The Unconventional Guide to Network Security 1.4

May 2, 2016 | Views: 9382

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Network Security 1.4

Given a scenario, implement and use common protocols.

Based on CompTIA’s list of Security + exam objectives (their PDF list of domains is found here: http://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-401.pdf), I’ll go through each one and give details and examples of each so you know what each listed item means.

Where I can, I give an example so that you can search and see a concrete method of the abstraction. The examples are not in any particular order, preference or even recommendation – they’re just quick-and-easily-found examples.  I have no affiliations with any of the companies or products mentioned.

Here we go…

 


IPSec

Internet Protocol Security

This is found in the Internet Layer of the TCP/IP model (the 4 layers being: Link, Internet, Transport, and Application) or in the Network Layer/Layer 3 of the OSI model.

IPSec is useful in securing internet transmissions because it works irrespective of what computer you might have. So, it’s used for VPN.

On a tangent: SSL (see the SSL entry below) is also used for VPN. The difference in the security between the two is a matter of granularity. IPSec basically opens up the tunnel and secures the tunnel, but it’s not granular. You let someone in the tunnel and they have full access. So, while it’s cheaper than SSL, it’s also more complicated to set up (each OS needs its own IPSec implementation) and the security is like letting someone into your warehouse; the entrant has full access based on that entry.

SSL is more expensive, but easier to set up since it’s supported by browsers. Its security is based on per-application basis – you get into the warehouse, but for each part of the warehouse that you enter you have to be re-authenticated.

Be familiar with: Authentication header (AH), Encapsulating Security Payload (ESP)

 


SNMP

Secure Network Management Protocol

This is, in part, a reporter, but can also be a controller. In almost all computing devices, SNMP is available. It’s useful on your network when you need to use something like Dell OpenManage to manage your Dell servers.

If it helps to “see” it, SNMP uses ports 161 and 162.

Get familiar with the terms: community strings, MIB, OID, trap

 


SSH

Secure Shell, or Secure Socket Shell

E.g., PuTTY (free); SecureCRT (30-day trial); WinSCP

SSH is a great way to manage remote servers and uses the Application layer of the TCP/IP Model . The utility suite that uses SSH is also referred to as SSH and includes slogin, ssh and scp. This can cause confusion, as using SSH may mean using the program OR the protocol.

 


DNS

Domain Naming Service

This is THE lifeblood of network connections. DNS gives every IP a name. You don’t have to remember http://74.208.166.139/, but instead just go to www.cybrary.it. To find someone’s public IP, go to:www.ping.eu, select Ping, enter the domain and Go.

You can also choose network-tools.com and follow the same directions.

TLS

Transport Layer Security

In short, this protocol makes a secure channel between 2 networked (i.e., internet or internal) machines. This has 2 parts – the Record Protocol and the Handshake Protocol.

TLS has superseded SSL, though many people now say SSL to mean either SSL or TLS. Just realize that they’re not the same, but are, when spoken, meant to refer to a secure connection.

While TLS 1.3 is the latest version, it’s still being drafted/engineered/constructed.

If you ever purchase SSL certs from someone like Entrust: the certs are called SSL certs, but they cover both SSL and TLS.

You don’t need to know all the ins-and-outs of TLS and SSL, but be aware that:
1) TLS is the newer protocol
2) Browsers and applications need to be able to handle both TLS and SSL

SSL

Secure Sockets Layer

Like TLS, this protocol makes a secure channel between 2 networked (i.e., internet or internal) machines.

SSL has been deprecated. While still in use, it’s on the fast-track to being eliminated, with TLS being a superior protocol. SSL’s drawbacks were revealed greatly in the POODLE attack.

As of June 2016, PCI Compliant companies will not be allowed to use SSLv3 or TLSv1 anymore. The last version of SSL was v3. You can think of TLS 1.0 as SSLv3.1.

 


TCP/IP

Transmission Control Protocol/Internet Protocol

In the TCP/IP model, TCP is the Transport Layer, and IP is the Network Layer.

TCP/IP requires a computer to connect to another computer first.

It may help to remember that TCP is an improvement over UDP. UDP never guaranteed a connection, so one or more packets could easily get lost and the recipient would never know. There’s a joke that goes, “I was gonna tell you guys a joke about UDP, but you might not get it.”

TCP allows 2 hosts to connect. Because IP doesn’t guarantee delivery, it’s often combined with TCP to provide a reliable connection. This is where the 3-way handshake comes in (SYN – SYN/ACK – ACK). It doesn’t actually “guarantee” delivery, but it provides error detection and correction.

TCP/IP is also a “suite” that includes, among other things, HTTP, FTP, and SMTP.

 


FTPS

File Transfer Protocol, Secure (supports TLS and SSL; not the same as SFTP)

Because FTPS involves SSL/TLS (as an extension to FTP), it requires a certificate, so it could be difficult to setup and maintain.


HTTPS


Hyper Text Transfer Protocol, Secure

HTTPS takes HTTP and runs it on top of TLS. This encrypts your communications by making a secure channel to the host to which you’re connecting. It doesn’t hide the port(s) used, but it provides reasonable privacy and integrity of the transactions by protecting from MitM and eavesdropping.

Be familiar with X.509 and digital certificates

 


SCP

Secure Copy Protocol

SCP is based on SSH.  WinSCP is free (winscp.net)

 

ICMP

Internet Control Message Protocol

This is used mostly for diagnosis (“Are you there? Can you hear me?” – E.g., Ping, Traceroute) ) and reporting, not for transporting data. This is one thing that a DoS attacks. It’s extremely useful in-house, but you may want to block one or more aspects of ICMP from external access.

 


IPv4

Internet Protocol version 4

This is a 32-bit address scheme, allows for 2ˆ32 addresses (over 4 billion), and looks like this: 192.168.10.1 (which you’ve seen billions of times!). IP is used in the Link layer of the OSI model, and deals with the packets. IPv6

 


IPv6

Internet Protocol version 6

This is a 128-bit address scheme, provides 3.4 x 10^38 addresses, and looks like this: 21DA:D3:0:2F3B:2AA:FF:FE28:9C5A  (which you might not have seen a lot).

 


iSCSI

Internet Small Computer System Interface (pronounced “eye scuzzy”)

SCSI is a way to connect some storage devices together and have them talk to each other fast. iSCSI is that technology using the Internet. TCP is the roadway, and the SCSI commands travel over TCP. Doing this tricks the SAN into thinking that remote disks are directly attached.

 


Fibre Channel

AKA FC (pronounced “Eff See”)

High-speed networking technology, used to connect data storage.
Did you notice the British spelling (Fibre vs. Fiber)? Fibre is used for the standard/protocol, and fiber is used for the cables.

 


FCoE

Fibre Channel Over Ethernet

Fibre Channel is a high speed physical connection used primarily for SANs. FCoE allows FC to use Ethernet networks, so it saves cabling.

It differs from iSCSI. FCoE travels over Ethernet, so it’s not routable in the IP layer. iSCSI works over TCP/IP, and is routable.

 


FTP

File Transfer Protocol

E.g., FileZilla, SmartFTP

This is pretty straightforward – there’s a server and a client, you use a username and password via Port 21, all over plaintext. Insecure, but easy to setup, use and maintain. FTP is text-based, whereas SFTP is packet-based.

 


SFTP

SSH File Transfer Protocol

E.g., WinSCP

This is an extension of SSH and is not the same as FTPS (File Transfer Protocol, Secure). This is packet-based, whereas FTP is text-based. Since it runs over SSH, it’s automatically much more secure than FTP and doesn’t require the cert that FTPS does.

 


TFTP

Trivial File Transfer Protocol

TFTP uses: UDP, port 69, very little memory, and diskless equipment. This is one of the options that you could use to update a Cisco iOS, e.g., > copy tftp flash

Solarwinds, tftpd32, and Open TFTP are popular TFTP products.

 


TELNET

This is an application layer protocol providing “a bidirectional interactive text-oriented communication facility using a virtual terminal connection” to connect to someone else’s computer. In short, you use a program to console (not an MS RDP-type console, but running a “command prompt” type connection) into a remote computer.

 

HTTP

Hyper Text Transfer Protocol

This protocol runs through port 80 to send data TO and request data FROM other devices. It’s called “the cockroach of internet protocols” because of its ubiquity. It’s not just for web browsers. Because it’s used so much, HTTP data can go through pretty much every firewall, which is why you need things other than port blocking to protect from attacks using port 80.

 


NetBIOS

Network Basic Input/Output System

NetBIOS runs on the Session layer of the OSI model and works on a LAN by allowing other computers and apps on the LAN to talk to each other. If you have a brand-new network, with all new equipment, OSes, etc. then you might have it disabled. But if you have legacy systems then you’ll probably use it. It’s not supported by IPv6.

The NetBIOS name of a computer is an up-to-15-character name (MyComputerRocks)

Here’s how to see the NetBIOS options on your computer:

  1. Type ncpa.cpl into the search box, and Enter
  2. Right click on your network connection, and then Properties (or highlight it and press Alt + Enter)
  3. Select the Internet Protocol version 4 (TCP/IPv4), and then Properties
  4. On the General tab, click the Advanced button
  5. Click the WINS tab.

 


PORTS

There’s nothing fun here, but they’re necessary to know. Make flashcards from 3×5 notecards; use a little Python to write a program to test yourself; go online to find virtual (free) tests – but learn them. Because they’re all very useful, they’re widely used. Because they’re widely used, they’re vulnerable. Don’t be scared, but be aware – you’ll be configuring your company’s firewall for these:

21 – FTP

22 – SSH

25 – SMTP

53 – DNS

80 – HTTP

110 – POP3  – Post Office Protocol 3 – very basic protocol for downloading emails. It’s used to keep things simple and straightforward by downloading the email locally while removing it from the remote server. It’s still popular.

139 – NetBIOS Session Service – This uses TCP to connect (NetBIOS over TCP/IP, aka NetBT). Used for File and Print Sharing. The utility NBTSTAT uses this.

143 – IMAP – Internet Message Access Protocol – Allows you to download emails from the remote server to several places, and keeps those emails on the origin server until you decide to delete them from there.

443 – HTTPS

3389 – RDP – Remote Desktop Protocol

OSI Relevance: You’ll be tested on which layer each protocol operates on. You still need to know the 7 layers of the OSI model and not just the 4 layers of the TCP model. E.g., On which OSI layer is IPSec used? A. Network layer.

The TCP/IP Model is primarily directed at the network flow. The OSI model further dissects the functions of the services, protocols, connections and systems.

There are TONS of diagrams, charts, etc. out there about the 2 models, so print one off and persevere!

Happy Computing!

 


You might also like…

The Unconventional Guide to Network Security 1.1

The Unconventional Guide to Network Security 1.2

The Unconventional Guide to Network Security 1.3

 

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
20 Comments
  1. Hi FCAMPANINI,

    Do you understand how TCP/IP works ? Take a look here : http://ipv6.com/articles/general/TCP-IP.htm

    Kind regards

    Robert

  2. Thanks. About IPsec, correct me if I am wrong but whenever you use in a transport model you are not going to create any tunnel and you can encrypt IPv4 payload.

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel