Security Plus Gibson chapter 3
SFTP
Secure File Transfer Protocol is a secure implementation of FTP. It is an extension of Secure Shell SSH using SSH to transmit the files in an encrypted format. SFTP transmits data using TCP port 22.
SCP (E)
Secure copy is based on SSH and is used to copy encrypted files over a network SCP uses TCP port 22.
ARP (TCP)
Address resolution Protocol resolves IPv4 addresses to media acces control (MAC) addresses. MACs are also called physical addresses or hardware addresses. TCP/IP uses the IP address to get a packet to a destination network, but once it arrives on the destination network, it uses the MAC address to get it to the correct host. In other words, ARP is reauired once the packet reaches the destination subnet. ARP poisoning used ARP packets to give clients false hardware address updates and attackers use it to redirect or interupt network traffic.
Encryption Protocols
Data in transit is any traffic sent over a network. When data is sent in cleartext, attackers can use a Protocol analyzer or sniffer to capture and read it. You can protect the confidentiality of personally identifiable information (PII) and any other sensitive data in transit by encrypting it. Not that you can also encrypt data at rest, which is data stored on any type of medium.
FTPS
File transfer protocol secure is an extension of FTP and uses SSL or TLS to encrypt FTP traffic. Some implementations of FTPS use TCP ports 989 and 990. Notice that the difference between SFTP and FTPS is that SFTP uses SSL or TLS.
FTP
File transfer protocol uploads and downloads large files for and from an FTP server. By default, FTP data with a sniffer or protocol analyzer. FTP active mode uses TCP port 21 for control signals and TCP port 20 for data. FTP passive mode also uses TCP port 22 for control signals, but it uses a random TCP port for data.
HTTPS
Hyper text transfer protocol secure encrypts web traffic to ensure it isn't secure while in transit. Web Browsers commonly indicate that a secure session is using HTTPS by displaying a lock icon and by inclusinf HTTPS in the Uniform Resource Locator (URL) field. HTTPS is encrypted with either SSL or TLS and it uses TCP port 443.
HTTP
Hypertext transfer protocol transmits web traffic on the internet and in intranets. Web servers use HTTP to transmit web pages to clients web browsers. Hypertext markup language HTML is the common language used to display the web pages. HTTP uses TCP port 80.
Internet Protocol (TCP)
Identifies hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses. IPv4 uses 32 but addresses represented in soften decimal format, such as 192.168.1.100. IPv6 uses 128 bit addresses using hexadecimal code.
ICMP (TCP)
Internet Confrol Message Protocol ICMP is used for testing basic connectivety and includes tools such as ping, pathping, and tracert As an example, pink can check basic connectivety between two systems. Man DoS attacks use ICMP. Because of how often ICMP is used in attacks, it has become common to block ICMP at firewalls and routers, which disables a ping response. Blocking ICMP prevents attackers from discovering devices in a network with a host enumeration sweep.
IPsec (E)
Internet protocol security is used to encrypt IP traffic. It is native to IPv6 but also works with IPv4. IPsec encapsulates and encrypts IP packet payloads and uses Tunnel mode to protect virtual private network traffic. IPSec includes two main components: Authentication Header AH identified by protocol ID number 51 and Encapsualting Security Payload (ESP) identified by protocol ID number 50. It uses the Internet Key Exchange (IKE) over UDP port 500 to create a security association for the VPN
NDP (TCP)
Neighborhood discovery Protocol performs several functions on IPv6. For example, it performs functions similar to IPv4 ARP. It also performs auto configuration of device IPv6 addresses and discovers other decides on the network such as the IPv6 address of the default gateway
SSH (E)
Secure Shell encrypts a wide variety of traffic, such as Secure Copy (SCP) and secure file transfer Protocol (SFTP) Unix and Linux administrators often use SSH when remotely administrating system so instead of Telnet. SSH can also encrypt TCP Wrappers, a type of access control list username on Linux and unix systems to filter traffic. When SSH encrypts traffic, it uses TCP port 22.
SSL (E)
Secure Sockets Layer SSL Protocol secures HTTP traffic as Hypertext Transfer Protocol Secure with the use of certificates. Chapter 10 covers certificates. SSL can also encrypt other types of traffic, such as SMTP and Lighweight Directory Access Protocol . SSL uses TCP port 443 when encrypting HTTP, TCP port 465 when encrypting SMTP, and TCP port 636 when encrypting LDAP with SSL
TCP
Transmission Control Protocol. Provides connection oriented traffic (guaranteed delivery). TCP uses a three way handshake. To start a TCP session, the client sends a SYN (synchronize) packet. The server responds with a SYN/ACK (synchronize/acknowledge) packet, and the client completes the third part of the handshake with an ACK packet to establish the connection.
TLS (TLS)
Transport layer security protocol is the designed replacement for SSL. At this point, you can use TLS instead of SSL in just about any application with the sameness poets. For example, HTTPS uses TCP port 443 when is used SSL or TLS. LDAPv2 uses SSL and LDAPv3 uses TLS. Both LDAP with SSL and LDAP yawn port 636.
TFTP
Trivial file transfer protocol uses UDP and is used to transfer smaller amounts of data, such as when communicating with network devices. Many attacks have used TFTP, but it isn't not an essential protocol on most networks. Because of this admins commonly disabled it. TFTP uses UDP port 69
UDP (TCP)
User Datagram Protocol. Provides connectionless sessions (without a threeway handshake). ICMP traffic, such as audio and video streaming, uses UDP. Many network-based denial of service (DoS) stacks use UDP. TCP/IP traffic is either connection oriented TCP traffic or connectionless UDP.