Encryption Protocols

Posted on by Darril

If you plan on taking the Security+ exam you should have a good understanding of TCP/IP including some encryption protocols. TCP/IP is a full suite of protocols used for communicating between devices over a network. Encryption protocols help ensure confidentiality of data by ciphering the data, making it harder to read. This blog covers several encryption protocols you should know about for the Security+ exam.

Note: This blog is an excerpt from the
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.

 

Encryption Protocols

Any traffic sent across the wire in clear text is subject to sniffing attacks with a protocol analyzer. One way to protect against this vulnerability is to encrypt the data. Some protocols used to encrypt traffic include:

  • SSH. Secure Shell can be used to encrypt a wide variety of traffic, such as Telnet, Secure Copy (SCP), and Secure File Transfer Protocol (SFTP). UNIX and Linux administrators often use SSH to remotely administer these systems. When traffic is encrypted with SSH, it uses port of 22.
  • SCP. Secure Copy is based on SSH. Users can use SCP to copy encrypted files over a network. SCP uses port 22.

Remember this

SSH encrypts a wide variety of traffic and uses port 22 in each implementation. It encrypts FTP traffic (as SFTP) using port 22 instead of the FTP ports of 20 and 21. It encrypts Telnet traffic using port 22 (instead of the Telnet port of 23). SSH is also used with SCP to copy encrypted files over a network.

  • SSL. The Secure Sockets Layer protocol secures HTTP traffic as HTTPS. SSL can also encrypt other types of traffic such as LDAP. SSL uses port 443 when encrypting HTTP, and port 636 when encrypting LDAP/SSL (LDAPS).
  • TLS. Transport Layer Security protocol is the designated replacement for SSL. At this point, you can use TLS instead of SSL in just about any application. For example, TLS can encrypt HTTP traffic as HTTPS (on port 443), and LDAP traffic as LDAP/TLS (LDAPS) on port 636. Notice that LDAPS can use either SSL or TLS and both use port 636.
  • IPsec. Internet Protocol security is used to encrypt IP traffic. It is native to IPv6 but also works with IPv4. IPsec encapsulates and encrypts IP packet payloads and uses tunnel mode to protect virtual private network (VPN) traffic. IPsec includes two components: Authentication Header (AH), identified by protocol ID number 51, and Encapsulating Security Payload (ESP), identified by protocol ID number 50.

Remember this

SSL and TLS encrypt traffic, including traffic over the Internet. IPsec includes ESP to provide payload encryption and AH to provide authentication and integrity. IPsec is built into IPv6 but can also work with IPv4.

Security+ (SY0-601) Practice Test Questions

SY0-601 Practice Test Questions 

Over 385 realistic Security+ practice test questions

At least 10 performance-based questions

All questions include explanations so you’ll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Upgrade Your Resume with the Security+ New Version

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
  • Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions.

Pass the First Time You Take It

Get the full bank of SY0-601 Practice Test Questions Here

Click here if you’re looking for SY0-501 Online Study Package

Security+ Full Access Package
Get Certified Get Ahead Security+

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.

This exam is expensive.

Make sure you’re ready before exam day. 

Here’s what you’ll get:
  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
  • Over 40 new multiple-choice questions we’ve added after publishing the study guide.
  • Over 30 performance-based questions. See a demo here.
  • All of the flashcards from the study guide. View them in any Web browser.
  • All of the audio from the study guide. Listen to a sample here.
  • Access to a free discount code for 10% off your Security+ voucher.

Buy The Full Access Study Package Today

60 Days Access

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!