Chapter 10: Implementing Secure Protocols
Secure Shell (SSH)
A Linux/UNIX-based command interface and protocol for securely accessing a remote computer. An encrypted remote terminal connection program used for remote connections to a server. SSH uses public-key cryptography and port 22/TCP.
E-Mail Use Case
A bit more complicated to secure, and the best option is via S/MIME.
Software as a Service (SaaS)
A form of cloud computing where a firm subscribes to a third-party software and receives a service that is delivered online. Software is licensed on a subscription basis, however hosted centrally commonly in the cloud.
Secure Real-Time Transport Protocol (SRTP)
A network protocol for securely delivering audio and video over IP networks. SRTP uses cryptography to provide encryption, message authentication, and integrity, and replay attack protection of the RTP data in both unicast and multicast applications.
Transport Layer Security (TLS)
A protocol based on SSL 3.0 that provides authentication and encryption, used by most servers for secure exchanges over the Internet. An IETF standard for the employment of encryption technology that replaces SSL.
Simple Network Management Protocol v.3 (SNMP v.3)
A standard for managing devices on IP-based networks. SNMPv3 was developed specifically to address the security concerns and vulnerabilities with SNMPv1 and v2. All versions of SNMP use ports 161 and 161/UDP
Multi-Purpose Internet Mail Extension (S/MIME)
A standard for transmitting binary data via an e-mail. S/MIME is designed to provide cryptographic protections to e-mails.
DNSSEC (Domain Name System Security Extensions)
A suite of specifications used to protect the integrity of DNS records and prevent DNS poisoning attacks. An extension of the DNS protocol that, through the use of cryptography, enables origin authentication of DNS data, authenticated denial of existence, and data integrity, but does not extend to availability or confidentiality. If an organization wants to provide better security for its name resolution services, it can do so by using DNSSEC in conjunction with TLS. DNSSEC typically uses port 53/TCP (Transmission Control Protocol).
Simple Mail Transfer Protocol (SMTP)
An Internet-standard protocol for sending email messages between servers on IP networks. Because SMTP is generally used to send messages from a mail client to a mail server, you should specify both the POP or IMAP server and the SMTP server when configuring an email application. SMTP uses port 25/TCP and over SSL/TLS port 465/TCP
Secure Sockets Layer (SSL)
An application encryption technology developed for transport-layer protocols over the Web. SSL uses public-key encryption methods to exchange symmetric keys. All versions of SSL have been deprecated due to security issues.
File Transfer Use Case
FTP is not secure, so if there are concerns SFTP and FTPS are secure alternatives that can be used.
Web Use Case
HTTPS which relies on SSL/TLS, is used to secure web connections.
Directory Services Use Case
LDAP is the primary protocol. When security is required, LDAPS is a common option.
Secure POP/IMAP
Refers to POP3 and IMAP over an SSL/TLS session. POP3 uses port 995/TCP IMAP uses port 993/TCP
File Transfer Protocol Secure (FTPS)
The implementation of FTP over an SSL/TLS secure channel. FTPS uses port 989 and 990/TCP Ex: A security analyst wants to increase the security of an FTP server. Currently all trails to the FTP server are unencrypted. Users are using a variety of FTP client software to connect, however the analyst wants to keep the same port and protocol, while still allowing unencrypted connections, so they could use FTPS.
Subscription Services
The management of data flows to and from a system based on either a "Push" (publish) or "Pull" (subscribe) model. Managing what data elements are needed by which nodes is a problem that you can tackle using directory services, like LDAP.
Remote Access
The means by which users can access computer resources across a network. Securing remote access can be done via many means: SSL/TLS are common used for secure remote connections. SSH can be used in lieu of Telnet (which is insecure). Access to servers and other network devices via VPA, IPSec is commonly used.
Lightweight Directory Access Protocol Secure (LDAPS)
The primary protocol for transmitting directory information. You can make LDAP traffic secure by using it with SSL/TLS by using a certificate. LDAP communication uses port 389/TCP LDAPS communication uses port 636/TCP LDAPS communication to a global catalog server uses port 3269/TCP
Network Time Protocol (NTP)
The standard for time synchronization across servers and clients. NTP uses port 123/UDP. If there is concern with NTP traffic being compromised, it can be transmitted through a TLS tunnel.
Secure File Transfer Protocol (SFTP)
The use of FTP over an SSH channel. A protocol for securely uploading and downloading files to and from a remote host. SFTP functions similarly to FTP, but the encryption prevents sniffing attacks from capturing data in cleartext. Compare to File Transfer Protocol (FTP) and Trivial FTP (TFTP). SFTP uses port 22/TCP
Hyper Text Transfer Protocol Secure (HTTPS)
The use of SSL or TLS to encrypt a channel over which HTTP traffic is transmitted. HTTPS uses port 443/TCP.
Voice and Video Use Cases
To securely transport voice and video over the network the use of SRTP is recommended.