Basic Connection Protocols:
TCP: Provides connection-oriented traffic (guaranteed delevery). It uses the three way handshake.
SYN>SYN/ACK>ACK.
UDP provides connectionless session. (without a three-way handshake.) Audio and Video uses it.
IP: Identify the hosts in a network and delivers the traffic.
ICMP: is used for testing basic connectivity between two systems. ping, pathping, and tracert.
ARP: Resolves IPV4 address to media access control MAC address. IP uses the IP address to send it to a destination, once it arrives, it uses the MAC to send it to the right host/device. NDP: is the ARP for IPV6.
Encryption Protocols (Encrypts data in transit)
SSH: Secure Shell secures FTP as SFTP.
SCP: is based on SSH and uses TCP port 22.
SSL: encrypts HHTP traffic as HTTPS
TLS is SSL replacement you can use it in any application with the same port. When it is used with HTTPS, it uses TCP port 443.
IPsec: is used to encrypt traffic. It is native to IPV6 but IPV4 uses it. IPsec creates secured tunnels fro VPN.
Application Protocols
HTTP and HTTPS use port 80 and 443 and transmit data over the Internet in unencrypted and encrypted formats, respectively.
FTP supports uploading and downloading large files to and from a FTP server. FTP uses TCP port 20 and 21 and TFTP uses UDP port 69.
SFTP uses SSH to encrypt FTP traffic and transmits it using port 22. FTPS uses SSL to encrypt FTP traffic.
Telnet is a legacy protocol administrators have used to connect to remote systems. It uses TCP port 23 and sends data in cleartext. SSH is the secured alternative. SNMP is used to manage and monitor network devices.
SMTP sends email on TCP port 25, POP3 recieves email on port 110, and IMAP4 uses port 143
Subnetting allows you to divide a classful network into two or more smaller networks. CIDR notation uses a forward slash and a number to identify the subnet mask.
IPV6 has a significantly larger address space than IPv4. Ipsec is built in to IPv6 and can encrypt any type of IPv6 traffic.
DNS zones include records such as A records for IPv4 address and AAA records for IPv6 address. DNS uses TCP port 53 for zone transfers and UDP port 53 for DNS client queries. Most internet based DNS server run BIND software on Unix or Linux servers, and it is common to configure DNS servers to only use secure zone transfers.
Administrators use ports to identify traffic they want to allow or block. For example, SSH, SCP, and SFTP use port TCP port 22 by default. So, by configuring a firewall to allow traffic on port 22, they are allowing SSH, SCP, and SFTP traffic. Memorize the ports in Table 3.1 so that you can answer CompTIA Security+ port related questions very easily.
Loop protection such as STP or RSTP is necessary to protect against switching loop problems, such as those caused when two ports of a switch are connected together.
You can create multiple VLNAs with a single switch. A VLAN can logically group several different computers together, or logically separate computers, without regard of their physical location.
Port security includes disabling unused ports and limiting the number of MAC addresses per port. A more advanced implementation is to restrict each physical port to only a single specific MAC address. An 802.1x server provides port-based authentication, ensuring that only authorized clients can connect to a network. It prevents rogue devices from connecting.
Routers and packet filtering firewalls perform basic filtering with an access control list (ACL). ACLs identify what traffic is allowed and what traffic is blocked. An ACL can control traffic based on networks, subnets, IP address, ports, and some protocols. Implicit deny blocks all access that has not been explicitly granted. Routers and firewalls use implicit deny as the last rule in the access control list.
Host-based firewall provide protection for individual hosts such as servers or workstations. A host-based firewall provides intrusion protection for the host.Linux systems support xtables for firewall capabilities. Network-based firewalls are often dedicated servers or appliances and provide protection for the network.
Firewall use a deny any any, deny any, or drop all statement at the end of the ACL to enforce an implicit deny strategy. The statement forces the firewall to block any traffic that was not previously allowed in the ACL. The implicit deny strategy provides a secure starting point for a firewall.
Web application firewalls provide a strong protection for web servers. They protect against several different types of attacks, with focus on a web application attacks such as cross-site scripting attacks.
DMZ is a buffer zone between the Internet and an internal network. It allows access to services while segmenting access to the internal network. In other words, Internet clients can access the services hosted on serves in the DMZ, but the DMZ provides a layer of protection for internal network.
NAT translate public IP addresses into private IP addresses, and private IP addresses into public IP addresses. A common form of NAT is port address translation. Dynamic NAT (DNAT) uses multiple public IP addresses, whereas PAT use a single public IP address.
A proxy server forwards requests for services from a client. It provides caching to improve performance and reduce internet bandwidth usage, Proxy servers use URL filters to restrict access to certain sites, and can log user activities.
A web security gateway and unified threat management appliances both combine multiple security controls into a single appliance. They can inspect data streams and often include URL filtering, malware inspection, and content inspection components.