A use case typically describes an organizational goal. Many protocols mentioned in the CompTIA Security+ objectives support specific use cases. If you’re planning to take the Security+ SY0-501 exam, you should understand how to enable the best protocol to meet an organizational goal.
For example, can you answer this question?
Q. Your organization’s security policy requires that PII data-in-transit must be encrypted. Which of the following protocols would BEST meet this requirement?
A. FTP
B. SSH
C. SMTP
D. HTTP
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.
File Transfer Use Cases
Some common use cases related to transferring files transmit data over the network, ensure confidentiality when transmitting data over a network, and ensure administrators connect to servers using secure connections.
The following list identifies basic protocols used to transfer data over a network:
• FTP. File Transfer Protocol (FTP) uploads and downloads large files to and from an FTP server. By default, FTP transmits data in cleartext, making it easy for an attacker to capture and read FTP data with a protocol analyzer. FTP active mode uses TCP port 21 for control signals and TCP port 20 for data. FTP passive mode (also known as PASV) uses TCP port 21 for control signals, but it uses a random TCP port for data. If FTP traffic is going through a firewall, this random port is often blocked, so it is best to disable PASV in FTP clients.
• TFTP. Trivial File Transfer Protocol (TFTP) uses UDP port 69 and is used to transfer smaller amounts of data, such as when communicating with network devices. Many attacks have used TFTP, but it is not an essential protocol on most networks. Because of this, administrators commonly disable it.
The following list identifies several encryption protocols used to encrypt data-in-transit. They can be used for various use cases related to secure file transfer:
• SSH. Secure Shell (SSH) encrypts traffic in transit and can be used to encrypt other protocols such as FTP. Linux administrators often used Telnet when remotely administering systems, but this is not recommended because Telnet sends traffic over the network in cleartext. Instead, administrators commonly use SSH to remotely administer systems. Secure Copy (SCP) is based on SSH and is used to copy encrypted files over a network. SSH can also encrypt TCP Wrappers, a type of access control list used on Linux systems to filter traffic. When SSH encrypts traffic, it uses TCP port 22.
• SSL. The Secure Sockets Layer (SSL) protocol was the primary method used to secure HTTP traffic as Hypertext Transfer Protocol Secure (HTTPS). SSL can also encrypt other types of traffic, such as SMTP and Lightweight Directory Access Protocol (LDAP). However, it has been compromised and is not recommended for use.
• TLS. The Transport Layer Security (TLS) protocol is the designated replacement for SSL and should be used instead of SSL. Additionally, many protocols that support TLS use STARTTLS. STARTTLS looks like an acronym, but it isn’t. Instead, it is a command used to upgrade an unencrypted connection to an encrypted connection on the same port.
• IPsec. Internet Protocol security (IPsec) is used to encrypt IP traffic. It is native to IPv6 but also works with IPv4. IPsec encapsulates and encrypts IP packet payloads and uses Tunnel mode to protect virtual private network (VPN) traffic. IPsec includes two main components: Authentication Header (AH) identified by protocol ID number 51 and Encapsulating Security Payload (ESP) identified by protocol ID number 50. It uses the Internet Key Exchange (IKE) over UDP port 500 to create a security association for the VPN.
• SFTP. Secure File Transfer Protocol (SFTP) is a secure implementation of FTP. It is an extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format. SFTP transmits data using TCP port 22.
• FTPS. File Transfer Protocol Secure (FTPS) is an extension of FTP and uses TLS to encrypt FTP traffic. Some implementations of FTPS use TCP ports 989 and 990. However, TLS can also encrypt the traffic over the ports used by FTP (20 and 21). Notice that the difference between SFTP and FTPS is that SFTP uses SSH and FTPS uses TLS.
Email and Web Use Cases
Some common use cases related to email are send and receive email, send and receive secure email, and manage email folders.
Some common protocols used for email and the web include:
• SMTP. Simple Mail Transfer Protocol (SMTP) transfers email between clients and SMTP servers. SMTP uses TCP port 25. SMTP unofficially used port 465 with SSL and port 587 with TLS. However, it is now recommended that SMTP use STARTTLS to initialize a secure connection.
• POP3 and Secure POP. Post Office Protocol v3 (POP3) transfers emails from servers down to clients. POP3 uses TCP port 110. Secure POP3 encrypts the transmission with SSL or TLS and can use TCP port 995. However, STARTTLS is now recommended to create a secure connection on port 110.
• IMAP4 and Secure IMAP. Internet Message Access Protocol version 4 (IMAP4) is used to store email on an email server. IMAP4 allows a user to organize and manage email in folders on the server. As an example, Google Mail uses IMAP4. IMAP4 uses TCP port 143. IMAP4 with SSL or TLS can use TCP port 993, but STARTTLS is recommended using the same TCP port 143.
• HTTP. Hypertext Transfer Protocol (HTTP) transmits web traffic on the Internet and in intranets. Web servers use HTTP to transmit web pages to clients’ web browsers. Hypertext Markup Language (HTML) is the common language used to display the web pages. HTTP uses TCP port 80.
• HTTPS. Hypertext Transfer Protocol Secure (HTTPS) encrypts web traffic to ensure it is secure while in transit. Web browsers commonly indicate that a secure session is using HTTPS by displaying a lock icon and by including HTTPS in the Uniform Resource Locator (URL) field. HTTPS is encrypted with either SSL or TLS and it uses TCP port 443.
Q. Your organization’s security policy requires that PII data-in-transit must be encrypted. Which of the following protocols would BEST meet this requirement?
A. FTP
B. SSH
C. SMTP
D. HTTP
Answer is B. You can use Secure Shell (SSH) to encrypt Personally Identifiable Information (PII) data when transmitting it over the network (data-in-transit). Secure File Transfer Protocol (SFTP) uses SSH to encrypt File Transfer Protocol (FTP) traffic.
FTP, Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP) transmit data in cleartext unless they are combined with an encryption protocol.
See Chapter 3 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on implementing protocols for use cases.