SSL is a secure protocol used for transmitting private information over the Internet. It works by using a public key to encrypt data that is transferred over the SSL connection. SSL provides data encryption, server authentication, message integrity, and optional client authentication.
TLS – upgrade to SSL, resides on application layer and can secure other protocols/applications, such as SMTP, IMAP, POP3, and HTTP.
SET (Secure Electronic Transaction) protocol originated by VISA and MasterCard as an Internet credit card protocol using digital signatures; makes USE of an electronic wallet on a customer’s PC and sends encrypted credit card information to merchant’s Web server, which digitally signs it and sends it on to its processing bank. It is comprised of three different pieces of software, running on the customer’s PC (an electronic wallet), on the merchant’s Web server and on the payment server of the merchant’s bank. The credit card information is sent by the customer to the merchant’s Web server, but it does not open it and instead digitally signs it and sends it to its bank’s payment server for processing.
SSH (Secure Shell) functions as a type of tunneling mechanism that provides terminal like access to remote computers.
SSH-2 is a secure, efficient, and portable version of SSH (Secure Shell) which is a secure replacement for telnet.
SLIP (Serial Line Internet Protocol) supports ONLY IP over a serial link. SLIP (Serial Line IP) was developed in 1984 to support TCP/IP networking over low-speed serial interfaces.
PPP (Point-to-Point Protocol) was designed to support multiple network types over the same serial link, just as Ethernet supports multiple network types over the same LAN. PPP replaces the earlier Serial Line Internet Protocol (SLIP) that only supports IP over a serial link.
CRAM (Challenge-Response Authentication Mechanism) is an authentication mechanism for IMAP4 where a client uses a keyed hash to authenticate itself to an IMAP4 server.
Authentication protocols used with remote access:
PAP (Password Authentication Protocol) – 2-way handshake in clear text that can be used in PPP.
CHAP (Challenge Handshake Authentication Protocol) – 3-way handshake, 1-way hash, Microsoft uses. Authentication mechanism for point-to-point (PPP) protocol connections that encrypt user’s password. Uses a randomly-generated challenge and requiring a matching response that depends on a cryptographic hash of the challenge and a secret key.
EAP (Extensible Authentication Protocol) – A framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences. Intended for use primarily by a host or router that connects to a PPP network server via switched circuits or dial-up lines. Implements MD5-challenge, S/Key, generic token card, & digital certs.
Most common VPN communication protocol standards:
PPTP is an encapsulation protocol (tunneling protocol), based on PPP, operates at the data link layer (layer 2) of the OSI model and enables only a single point-to-point connection per session, usually between client and server. PPTP uses native PPP authentication and encryption services, and asynchronous and synchronous links; while PPTP depends on IP to establish its connection, as currently implemented, PPTP encapsulates PPP packets using a modified version of the generic routing encapsulation (GRE) protocol, which gives PPTP to the flexibility of handling protocols other than IP, such as IPX and NETBEUI over IP networks. Disadvantages: It is able to only handle IP networks, (exp: IPX, or Netbeui over IP), it does not provide strong encryption, and it does not support any token-based authentication method for users.
L2TP operates at the data link layer (layer 2) of the OSI model and enables only a single point-to-point connection per session. L2TP is a combination of PPTP and the earlier Layer 2 Forwarding protocol (L2F). L2TP is derived from L2F and PPTP
L2F (Layer 2 forwarding).
IPSec operates at the network layer (layer 3) and enables multiple simultaneous tunnels.
ARP (Address Resolution Protocol) is used to match an IP address to an Ethernet address so the packet can be sent to the appropriate node. ARP does the opposite of RARP by broadcasting a request to find the Ethernet address that matches a known IP address.
RARP is used to match an Ethernet address to an IP address. RARP protocol sends out a packet, which includes its MAC address and a request to be informed of the IP address that should be assigned to that MAC address. When a station communicates on the network for the first time, RARP searches for and finds the Internet Protocol (IP) address that matches with the known Ethernet address.
ARP and RARP map between 32-bit addresses in IPv4 and 48-bit hardware addresses. IP headers contain 32-bit addresses (in IPv4) and 128 in IPv6. In an Ethernet local area network, however, addresses for attached devices are 48 bits long. The physical machine address is also known as a Media Access Control (MAC) address.
ICMP is a management protocol whose function is to send message between network devices. Routing tables are used by routers to choose the appropriate interface to route packets. ICMP supports packets containing error, control, and informational messages (e.g. PING).
UDP runs over IP and is used primarily for broadcasting messages over a network.
Both TCP and UDP use port numbers of 16 bits, which allows for a port number from 1 to 65535. (the binary representation would be 1 for 65535)
TCP Wrappers
Is limited – it can’t control access to running UDP servers, but can only control when a UDP server starts, because UDP packets can be sent randomly.
Acts as an ACL restricting packets so would not confuse a proxy server because the packets would not arrive and would not be a limitation.
Is considered open source (free), with a BSD licensing scheme.
PAT (Port Address Translation) is a type of NAT (Network Address Translation) that is the most convenient and secure solution.
TFTP (Trivial File Transfer Protocol) is sometimes used to transfer configuration files from equipments such as routers but the primary difference between FTP and TFTP is that TFTP does not require authentication. Speed and ability to automate are not important.
DNS relies on connectionless UDP whereas services like FTP, Telnet and SMTP rely on TCP.
SKIP is a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets.
ISAKMP is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism.
IKE is an Internet IPsec protocol for key-establishment protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP.
KEA (Key Exchange Algorithm) is defined as a key agreement algorithm that is similar to the Diffie-Hellman algorithm, uses 1024-bit asymmetric keys, and was developed and formerly classified at the secret level by the NSA.
Protocols Related to Email
IMAP4 (Internet Message Access Protocol, version 4) is an Internet protocol by which a client workstation can dynamically access a mailbox on a server host to manipulate and retrieve mail messages that the server has received and is holding for the client. IMAP4 has mechanisms for optionally authenticating a client to a server and providing other security services.
MIME is the Multi-Purpose Internet Mail Extension; it extends the format of Internet mail to allow non-US-ASCII textual messages, non-textual messages, multipart message bodies, and non-US-ASCII information in message headers.
S/MIME is a standard for encrypting and digitally signing electronic mail and for providing secure data transmissions.
SMTP (Simple Mail Transfer Protocol) is a TCP-based, application-layer, Internet Standard protocol for moving electronic mail messages from one computer to another.
PEM (Privacy Enhanced Mail) is an Internet protocol used to provide data confidentiality, data integrity, and data origin authentication for electronic mail.
