Ready to Start Your Career?
May 2, 2016
The Unconventional Guide to Network Security 1.4
May 2, 2016
Network Security 1.4Given a scenario, implement and use common protocols.Based on CompTIA’s list of Security + exam objectives (their PDF list of domains is found here: http://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-401.pdf), I’ll go through each one and give details and examples of each so you know what each listed item means.Where I can, I give an example so that you can search and see a concrete method of the abstraction. The examples are not in any particular order, preference or even recommendation – they’re just quick-and-easily-found examples. I have no affiliations with any of the companies or products mentioned.Here we go… IPSecInternet Protocol SecurityThis is found in the Internet Layer of the TCP/IP model (the 4 layers being: Link, Internet, Transport, and Application) or in the Network Layer/Layer 3 of the OSI model.IPSec is useful in securing internet transmissions because it works irrespective of what computer you might have. So, it’s used for VPN.On a tangent: SSL (see the SSL entry below) is also used for VPN. The difference in the security between the two is a matter of granularity. IPSec basically opens up the tunnel and secures the tunnel, but it’s not granular. You let someone in the tunnel and they have full access. So, while it’s cheaper than SSL, it’s also more complicated to set up (each OS needs its own IPSec implementation) and the security is like letting someone into your warehouse; the entrant has full access based on that entry.SSL is more expensive, but easier to set up since it’s supported by browsers. Its security is based on per-application basis – you get into the warehouse, but for each part of the warehouse that you enter you have to be re-authenticated.Be familiar with: Authentication header (AH), Encapsulating Security Payload (ESP) SNMPSecure Network Management ProtocolThis is, in part, a reporter, but can also be a controller. In almost all computing devices, SNMP is available. It’s useful on your network when you need to use something like Dell OpenManage to manage your Dell servers.If it helps to “see” it, SNMP uses ports 161 and 162.Get familiar with the terms: community strings, MIB, OID, trap SSHSecure Shell, or Secure Socket ShellE.g., PuTTY (free); SecureCRT (30-day trial); WinSCPSSH is a great way to manage remote servers and uses the Application layer of the TCP/IP Model . The utility suite that uses SSH is also referred to as SSH and includes slogin, ssh and scp. This can cause confusion, as using SSH may mean using the program OR the protocol. DNSDomain Naming ServiceThis is THE lifeblood of network connections. DNS gives every IP a name. You don’t have to remember http://188.8.131.52/, but instead just go to www.cybrary.it. To find someone’s public IP, go to:www.ping.eu, select Ping, enter the domain and Go.You can also choose network-tools.com and follow the same directions.TLS Transport Layer SecurityIn short, this protocol makes a secure channel between 2 networked (i.e., internet or internal) machines. This has 2 parts – the Record Protocol and the Handshake Protocol.TLS has superseded SSL, though many people now say SSL to mean either SSL or TLS. Just realize that they’re not the same, but are, when spoken, meant to refer to a secure connection.While TLS 1.3 is the latest version, it’s still being drafted/engineered/constructed.If you ever purchase SSL certs from someone like Entrust: the certs are called SSL certs, but they cover both SSL and TLS.You don’t need to know all the ins-and-outs of TLS and SSL, but be aware that:1) TLS is the newer protocol2) Browsers and applications need to be able to handle both TLS and SSLSSL Secure Sockets LayerLike TLS, this protocol makes a secure channel between 2 networked (i.e., internet or internal) machines.SSL has been deprecated. While still in use, it’s on the fast-track to being eliminated, with TLS being a superior protocol. SSL’s drawbacks were revealed greatly in the POODLE attack.As of June 2016, PCI Compliant companies will not be allowed to use SSLv3 or TLSv1 anymore. The last version of SSL was v3. You can think of TLS 1.0 as SSLv3.1. TCP/IP Transmission Control Protocol/Internet ProtocolIn the TCP/IP model, TCP is the Transport Layer, and IP is the Network Layer.TCP/IP requires a computer to connect to another computer first.It may help to remember that TCP is an improvement over UDP. UDP never guaranteed a connection, so one or more packets could easily get lost and the recipient would never know. There’s a joke that goes, “I was gonna tell you guys a joke about UDP, but you might not get it.”TCP allows 2 hosts to connect. Because IP doesn’t guarantee delivery, it’s often combined with TCP to provide a reliable connection. This is where the 3-way handshake comes in (SYN – SYN/ACK – ACK). It doesn’t actually “guarantee” delivery, but it provides error detection and correction.TCP/IP is also a “suite” that includes, among other things, HTTP, FTP, and SMTP. FTPS File Transfer Protocol, Secure (supports TLS and SSL; not the same as SFTP)Because FTPS involves SSL/TLS (as an extension to FTP), it requires a certificate, so it could be difficult to setup and maintain.HTTPSHyper Text Transfer Protocol, SecureHTTPS takes HTTP and runs it on top of TLS. This encrypts your communications by making a secure channel to the host to which you’re connecting. It doesn’t hide the port(s) used, but it provides reasonable privacy and integrity of the transactions by protecting from MitM and eavesdropping.Be familiar with X.509 and digital certificates SCPSecure Copy ProtocolSCP is based on SSH. WinSCP is free (winscp.net) ICMPInternet Control Message ProtocolThis is used mostly for diagnosis (“Are you there? Can you hear me?” - E.g., Ping, Traceroute) ) and reporting, not for transporting data. This is one thing that a DoS attacks. It's extremely useful in-house, but you may want to block one or more aspects of ICMP from external access. IPv4 Internet Protocol version 4This is a 32-bit address scheme, allows for 2ˆ32 addresses (over 4 billion), and looks like this: 192.168.10.1 (which you’ve seen billions of times!). IP is used in the Link layer of the OSI model, and deals with the packets. IPv6 IPv6 Internet Protocol version 6This is a 128-bit address scheme, provides 3.4 x 10^38 addresses, and looks like this: 21DA:D3:0:2F3B:2AA:FF:FE28:9C5A (which you might not have seen a lot). iSCSIInternet Small Computer System Interface (pronounced “eye scuzzy”)SCSI is a way to connect some storage devices together and have them talk to each other fast. iSCSI is that technology using the Internet. TCP is the roadway, and the SCSI commands travel over TCP. Doing this tricks the SAN into thinking that remote disks are directly attached. Fibre ChannelAKA FC (pronounced “Eff See”)High-speed networking technology, used to connect data storage.Did you notice the British spelling (Fibre vs. Fiber)? Fibre is used for the standard/protocol, and fiber is used for the cables. FCoEFibre Channel Over EthernetFibre Channel is a high speed physical connection used primarily for SANs. FCoE allows FC to use Ethernet networks, so it saves cabling.It differs from iSCSI. FCoE travels over Ethernet, so it’s not routable in the IP layer. iSCSI works over TCP/IP, and is routable. FTPFile Transfer ProtocolE.g., FileZilla, SmartFTPThis is pretty straightforward – there’s a server and a client, you use a username and password via Port 21, all over plaintext. Insecure, but easy to setup, use and maintain. FTP is text-based, whereas SFTP is packet-based. SFTPSSH File Transfer ProtocolE.g., WinSCPThis is an extension of SSH and is not the same as FTPS (File Transfer Protocol, Secure). This is packet-based, whereas FTP is text-based. Since it runs over SSH, it’s automatically much more secure than FTP and doesn’t require the cert that FTPS does. TFTPTrivial File Transfer ProtocolTFTP uses: UDP, port 69, very little memory, and diskless equipment. This is one of the options that you could use to update a Cisco iOS, e.g., > copy tftp flashSolarwinds, tftpd32, and Open TFTP are popular TFTP products. TELNETThis is an application layer protocol providing “a bidirectional interactive text-oriented communication facility using a virtual terminal connection” to connect to someone else’s computer. In short, you use a program to console (not an MS RDP-type console, but running a “command prompt” type connection) into a remote computer. HTTPHyper Text Transfer ProtocolThis protocol runs through port 80 to send data TO and request data FROM other devices. It’s called “the cockroach of internet protocols” because of its ubiquity. It’s not just for web browsers. Because it’s used so much, HTTP data can go through pretty much every firewall, which is why you need things other than port blocking to protect from attacks using port 80. NetBIOSNetwork Basic Input/Output SystemNetBIOS runs on the Session layer of the OSI model and works on a LAN by allowing other computers and apps on the LAN to talk to each other. If you have a brand-new network, with all new equipment, OSes, etc. then you might have it disabled. But if you have legacy systems then you’ll probably use it. It’s not supported by IPv6.The NetBIOS name of a computer is an up-to-15-character name (MyComputerRocks)Here’s how to see the NetBIOS options on your computer:
- Type ncpa.cpl into the search box, and Enter
- Right click on your network connection, and then Properties (or highlight it and press Alt + Enter)
- Select the Internet Protocol version 4 (TCP/IPv4), and then Properties
- On the General tab, click the Advanced button
- Click the WINS tab.