CompTIA Security+: Implementing Secure Protocols

Next up in the CompTIA Security+ study guide is implementing secure protocols. By “implementing” they really mean “briefly mentioning each one.” No real implementation details here. Most of the exam questions at the end of the chapter are about what each protocol is used for, and relevant ports.

Protocols are a defined set of rules that allow different components can have a ‘common language’ to exchange commands and data. Having defined protocols allows for the development of interoperable devices. Secure protocols are protocols that have built-in security mechanisms.

This is a continuation of my blog post series on the CompTIA Security+ exam, where I share my studying and connect it to real-world events.

DNSSEC

What it is: DNS is a protocol for translating domain names into IP addresses. This happens via UDP over port 53. The problem is that requests and replies are sent in plaintext, and can be spoofed. Enter DNNSEC (domain name service system security extensions). DNNSEC is an extension to the DNS protocol that enables origin authentication, authenticated denial of existence, and data integrity.

Use cases: domain name resolution

Relevant port(s): 53

SSH

What it is: secure shell is an encrypted remote terminal connection program that’s used to make remote connections to a server.

Use cases: remote server access

Relevant port(s): 22

S/MIME

What it is: MIME stands for “multipurpose internet mail extensions.” It’s a standard for transmitting binary data via email (attachments need to be swapped into the correct encoding). Attachments are sent in plaintext, so attackers can listen in. Secure Multipurpose Internet Mail Extensions is a “standard for public key encryption and signing of MIME data in emails.”

Use cases: email

SRTP

What it is: Secure Real-time Transport Protocol is a network protocol used for securely delivering audio and video messages over IP networks. Provides encryption, message authentication and integrity, as well as replay protection.

Use cases: voice and video streaming

LDAPS

What it is: LDAP is the primary protocol used for transmitting directory information. By default, that traffic is transmitted insecurely. The secure version, which uses a TLS/SSL tunnel to connect LDAP services, is called LDAPS (Lightweight Directory Access Protocol Secure). Technically, LDAPS uses SASL (simple authentication and security layer) but this isn’t covered on the Security+ exam.

Use cases: directory services

Relevant port(s): LDAPS uses TCP port 636. LDAPS communication to a global catalog server uses 3269.

FTPS

What it is: File Transfer Protocol is not secure. FTPS is the implementation of FTP over an SSL/TLS-encrypted channel.

Use cases: file transfer

Relevant port(s): ports 989 and 990.

SFTP

What it is: SFTP is FTP over an SSH channel.

Use cases: file transfer

Relevant port(s): 22

SNMPv3

What it is: Simple Network Management Protocol (SNMP) is a standard for managing devices on IP-based networks. Versions 1 and 2 are considered insecure. Version 3 was developed to address those security vulnerabilities.

Use cases: managing networking data; network address allocation

Relevant port(s): 161 and 162.

SSL/TLS

What it is: SSL stands for Secure Sockets Layer, which is “an application of encryption technology developed for transport-layer protocols across the web.” SSL has been replaced by TLS but people continue to refer to it as SSL/TLS (or use the names interchangeably).

Use cases: securing other protocols (i.e. HTTP -> HTTPS)

Relevant port(s): the standard port is undefined. It depends on the protocol that is being secured (ie HTTP over SSL/TLS is port 443).

HTTPS

What it is: Hypertext Transfer Protocol is used to transmit HTTP traffic. HTTPS is HTTP secured with SSL/TLS.

Use cases: web

Relevant port(s): 443

Secure POP/IMAP

What it is: POP and IMAP are protocols for email servers. Secure POP/IMAP refer to POP3 and IMAP over an SSL/TLS session.