common format, primarily used for web servers as they can be translated through a text editor
• Base64 encoded DER cert that is in ASCII format to send by email
• generally format used by CAs
• supported on many different platforms

Question 26

PCS#12 (Public Key Cryptography Standard #12)

Answer 26

Personal information exchange format

• Container format for many certs
• can store many X.509 certs in a single .p12 or .pfx file
• often used to transfer a public and private key pair
• container can be password protected for this reason
• Extended from Microsoft .pfx format
  
  • Personal Info exchange (PFX)
  • 2 standards are similar and often used interchangeably

Question 27

CER (certificate)

Answer 27

An SSL cert file format used by web servers to help verify the indentity and security of a website

• Primarily a Windows .X509 file extension
  
  • common format for Windows certs i/e .cer extension to import and export
• can be encoded as binary DER format or as the ASCII PEM format
• in this case the private key would be transferred in the .pfx format

Question 28

P7B-PKCS#7 (Public Key Cryptography Standard#7)

Answer 28

• Cryptography Message Syntax Standard
  
  • associated with the .p7b file
• Stored in ASCII format
• common to use this format to send certs and chain certificate
• private keys are not included in a .p7b file
• wide platform support seen in Windows and Java Tomcat

Question 29

PFX (Personal Exchange Format)

Answer 29

• A binary format for storing a server certificate, intermediate certificates, and the private key in one encryption file.
• often interchangeable with PKCS#7