CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [190]
On the receiving end, the private key is used to weed out the session key. The session key and the private key are then used to decrypt the ciphertext back into the original document.
HTTP Secure
Hypertext Transport Protocol Secure (HTTPS) is the secure version of HTTP, the language of the World Wide Web. HTTPS uses SSL to secure the channel between the client and server. Many e-business systems use HTTPS for secure transactions. An HTTPS session is identified by the https in the URL and by a key that is displayed on the web browser.
HTTPS uses port 443 by default.
FIGURE 7.22 The PGP encryption system
Secure HTTP
Secure Hypertext Transport Protocol (S-HTTP) is HTTP with message security (added by using RSA or a digital certificate). Whereas HTTPS creates a secure channel, S-HTTP creates a secure message. S-HTTP can use multiple protocols and mechanisms to protect the message. It also provides data integrity and authentication.
S-HTTP also uses port 443 by default.
IP Security
IP Security (IPSec) is a security protocol that provides authentication and encryption across the Internet. IPSec is becoming a standard for encrypting virtual private network (VPN) channels. It’s available on most network platforms, and it’s considered to be highly secure.
One of the primary uses of IPSec is to create VPNs. IPSec, in conjunction with Layer 2 Tunneling Protocol (L2TP) or Layer 2 Forwarding (L2F), creates packets that are difficult to read if intercepted by a third party. IPSec works at layer 3 of the OSI model.
As a security administrator, it’s important to know the operations under way on your servers. As an administrator, you need to be able to evaluate operations and performance at all times and be able to establish a baseline of current operations.
The two primary protocols used by IPSec at the bottom layer are Authentication Header (AH) and Encapsulating Security Payload (ESP). Both can operate in either the transport or tunnel mode. Port 50 is used for ESP, while port 51 is used for AH.
You can find the best overview of IPSec and AH/ESP in “An Illustrated Guide to IPSec” by Steve Friedl at http://www.unixwiz.net/techtips/iguide-ipsec.html.
Tunneling Protocols
Tunneling protocols add a capability to the network: the capability to create tunnels between networks that can be more secure, support additional protocols, and provide virtual paths between systems. The best way to think of tunneling is to imagine sensitive data being encapsulated in other packets that are sent across the public network. After they’re received at the other end, the sensitive data is stripped from the other packets and recompiled into its original form.
The most common protocols used for tunneling are as follows:
Point-to-Point Tunneling Protocol Point-to-Point Tunneling Protocol (PPTP) supports encapsulation in a single point-to-point environment. PPTP encapsulates and encrypts Point-to-Point Protocol (PPP) packets. This makes PPTP a favorite low-end protocol for networks. The negotiation between the two ends of a PPTP connection is done in the clear. Once the negotiation is performed, the channel is encrypted. This is one of the major weaknesses of the PPTP protocol. A packet-capture device, such as a sniffer, that captures the negotiation process can potentially use that information to determine the connection type and information about how the tunnel works. Microsoft developed PPTP and supports it on most of the company’s products. PPTP uses port 1723 and TCP for connections.
Layer 2 Forwarding Layer 2 Forwarding (L2F) was created by Cisco as a method of creating tunnels primarily for dial-up connections. It’s similar in capability to PPP and shouldn’t be used over WANs. L2F provides authentication, but it