Security Operations: Examining Secure network protection Flashcards
How does the TCP 3 - way handshake process work?
1.SYN
2SYNACK
3.ACK
4.Communication made
How does the TLS handshake work?
The TLS (Transport Layer Security) handshake is a process that establishes a secure connection between a client (e.g., a web browser) and a server (e.g., a web server). During this process, both parties authenticate each other, negotiate encryption algorithms, and exchange cryptographic keys. Here’s a step-by-step explanation of how the TLS handshake works:
Step-by-Step TLS Handshake Process
1. ClientHello
The client initiates the handshake by sending a ClientHello message to the server.
This message includes:
The TLS version supported by the client.
A randomly generated number (client random).
A list of supported cipher suites (encryption algorithms).
A list of supported compression methods.
Any additional extensions (e.g., Server Name Indication (SNI)).
- ServerHello
The server responds with a ServerHello message.
This message includes:
The TLS version chosen by the server.
A randomly generated number (server random).
The chosen cipher suite.
The chosen compression method.
Any additional extensions. - Server Certificate
The server sends its Certificate message, which contains the server’s digital certificate.
The certificate is used to authenticate the server and includes the server’s public key. - Server Certificate
The server sends its Certificate message, which contains the server’s digital certificate.
The certificate is used to authenticate the server and includes the server’s public key. - Server Key Exchange (optional)
If the chosen cipher suite requires it, the server sends a Server Key Exchange message.
This message contains additional key exchange parameters. - Certificate Request (optional)
The server may request a certificate from the client by sending a Certificate Request message.
This is used for mutual authentication if required. - ServerHello Done
The server sends a ServerHello Done message to indicate that it has finished its part of the handshake. - Client Certificate (optional)
If the server requested a certificate, the client sends its Certificate message.
This message contains the client’s digital certificate. - Client Key Exchange
The client sends a Client Key Exchange message.
This message contains the pre-master secret, encrypted with the server’s public key.
The pre-master secret is used to generate the session keys. - Certificate Verify (optional)
If the client sent a certificate, it sends a Certificate Verify message.
This message is used to prove that the client owns the private key corresponding to the certificate. - Change Cipher Spec (Client)
The client sends a Change Cipher Spec message to indicate that it will start using the negotiated encryption and MAC algorithms.
This message is always encrypted using the session keys. - Finished (Client)
The client sends a Finished message, which is the first encrypted message sent using the session keys.
This message contains a hash of all previous handshake messages. - Change Cipher Spec (Server)
The server sends a Change Cipher Spec message to indicate that it will start using the negotiated encryption and MAC algorithms. - Finished (Server)
The server sends a Finished message, encrypted using the session keys.
This message contains a hash of all previous handshake messages.
Secure File Server Protocols?
LDAPS 636
SFTP,SCP/TCP 22
SMBv3 445
Secure Email Server?
SMPTPS 587 (sending)
IMAPS - 993
POP3S - 995
