Security+ (SY0-601) Cram Notes

Previous   Contents   Next

1. Network Security

1.4 Implement and use common protocols

IPSec (Internet Protocol Security): It authenticates and encrypts IP packets, effectively securing communications between the computers and devices that are used in VPN. IPsec operates at the Network Layer of the OSI model. It differs from SSH, SSL, and TLS in that it is the only protocol that does not operate within the upper layers of the OSI model. It can negotiate cryptographic keys and establish mutual. The two primary security services that are provided by IPSec are:

  • Authentication Header (AH) : AH provides the authentication of the sender

  • Encapsulating Security Payload : ESP provides encryption of the payload.

SNMP (Simple Network Management Protocol): It enables monitoring of remote systems. There are three main parts of SNMP a manager, an agent, and a database of management information. The manager provides the interface between the human network manager and the management system. The agent provides the interface between the manager and the physical device(s) being managed. The manager and agent use a Management Information Base (MIB) and a set of commands to exchange information.

SSH (Secure Shell): It is a protocol that can create a secure channel between two computers or network devices, enabling one computer or device to remotely control the other. It is commonly used on Linux and Unix systems, and nowadays also has widespread use on Windows clients. It uses public key cryptography to authenticate remote computers. One computer (the one to be controlled) runs the SSH daemon, while the other computer runs the SSH client and makes secure connections to the first computer (which is known as a server), as long as a certificate can be obtained and validated.

DNS(Domain Name System): Resolves IP addresses to host names.

SSL (Secure Socket Layer) / TLS (Transport Layer Security): These are cryptographic protocols that provide secure Internet communications such as web browsing, instant messaging, e-mail, and VoIP. These protocols rely on a PKI for the obtaining and validating of certificates. These are called Application Layer Protocol. Two types of keys are required when any two computers attempt to communicate with the SSL or TLS protocols: A public key and a session key. Asymmetric encryption is used to encrypt and share session keys, and symmetric encryption is used to encrypt the session data.

TCP/IP (Transmission Control Protocol/Internet Protocol): It is suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is built into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also supportTCP/IP.

FTPS (FTP Secure): FTPS uses SSL or TLS to make secure connections. FTPS can work in two modes: explicit and implicit. In explicit mode the FTPS client must explicitly request security from an FTPS server and then mutually agree on the type of encryption to be used. In implicit mode, there is no negotiation, and the client is expected to already know the type of encryption used by the server. In general, implicit mode is considered to be more secure than explicit mode.

HTTPS (Hypertext Transfer Protocol Secure): It is a combination of HTTP and either SSL or TLS. Web servers that enable HTTPS inbound connections must have inbound port 443 open. This is common for e-commerce.

SFTP (Secure FTP): SFTP is the SSH File Transfer Protocol. It is an extension of the SSH protocol, which uses port 22. Contrast this with FTPS, which is FTP Secure or FTP-SSL, which uses port 443.

SCP (Secure Copy): It is a way of transferring files securely between two hosts it utilizes SSH. It runs on port 22 by default.

ICMP (Internet Control Message Protocol): The Internet Control Message Protocol (ICMP) protocol is classic example of a client server application. The ICMP server executes on all IP end system computers and all IP intermediate systems (i.e routers). The protocol is used to report problems with delivery of IP datagrams within an IP network. It can be sued to show when a particular End System (ES) is not responding, when an IP network is not reachable, when a node is overloaded, when an error occurs in the IP header information, etc. The protocol is also frequently used by Internet managers to verify correct operations of End Systems (ES) and to check that routers are correctly routing packets to the specified destination address.

IPv4 Vs Ipv6



addresses are 32-bit in length

addresses are 128-bit in length

IP addresses are numeric only

uses a long string of numbers and letters in the IP address

Address is a 32-bit number made up of four octets (8-bit numbers) in decimal notation, separated by periods. A bit can either be a 1 or a 0 (2 possibilities), so the decimal notation of an octet would have 28 distinct possibilities

IPv6 addresses are broken down into eight 16-bit sections, separated by colons. Because each section is 16 bits, it can have 216 variations (65,536 distinct possibilities)


Example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Previous   Contents   Next

Copyright © Anand Software and Training Private Limited.