3.1 Secure Protocols - Security+ 601

HMAC-SHA1

"hmac" stands for "hash message authentication code", and "sha1" stands for secure hash algorithm 1, a manner of encoding data invented by the NSA. For voice and video security.

IPSec - Protocols Used

- Authentication Header (AH) - Provides integrity, authentication and non-repudiation - Encapsulating Security Protocol (ESP) - Provides confidentiality/encryption and limited authentication

Protocols for File Transfer

1. FTPS 2. SFTP

Secure Protocols for Directory Services

1. LDAPS 2. SASL (Simple Authentication and Security Layer)

How to secure Voice and Video?

1. SRTP 2. Encryption 3. Authentication, Integrity, and Replay Protection

Secure Protocols for Routing and Switching

1. SSH 2. SNMPv3 3. HTTPS

IMAP (Internet Message Access Protocol)

A common protocol for retrieving email messages via the Internet. Allows the end user to view and manipulate the messages as though they were stored locally on the end user's computing device(s).

DHCP (Dynamic Host Configuration Protocol)

A network service that provides automatic assignment of IP addresses and other TCP /IP configuration information. For Network Address Allocation. NOT SECURE.

SSL (Secure Sockets Layer)

A protocol that provides security when communicating on the Internet

Post Office Protocol (POP)

A protocol used to retrieve email from a mail server. POP3 is a later iteration of the protocol, and can be used with or without SMTP.

DHCP snooping

A security feature on switches whereby messages on the network are checked and filtered.

In order to authenticate data packets and guarantee their integrity, IPsec includes two protocol

AH (Authentication Header) protocol and the ESP (Encapsulating Security Payload) protocol. Both protocols, in turn, support two encapsulation modes—tunnel mode and transport mode.

Why are secure protocols important?

Ensures communication is safe from hackers and prying eyes.

HTTPS

Hypertext Transfer Protocol Secure. Encrypts HTTP traffic with SSL or TLS using port 443.

LDAPS (Lightweight Directory Access Protocol Secure)

Non-standard implementation over SSL.

Transport mode

Only a packet's IP data (payload) is encrypted, not the IP headers themselves; In other words, payload data transmitted within the original IP packet is protected, but not the IP header. In transport mode, encrypted traffic is sent directly between two hosts that previously established a secure IPsec tunnel.

OSI Layer 3 - (Network) Open Systems Interconnection Model

Protocols: IP, ICMP, ARP, RIP, IPX. Device: router.

Secure Protocol for Remote Access

SSH

SSH (Secure Shell)

TCP 22. Provides secure terminal communication and file transfer features. Encrypted terminal communication.

HTTPS (Hypertext Transfer Protocol Secure)

TCP 443. Secure version. Uses public key encryption with private key on the server.

POP ( post office protocol) and IMAP ( Internet message access protocol)

The two most commonly used Internet mail protocols for retrieving emails.

Authentication Header (AH)

This provides connectionless integrity and the authentication of data. It also provides protection versus replay attacks.

NTPsec (Network Time Protocol Secure)

Used for security on time synchronization.

IPSec

Used to encrypt traffic on the wire and can operate in both tunnel mode and transport mode. Supports confidentiality and integrity/anti-replay

TLS (Transport Layer Security)

Used to encrypt traffic on the wire. TLS is the replacement for SSL and like SSL, it uses certificates issued by CAs.

SRTP (Secure Real-Time Transport Protocol)

Used to provide secure VoIP. Keeps conversations private.

FTPS (File Transfer Protocol Secure)

Uses SSL or TLS encrypt FTP traffic. Some implementations use ports 989 and 990

DNSSEC (Domain Name System Security Extensions)

Uses digital signatures to provide security for communications and helps to minimize the likelihood to man-in-the-middle attacks.

S/MIME (Secure/Multipurpose Internet Mail Extensions)

Uses public key encryption and digital signing of mail content. Requires a PKI or similar organization of keys.

SASL (Simple Authentication and Security Layer)

You want to use Kerberos to protect LDAP authentication. What authentication mode should you use?

SFTP (Secure File Transfer Protocol)

copies files between hosts securely. SFTP first establishes a connection with a host and then allows a remote user to browse directories, list files, and copy files. SFTP encrypts data before transmitting it.

Encapsulation Security Protocol (ESP)

provides source authentication, data integrity and confidentiality more widely used than AH

Tunnel mode

the entire original IP packet is encapsulated to become the payload of a new IP packet. Additionally, a new IP header is added on top of the original IP packet. Since a new packet is created using the original information, tunnel mode is useful for protecting traffic between different networks.