These are protocols which provide security when transmitting data across a network.
Allows a user to establish a secure connection between client and server.
SSH allows the user to remote connect and access a system.
SSH uses port 22 by default.
LDAP allows a domain client send LDAP query messages to a directory server.
LDAP uses port 389 and does not encrypt the communication.
LDAPS provide data encryption between the domain client and the directory server.
LDAPS uses port 636 by default.
SFTP establishes an SSH session between the FTP client and the FTP server across the network.
SFTP allows all the FTP messages to be sent across the SSH tunnel between devices.
SFTP uses port 22 by default.
FTPS uses Secure Sockets Layer (SSL) to encrypt the FTP messages as they are exchanged between the FTP client and the FTP server.
HTTPS allows a web browser to establish a secure connection to a web server.
The connection can use either Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
HTTPS uses port 443 by default.
SRTP is a secure network protocol which is used to exchange Voice over IP (VoIP) between VoIP systems across a network.
Simple Mail Transfer Protocol (SMTP) - Sends outbound email messages and uses port 25 by default.
Post Office Protocol (POP) - Used to retrieve email messages from an email server over port 110.
Internet Message Access Protocol (IMAP) - Used to synchronized emails between the client and server over port 143.
SMTP over SSL (SMTPS) - Uses port 587.
POP over SSL (POPS) - Uses port 995.
IMAP over SSL (IMAPS) - Uses port 993.
Secure/Multipurpose Internet Mail Extensions (S/MIME) - Uses digital certificates to sign and encrypt email messages.
DNSSEC allows a DNS server to digitally sign DNS Responses.
This allows a DNS client to verify the response originated from who the DNS server claims to be.
SNMP is a network protocol which is used to manage network devices.
SNMP is able to gather information about devices on a network.
SNMP is able to perform network monitoring and apply device configurations.
SNMP has 3 components: Manager, Agent and Management Information Based (MIB).
SNMPv1 - Has bad security features.
SNMPv2 - Has bad security features.
SNMPv3 - Supports encryption and authentication.
Internet Protocol security (IPsec) is a framework which uses a group of various protocols which are used to secure the communication between devices.
IPsec is commonly used when establishing a virtual private network (VPN), whether it’s a Remote Access VPN or a Site-to-Site VPN.
A Site-to-Site VPN is used to connect remote branch offices together across an unsecure network such as the Internet.
A Remote Access VPN allows an employee to establish a secure connection between their computer and the corporate network.
Within IPsec, endpoints establishes a trust between themselves which are known as Security Association (SA).
During IPsec, an Internet Key Exchange (IKE) Phase 1 Security Association (SA) is established between the VPN peers.
During an IKE Phase 1 (Main Mode) SA, the peers uses this to negotiate encryption, integrity, authentication and key exchange methods.
Within IKE Phase 2 (Quick Mode), data is exchanged between the VPN peers within 2 one-way encrypted tunnels between each peer to the other.
During an IKE Phase 2 (Quick Mode) SA, the peers uses this to negotiate IPsec encapsulation protocol, encryption, integrity, authentication and key exchange methods.
When using the Authentication Header (AH) encapsulation protocol, it provides authentication and integrity but no data encryption.
AH uses an IP protocol value of 51.
When using Encapsulating Security Protocol (ESP), it provides authentication, integrity and data encryption as data is sent across the VPN tunnel.
ESP uses an IP protocol value of 50.
In Transport mode, the original header is maintained while an ESP header and trailer is inserted within the packet.
In Tunnel mode, a new ESP header is inserted within the packet and an ESP trailer.