Next up in the CompTIA Security+ study guide is implementing secure protocols. By “implementing” they really mean “briefly mentioning each one.” No real implementation details here. Most of the exam questions at the end of the chapter are about what each protocol is used for, and relevant ports.
Protocols are a defined set of rules that allow different components can have a ‘common language’ to exchange commands and data. Having defined protocols allows for the development of interoperable devices. Secure protocols are protocols that have built-in security mechanisms.
This is a continuation of my blog post series on the CompTIA Security+ exam, where I share my studying and connect it to real-world events.
DNSSEC
What it is: DNS is a protocol for translating domain names into IP addresses. This happens via UDP over port 53. The problem is that requests and replies are sent in plaintext, and can be spoofed. Enter DNNSEC (domain name service system security extensions). DNNSEC is an extension to the DNS protocol that enables origin authentication, authenticated denial of existence, and data integrity.
Use cases: domain name resolution
Relevant port(s): 53
SSH
What it is: secure shell is an encrypted remote terminal connection program that’s used to make remote connections to a server.
Use cases: remote server access
Relevant port(s): 22
S/MIME
What it is: MIME stands for “multipurpose internet mail extensions.” It’s a standard for transmitting binary data via email (attachments need to be swapped into the correct encoding). Attachments are sent in plaintext, so attackers can listen in. Secure Multipurpose Internet Mail Extensions is a “standard for public key encryption and signing of MIME data in emails.”
Use cases: email
SRTP
What it is: Secure Real-time Transport Protocol is a network protocol used for securely delivering audio and video messages over IP networks. Provides encryption, message authentication and integrity, as well as replay protection.
Use cases: voice and video streaming
LDAPS
What it is: LDAP is the primary protocol used for transmitting directory information. By default, that traffic is transmitted insecurely. The secure version, which uses a TLS/SSL tunnel to connect LDAP services, is called LDAPS (Lightweight Directory Access Protocol Secure). Technically, LDAPS uses SASL (simple authentication and security layer) but this isn’t covered on the Security+ exam.
Use cases: directory services
Relevant port(s): LDAPS uses TCP port 636. LDAPS communication to a global catalog server uses 3269.
FTPS
What it is: File Transfer Protocol is not secure. FTPS is the implementation of FTP over an SSL/TLS-encrypted channel.
Use cases: file transfer
Relevant port(s): ports 989 and 990.
SFTP
What it is: SFTP is FTP over an SSH channel.
Use cases: file transfer
Relevant port(s): 22
SNMPv3
What it is: Simple Network Management Protocol (SNMP) is a standard for managing devices on IP-based networks. Versions 1 and 2 are considered insecure. Version 3 was developed to address those security vulnerabilities.
Use cases: managing networking data; network address allocation
Relevant port(s): 161 and 162.
SSL/TLS
What it is: SSL stands for Secure Sockets Layer, which is “an application of encryption technology developed for transport-layer protocols across the web.” SSL has been replaced by TLS but people continue to refer to it as SSL/TLS (or use the names interchangeably).
Use cases: securing other protocols (i.e. HTTP -> HTTPS)
Relevant port(s): the standard port is undefined. It depends on the protocol that is being secured (ie HTTP over SSL/TLS is port 443).
HTTPS
What it is: Hypertext Transfer Protocol is used to transmit HTTP traffic. HTTPS is HTTP secured with SSL/TLS.
Use cases: web
Relevant port(s): 443
Secure POP/IMAP
What it is: POP and IMAP are protocols for email servers. Secure POP/IMAP refer to POP3 and IMAP over an SSL/TLS session.
Use cases: email
Relevant port(s): 995 for Secure POP3 and 993 for Secure IMAP.
NTP
What it is: Network Time Protocol is the standard for time synchronization across servers. It does not have security features, although you could use it in conjunction with a TLS tunnel.
Relevant port(s): UDP port 123.