If you plan on taking the Security+ exam you should have a good understanding of TCP/IP including some encryption protocols. TCP/IP is a full suite of protocols used for communicating between devices over a network. Encryption protocols help ensure confidentiality of data by ciphering the data, making it harder to read. This blog covers several encryption protocols you should know about for the Security+ exam.
Note: This blog is an excerpt from the
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
Any traffic sent across the wire in clear text is subject to sniffing attacks with a protocol analyzer. One way to protect against this vulnerability is to encrypt the data. Some protocols used to encrypt traffic include:
- SSH. Secure Shell can be used to encrypt a wide variety of traffic, such as Telnet, Secure Copy (SCP), and Secure File Transfer Protocol (SFTP). UNIX and Linux administrators often use SSH to remotely administer these systems. When traffic is encrypted with SSH, it uses port of 22.
- SCP. Secure Copy is based on SSH. Users can use SCP to copy encrypted files over a network. SCP uses port 22.
SSH encrypts a wide variety of traffic and uses port 22 in each implementation. It encrypts FTP traffic (as SFTP) using port 22 instead of the FTP ports of 20 and 21. It encrypts Telnet traffic using port 22 (instead of the Telnet port of 23). SSH is also used with SCP to copy encrypted files over a network.
- SSL. The Secure Sockets Layer protocol secures HTTP traffic as HTTPS. SSL can also encrypt other types of traffic such as LDAP. SSL uses port 443 when encrypting HTTP, and port 636 when encrypting LDAP/SSL (LDAPS).
- TLS. Transport Layer Security protocol is the designated replacement for SSL. At this point, you can use TLS instead of SSL in just about any application. For example, TLS can encrypt HTTP traffic as HTTPS (on port 443), and LDAP traffic as LDAP/TLS (LDAPS) on port 636. Notice that LDAPS can use either SSL or TLS and both use port 636.
- IPsec. Internet Protocol security is used to encrypt IP traffic. It is native to IPv6 but also works with IPv4. IPsec encapsulates and encrypts IP packet payloads and uses tunnel mode to protect virtual private network (VPN) traffic. IPsec includes two components: Authentication Header (AH), identified by protocol ID number 51, and Encapsulating Security Payload (ESP), identified by protocol ID number 50.
SSL and TLS encrypt traffic, including traffic over the Internet. IPsec includes ESP to provide payload encryption and AH to provide authentication and integrity. IPsec is built into IPv6 but can also work with IPv4.