FILE TRANSFER USE CASE

They can be used for various use cases related to secure file transfer& list identifies several encryption protocols used to encrypt data-in-transit.

1. SSH 2. SSL 3. TLS 4. IPsec 5. SFTP 6. FTPS

Some common use cases related to transferring files are

1.Transmit data over the network 2.Ensure confidentiality when transmitting data over a network 3.Ensure administrators connect to servers using secure connections.

File Transfer Use Case

Data-in-transit is any traffic sent over a network. When data is sent in cleartext, attackers can use a protocol analyzer to capture and read it. You can protect the confidentiality of Personally Identifiable Information (PII) and any other sensitive data-in-transit by encrypting it. U CAN encrypt data-at-rest, which is data stored on any type of medium.

Basic protocols used to transfer data over a network:

FTP TFTP

FTPS

File Transfer Protocol Secure (FTPS) is an extension of FTP and uses TLS to encrypt FTP traffic. Some implementations of FTPS use TCP ports 989 and 990. However, TLS can also encrypt the traffic over the ports used by FTP (20 and 21). Notice that the difference between SFTP and FTPS is that SFTP uses SSH and FTPS uses TLS.

IPsec

Internet Protocol security (IPsec) is used to encrypt IP traffic. It is native to IPv6 but also works with IPv4. IPsec encapsulates and encrypts IP packet payloads and uses Tunnel mode to protect virtual private network (VPN) traffic. IPsec includes two main components: 1. Authentication Header (AH) identified by protocol ID number 51 2.Encapsulating Security Payload (ESP) identified by protocol ID number 50. It uses the Internet Key Exchange (IKE) over UDP port 500 to create a security association for the VPN.

SSL Versus TLS

SSL has been compromised and is not recommended for use. Poodle is short for Padding Oracle on Downgraded Legacy Encryption. The SSL protocol is not maintained or patched, so this vulnerability remains. This is one of the reasons that the U. S. government and many other organizations prohibit the use of SSL to protect any sensitive data. TLS is the recommended replacement. While TLS can be used in almost any implementation that previously used SSL, the two aren't the same protocol. Still, you will often see both SSL and TLS mentioned as if they are the same. SSL is compromised and TLS should be used instead.

SSL

SSL. The Secure Sockets Layer (SSL) protocol was the primary method used to secure HTTP traffic as Hypertext Transfer Protocol Secure (HTTPS). SSL can also encrypt other types of traffic, such as SMTP and Lightweight Directory Access Protocol (LDAP). However, it has been compromised and is not recommended for use.

TLS

TLS. The Transport Layer Security (TLS) protocol is the designated replacement for SSL and should be used instead of SSL. Additionally, many protocols that support TLS use STARTTLS. STARTTLS looks like an acronym, but it isn't. Instead, it is a command used to upgrade an unencrypted connection to an encrypted connection on the same port.

TFTP

Trivial File Transfer Protocol (TFTP) uses UDP port 69 and is used to transfer smaller amounts of data, such as when communicating with network devices. Many attacks have used TFTP, but it is not an essential protocol on most networks. Because of this,administrators commonly disable it.

Summary of FILE TRANSFER

Secure Shell (SSH) encrypts traffic over TCP port 22. Transport Layer Security (TLS) is a replacement for SSL and is used to encrypt many different protocols. Secure FTP (SFTP) uses SSH to encrypt traffic. FTP Secure (FTPS) uses TLS to encrypt traffic.

FTP

File Transfer Protocol (FTP) uploads and downloads large files to and from an FTP server. By default, FTP transmits data in cleartext, making it easy for an attacker to capture and read FTP data with protocol analyzer. FTP active mode uses TCP port 21 for control signals and TCP port 20 for data. FTP passive mode (also known asPASV) uses TCP port 21 for control signals, but it uses a random TCPport for data. If FTP traffic is going through a firewall, this random port is often blocked, so it is best to disable PASV in FTP clients.

SFTP

Secure File Transfer Protocol (SFTP) is a secure implementation of FTP. It is an extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format. SFTP transmits data using TCP port 22.

SSH

Secure Shell (SSH) encrypts traffic in transit and can be used to encrypt other protocols such as FTP. Linux administrators often used Telnet when remotely administering systems, but this is not recommended because Telnet sends traffic over the network in cleartext. Instead, administrators commonly use SSH to remotely administer systems. Secure Copy (SCP) is based on SSH and is used to copy encrypted files over a network. SSH can also encrypt TCP Wrappers, a type of access control list used on Linux systems to filter traffic. When SSH encrypts traffic, it uses TCP port 22.