Section 21.207 Selecting Secure Protocols

Question 1

Secure Protocols

Answer 1

■ Choose secure protocols to protect data in transit from unauthorised access

Examples include HTTP vs. HTTPS, FTP vs. SFTP, Telnet vs. SSH

■ Secure protocols use encryption to safeguard data during transmission

Question 2

Protocol

Answer 2

Set of rules or procedures for transmitting data between electronic devices

Question 3

Telnet

Answer 3

Application layer protocol that allows a user on one computer to log onto another computer that is part of the same network

● Transmits in plaintext

● This is vulnerable so you should use SSH instead

Question 4

Always use the encrypted version of the protocol

Answer 4

Examples:
○ HTTPS
○ SFTP
○ SSH
○ IMAPS
○ POP3S
○ SMTPS
○ SNMPS

Question 5

Port Selection

Answer 5

Ports are logical constructs used to identify processes or services on a system

Categorised into the following:
● Well-known ports (0-1023)
● Registered ports (1024-49151)
● Dynamic/private ports (49152-65535)

■ Default port numbers often indicate whether a protocol is secure (e.g., HTTP on port 80 vs. HTTPS on port 443)

■ Additional security considerations:
● Follow the principle of least privilege by opening only necessary ports to
minimize the attack surface
● Changing port numbers can add a layer of obscurity but should not
replace robust security measures

Question 6

Transport Methods

Answer 6

Choose a transport method (TCP or UDP) based on the application’s needs

Question 7

Transport Methods

TCP (Transmission Control Protocol)

Answer 7

Connection-oriented, ensuring data delivery without errors

● Ideal for applications where data accuracy is crucial, like web and email
servers

● Uses acknowledgments, retransmission, and sequencing for data integrity

Question 8

Transport Methods

UDP (User Datagram Protocol)

Answer 8

Connectionless and faster, but doesn’t guarantee data delivery

● Suitable for applications prioritizing speed over accuracy, like streaming
video or gaming