Section 27 - Security Protocols

Question 1

What does S/MIME stand for?

Answer 1

Secure/Multipurpose Internet Mail Extensions

Question 2

What is S/MIME?

Answer 2

This is a standard that provides cryptographic security for electronic messaging, things like email.

*** This is built into most email clients that you use

Question 3

S/MIME uses ___ session keys for each email message that’s being sent or received.

Answer 3

separate

Question 4

We can use digital IDs within Outlook or digital signatures within many different programs to give our emails authentication, integrity, and non-repudiation through ___.

Answer 4

S/MIME

Question 5

S/MIME is a way that we can encrypt our emails and their content. The problem with that is…?

Answer 5

It also encrypts all of their contents, including malware.

Question 6

What is “SSL”?

Answer 6

Secure Socket Layer

This was a way to start securing the web as we wanted to start doing ecommerce.

*** This is a cryptographic protocol that provided secure internet communications for web browsing, IM, email, VoIP, etc. It was last updated in 1996 at version three so you shouldn’t use it. It was replaced with TLS.

Question 7

What is “TLS”?

Answer 7

Transport Layer Security

*** This is the newer cryptographic protocol that provided secure internet communications. The current version in use is 1.3.

Question 8

Often times when it comes to SSL and TLS, you’ll find that people will…?

Answer 8

Call it SSL even if it’s TLS that you’re using

Question 9

How does TLS and SSL work?

Answer 9

The web browser goes out and gets the server’s public key. It, then, takes that and encrypts a random string of numbers, sends that over to the web server. Once the server gets it, they decrypt it using their private key. They will then create a symmetric tunnel between the two. That tunnel, is SSL or TLS.

Question 10

How does TLS work in conjunction with HTTPS?

Answer 10

If you want to run a secure website, you would tunnel the normal HTTP protocol through a TLS tunnel. Normally you would use HTTP over port 80 but when you tunnel it through SSL or TLS, you’re going to end up putting it on port 443, which is secure HTTP or HTTPS.

For an email, you’d use SMTP and send it over port 25. But if you want to do it securely, you establish a TLS tunnel first. That would establish a TLS tunnel over port 465 instead and your SMTP traffic would go through that tunnel.

You apply this process to IM, file transfer and other stuff.

Question 11

What is a way that people can attack TLS?

Answer 11

Downgrade attack

Question 12

What is a “downgrade attack”?

Answer 12

When a protocol is tricked into using a lower quality version instead of using the higher quality version that it was supposed to.

*** Using a weaker (lower quality) protocol makes it easier to be exploited.

Question 13

What does it mean to do a “break and inspect”?

Answer 13

As a defender of a network, it can be challenging when people use TLS connections because you can’t see what’s going on inside that tunnel. So, with break and inspect, you act as a man-in-the-middle by putting a proxy there. This requires the TLS tunnel to connect to the proxy to be inspected prior to getting to its destination.

Question 14

What is SSH?

Answer 14

Secure Shell

This is a protocol used to tunnel other protocols through.

This creates a secure channel between two computers or network devices and allows one device to control another device.

This was designed to replace Telnet.

*** For example, if you wanted to use your laptop to connect to a server to do remote execution of commands as a system admin, you would use SSH to do that.

Question 15

Why was SSH designed to replace Telnet?

Answer 15

Telnet sends everything in the clear and unencrypted

SSH, on the other hand, allows us to have an encrypted tunnel that protects our data.

Question 16

SSH is most commonly used as…?

Answer 16

A text-based remote control method for anything that you need to be able to get into and do remote control of, things like routers and switches.

Question 17

SSH operates over what port?

Answer 17

22

Question 18

What other protocols operate over port 22 aside from SSH?

Answer 18

Secure Copy
Secure FTP

*** This is because these both operate in an SSH tunnel. Yes, just like TLS you can create a tunnel for security.

Question 19

What are the three big versions of SSH?

Answer 19

Version 1
Version 1.5
Version 2

Question 20

What is a “VPN”?

Answer 20

Virtual Private Network

This is a secure connection between two or more computers or devices that aren’t on the same private network, creating a virtual private network.

Question 21

There’s three big VPN’s out there. What are they?

Answer 21

PPTP
L2TP
IPSec

Question 22

What is PPTP?

Answer 22

Point-to-Point Tunneling Protocol

This is a protocol that encapsulates PPP packets and ultimately sends data out as encrypted traffic

*** PPP is the Point-to-Point Protocol and it was originally used for dial-up connections but it’s used in combination with PPTP over port 1723 to allow servers and devices to connect to a WAN.

Question 23

How is PPTP vulnerable?

Answer 23

It uses CHAP based authentication making it vulnerable to attack

Question 24

What is “L2TP”?

Answer 24

Layer 2 Tunneling Protocol

This is going to give you a connection between two or more computers or devices that aren’t on the same private network

Question 25

How is L2TP vulnerable?

Answer 25

It provides no encryption and no confidentiality by itself.

Therefore, people usually pair it with IPSec to provide that.

Question 26

What is IPSec?

Answer 26

Provides us with the encryption and confidentiality when using L2TP which allows the ability to use PKI

Question 27

What port does IPSec operate over?

Answer 27

1701

Question 28

IPSec is going to provide confidentiality, integrity and authentication how?

Answer 28

Confidentiality - by giving us encryption

Integrity - by using hashing

Authentication - by performing a key exchange

Question 29

What does IKE stand for?

Answer 29

Internet Key Exchange

*** This is a method used by IPSec to create a secure tunnel by encrypting the connection between authenticated peers.

Question 30

What are the three different types of key exchanges?

Answer 30

Main Mode
Aggressive Mode
Quick Mode

Question 31

What is a Security Association?

Answer 31

Also known as “SA”

This is the establishment of secure connections and shared security information using certificates or cryptographic keys

*** Basically, you trust me and I trust you. We’ve shared information and now, we know each other and we’ve verified our identities.

Question 32

What is an “Authentication Header”?

Answer 32

Protocol used in IPSec that provides integrity and authentication

A header that is hashed to provide integrity and it’s often used with an ESP.

Question 33

What is an “ESP”?

Answer 33

Encapsulating Security Payload

Provides you integrity, confidentiality, and authentication for the packets by encapsulating them and encrypting them.

Question 34

IPSec can be operated in one of two modes. What are they?

Answer 34

Transport Mode
Tunnel Mode

Question 35

What is Transport mode in IPSec?

Answer 35

This is where there’s a Host-to-Host transport mode using only encryption of the payload of an IP packet but not its header

*** Think of this like a semi-truck. The cab in the front that pulls the trailer, that’s the header, that part’s not encrypted. But everything in that back trailer is encrypted.

Question 36

What is Tunnel mode in IPSec?

Answer 36

This creates an end-to-end network tunnel that’s created, that’s going to encrypt the entire IP packet, the payload, and the header.

*** This is used for sending things over the internet instead of transport because everything is protected. Typically on VPN’s because it’s the safest way to send transmissions over untrusted networks.