Skip to main content

Posts

Showing posts from 2012

1.6.12 Power Level Controls

Power level controls Some access points (AP) include power level controls that allow you to adjust the amount of output provided. Antenna power level controls are typically set by the manufacturer to a level suitable for an average environment. However this power level can be changed as informed by a site survey and antenna placement adjustments. The power level can be increased to strength the signal or it can be decreased for example to keep wireless signals from leaking outside the coverage area.

1.6.11 Antenna Placement

Antenna Placement The performance of a wireless network greatly depends on signal strength of the wireless access point (AP) and the location of the wireless clients. Antenna placement can be crucial in allowing signals from the AP to reach the clients. This signal can be affected by the construction materials of walls, the network range, and the strength, sensitivity and quality of the antennas. Signal strength depends on the environment in which the access point is placed. As a general rule, the greater the distance the signal travels, the more it will attenuate. Factors such as construction materials of walls, the network range, and the strength, sensitivity and quality of the antennas can further affect the signal strength. In general, the AP should be at the center of a circle (or sphere) with a minimum radius. Clients situated near the edge of the network range will likely experience network performance issues or dropped connections. Avoid placing AP near objects that ca

1.6.10 CCMP

CCMP Counter Cipher Mode with Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol designed for Wireless LAN products that implement the full IEEE 802.11i standard (IEEE 802.11i-2004). CCMP is a data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. It was created to address the vulnerabilities presented by TKIP, a protocol in WPA, and WEP. CCMP is an AES-based encryption mode introduced with WPA2 and it is more secure than the WEP protocol and TKIP protocol of WPA. It provides the following security services: Data Confidentiality; ensures only authorized parties can access the information Authentication; provides proof of genuineness of the user Access control in conjunction with layer management CCMP uses 128-bit AES encryption with a 48-bit initialization vector. CCMP computes a Message Integrity Check (MIC) using the well known, and proven, Ciphe

1.6.5 PEAP

PEAP Wireless security consists of three components: The authentication framework The authentication algorithm The data privacy or encryption algorithm Extensible Authentication Protocol (EAP) is a type of authentication algorithm. EAP is an authentication framework that supports multiple authentication methods. PEAP adds security services to those EAP methods that EAP provides. Protected Extensible Authentication Protocol, Protected EAP, or simply PEAP is a method to securely transmit authentication information, including passwords, over wireless networks. It was jointly developed by Microsoft, RSA Security and Cisco Systems. It is an IETF open standard. Note that PEAP is not an encryption protocol; as with other EAP types it only authenticates a client into a network. While many consider PEAP and EAP-TTLS to be similar options, PEAP is more secure since it establishes an encrypted channel between the server and the client. PEAP provides the security framework for mut

1.6.7 MAC Filter

MAC filter MAC addresses are uniquely assigned to each network adapter. Every wireless network adapter has a MAC Address burnt into it. When a wireless network adapter attempts to access the network, the access point (or router) checks the devices’ MAC address. Using MAC address filtering on a network allows the administrator to permit (or deny) network access to specific network adapter devices. If the MAC address doesn't match what's on the list, no connection is possible. This security isn't perfect. MAC Address filtering is often referred to as Security through obscurity because while giving some additional protection, MAC filtering can be circumvented by a determined hacker configuring their client to spoof one of the validated MAC addresses. Using MAC Filtering may lead to a false sense of security. To set up MAC address filtering, the administrator configures a list of network adapter MAC addresses that will be allowed to join the network. Then, each addres

1.4.13 IPv4 vs. IPv6

IPv4 vs. IPv6 Internet Protocol (IP) is a global communications standard used for linking devices together. It defines how computers communicate over a network. The primary purpose of an IP address is to uniquely identify a node at the Network Layer. Every Internet connected device, computer, smartphone, smart TV, etc. needs a unique IP address. The explosive growth in mobile devices including mobile phones, notebook computers, and wireless handheld devices has created a need for a large number of additional IP addresses. There are currently two versions: IP version 4 (IPv4) and IP version 6 (IPv6). IPv4 is the 4th version of the Internet Protocol. It is the most commonly deployed OSI Layer 3 (Network layer) protocol. IPv4 has a 32 bit address space and consists of 2 32 or approximately 4.3 billion possibile IPv4 addresses. IPv4 was formally defined by the Internet Engineering Task Force (IETF) in September 1981 as RFC-791. IPv6 is the next generation of the Internet Protoc

1.4.12 ICMP

ICMP Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It provides maintenance and reporting functions. It is chiefly used by IP end systems and all IP intermediate systems (i.e routers) to send error messages indicating, problems with delivery of IP datagrams within an IP network. It can be used to show when a particular end system is not responding, when an IP network is not reachable, when a node is overloaded, when an error occurs in the IP header information, etc. The Internet Protocol is not designed to be absolutely reliable. The purpose of these control messages is to provide feedback about problems in the communication environment, not to make IP reliable. The higher level protocols that use IP must implement their own reliability procedures if reliable communication is required. ICMP is defined in RFC 792. It is assigned protocol number 1. ICMP provides error reporting, flow control and first-hop gateway redirection.

1.4.11 SCP

SCP Secure Copy or SCP is a network protocol, based on the Berkeley Software Distribution’s (BSD) Remote Copy (RCP) protocol. SCP supports secure transfer of computer files between hosts on a network (local to remote host or remote to remote host). SCP uses Secure Shell (SSH) for data transfer and utilizes the same mechanisms for authentication, thereby ensuring the authenticity and confidentiality of the data in transit. A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download). SCP runs over TCP port 22 by default. The scp (UNIX/Mac OS X) and winscp (Windows) programs are implementations of the SCP protocol. SCP relies on Secure Shell (SSH). SCP is an application and a protocol that provide a secure replacement for the Berkeley r-tools, e.g rcp . Both programs ( rcp and scp ) are very similar, except that with scp , information (including the

3.4.8 IV Attack

IV attack An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption. This number, also called a nonce, is employed only one time in any session. Initialization vectors are used to prevent a sequence of text that is identical to a previous sequence from producing the same exact ciphertext when encrypted. The IV prevents the appearance of corresponding duplicate character sequences in the ciphertext. The use of an IV prevents repetition in data encryption, making it more difficult for a hacker using a dictionary attack to find patterns and break a cipher. The initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak and IVs are reused with the same key. By examining the repeating result, it is easy for miscreants to crack the WEP secret key, known as using an IV attack. An IV attack is usually associated with the WEP wireless protocol. References: http://en.wikipedia.org/wiki/Initialization

3.4.7 War chalking

War chalking Warchalking is the drawing of standard iconography (often in chalk) in public places to advertise an open Wi-Fi wireless network. Warchalking involves those who discover a way into the network leaving signals on, or outside, the premise to notify others of the vulnerability. References: http://en.wikipedia.org/wiki/Warchalking

3.4.6 Bluesnarfing

Bluesnarfing Bluesnarfing is much more serious than Bluejacking, but both exploit others' Bluetooth connections without their knowledge. Bluesnarfing enables gaining unauthorized access through a Bluetooth connection. This access can be gained through a phone, PDA, or any device using Bluetooth. Once access has been gained, the attacker can copy any data in the same way they would with any other unauthorized access. References: http://en.wikipedia.org/wiki/Bluesnarfing CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

3.4.5 Bluejacking

Bluejacking Bluejacking is the sending of unsolicited messages (think spam) over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field to another bluetooth enabled device via the OBEX protocol. Bluejacking takes advantage of a loophole in the technology's messaging options that allows a user to send unsolicited messages to other nearby Bluetooth owners. Bluetooth technology operates by using low-power radio waves, communicating on a frequency of 2.45 gigahertz. This special frequency is also known as the ISM band, an open, unlicensed band set aside for industrial, scientific and medical devices. When a number of Bluetooth devices are switched on in the same area, they all share the same ISM band and can locate and communicate with each other, much like a pair of walkie talkies tuned to the same frequency are able to link up. Bluetooth technology users take advantage of this

3.4.3 Evil Twin

Evil Twin Evil twin attack is a term for a rogue Wi-Fi access point (AP) that appears to be a legitimate, but actually has been set up by a hacker to eavesdrop and intercept wireless communications among Internet surfers. It is an attack in which unsuspecting Wi-Fi users are tricked into associating with a phony wireless Access Point. Also known as AP Phishing, Wi-Fi Phishing, Hotspotter, or Honeypot AP, these attacks use phony APs with faked login pages to capture credentials and credit card numbers, launch man-in-the-middle attacks, or infect wireless hosts. Evil twin is the wireless version of e-mail phishing scams. An attacker tricks wireless users into connecting a laptop or mobile phone to a rogue hotspot by posing as a legitimate provider. By imitating the name of another, legitimate wireless provider, they can fool people into trusting the internet services that they are providing. When the users log into bank or e-mail accounts, the phishers have access to the entire tr

3.2.14 Transitive Access

Transitive access Transitive – Passing over to or affecting something else. Transitive access is a problem when inadvertent (and possibly unauthorized) access results for a set of related and authorized access. With transitive access, A trusts B, if B then trusts C, then a relationship can exist where C is trusted by A). In a transitive trust relationship, the relationship between A and B flows through such that A now trusts C. In all versions of Active Directory, the default is that all domains in a forest trust each other with two-way transitive trust relationships. While this process makes administration much easier when you add a new child domain (no administrative intervention is required to establish the trusts), it leaves open the possibility of a hacker acquiring more trust than they should by virtue of joining the domain. References: http://dictionary.reference.com/ CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

3.2.13 DNS poisoning and ARP poisoning

DNS poisoning and ARP poisoning DNS and ARP poisoning are types of man-in-the-middle (MITM) attacks, which are types of spoofing attacks. A spoofing attack is an attempt by someone to masquerade as someone else. Address Resolution Protocol (ARP) cache poisoning (sometimes also known as ARP Poison Routing) allows an attacker on the same network segment (subnet) as its victims to eavesdrop on all network traffic between the victims. ARP poisoning, tries to convince the network that the attacker's MAC address is the one associated with an IP address so that traffic sent to that IP address is wrongly sent to the attacker's machine. In ARP poisoning, the MAC (Media Access Control) address table of the victim host is ‘poisoned’ with false data. Incorrect data for a victim host is interjected into the MAC table of the victim host to force the victim to communicate with the wrong host. By faking this value, it is possible to make it look as if the data came from a network that

3.2.12 Parming

Pharming Pharming is a hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real addresses — they are the "signposts" of the Internet. Compromised DNS servers are sometimes referred to as "poisoned". More worrisome than host file attacks is the compromise of a local network router. Since most routers specify a trusted DNS to clients as they join the network, misinformation here will spoil lookups for the entire LAN. Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent. In pharming, larger numbers of computer users can be victimized because it is not necessary to target indivi

3.2.11 Xmas Attack

Xmas Attack One of the three Nmap scan types: • Xmas scan (-sX) – Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree. • Null scan (-sN) – Does not set any bits (TCP flag header is 0) • FIN scan (-sF) – Sets just the TCP FIN bit. One of the most popular attacks that utilizes Nmap is the Xmas attack (also known as the Xmas scan and Christmas attack). This is an advanced scan that tries to get around firewall detection and look for open ports. It accomplishes this by setting three flags (FIN, PSH, and URG). References: http://nmap.org/book/man-port-scanning-techniques.html CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

3.2.10 Vishing & Spear Phishing

Vishing When you combine phishing with Voice over IP (VoIP), it becomes known as vishing and is just an elevated form of social engineering. Spear phishing Spear phishing is a unique form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party. In spear phishing, the attacker uses information that the target would be less likely to question because it appears to be coming from a trusted source. Because it appears far more likely to be a legitimate message, it cuts through the user's standard defenses like a spear and has a higher likelihood of being clicked. With spear phishing, you might get a message that appears to be from your boss telling you that there is a problem with your direct deposit account and you need to access this HR link right now to correct it. Spear phishing works because it uses information it can find about you from email databases, friends lists, and the like. References

3.2.9 Spim

Spim SpIM is short for "Spam via Instant Messenger" and is a term that refers to unwanted and unsolicited junk messages sent via an instant messenger (instead of through e-mail messaging). Most Spim comes in the form of chat requests/sessions from unknown people who then send you text messages about their products or services. Some may ask you to visit a website, which may contain malware or they may try to send you files to download. The immediacy of IM makes users more likely to reflexively click links. Furthermore, because it bypasses anti-virus software and firewalls. IM is an easy means of passing on not only commercial messages, but also viruses and other malware. Never accept or open attachments from people you don’t know. Turn off the automatic download features in your instant messenger client. Send all downloads to the same folder on your hard drive and then use your anti-virus software to scan that folder each time a new file is added. Related Terms

3.2.8 Phishing

Phishing Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is an example of social engineering techniques used to deceive users; in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request. Vishing involves combining phishing with Voice over IP. An email might look as if it is from a bank and contain some basic information, such as the user's name. A fake website might be created to look just like a legitimate site. It can then gather personal information from the user. The person instigating the phishing can then use the values entered there to access the legitimate account. One of the best counters to phishing is to simply mouse over the “Click Here” link and read the URL. Phishing email messages, websites, and phone calls are designed to steal money, access, informat

3.2.7 Spam

Spam Spam is the use of electronic messaging systems, particularly e-mail but including most broadcast media, digital delivery systems, to send unsolicited bulk messages indiscriminately. In general, e-mail messages you didn’t ask for, from people you don’t know are considered ‘spam’. Spam can contain viruses or other malware, or it may try to trick the recipient to give up passwords and user names, or visit a harmful site. Spam is not actually an acronym. According to the Internet Society and other sources, the term spam is derived from the 1970 Spam sketch of the BBC television comedy series Monty Python's Flying Circus. The sketch is set in a cafe where nearly every item on the menu includes Spam canned luncheon meat. As the waiter recites the Spam-filled menu, a chorus of Viking patrons drowns out all conversations with a song repeating "Spam, Spam, Spam, Spam... lovely Spam! wonderful Spam!", hence "Spamming" the dialogue. Related Terms SPAM – Ho

3.2.5 Smurf Attack

Smurf Attack The smurf attack, named after its exploit program, is a denial-of-service  attack which uses spoofed broadcast ping messages to flood a target system. In the "smurf" attack, from remote location, an attacker sends forged ICMP echo packets directed to the broadcast addresses of vulnerable networks with forged source address pointing to the target (victim) of the attack. All the systems on these networks reply to the victim with ICMP echo replies. This rapidly exhausts the bandwidth available to the target. This generates a denial-of-service attack. There are three parties in these attacks: the attacker, the intermediary, and the victim (note that the intermediary can also be a victim). The intermediary receives an ICMP echo request packet directed to the IP broadcast address of their network. If the intermediary does not filter ICMP traffic directed to IP broadcast addresses, many of the machines on the network will receive this ICMP echo request packet an

3.1.6 Rootkits

Rootkits Rootkits are software programs that have the ability to hide certain things from the operating system. Theoretically, rootkits could hide anywhere there is enough memory to reside: video cards, PCI cards, and the like. A rootkit often allows the installation of hidden files, processes, hidden user accounts, and more in the systems OS. Rootkits are able to intercept data from terminals, network connections, and the keyboard. A rootkit is a type of Trojan that keeps itself, other files, registry keys and network connections hidden from detection. It enables an attacker to have "root" access to the computer, which means it runs at a privileged level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkit detection is difficult because a rootkit may be able to subve

3.1.4 Spyware

Spyware Spyware is software that can display advertisements, collect information about you, or change settings on your computer, generally without appropriately obtaining your consent. For example, spyware can install unwanted toolbars, links, or favorites in your web browser, change your default home page, or display pop-up ads frequently. Some spyware displays no symptoms that you can detect, but it secretly collects sensitive information, such as the websites you visit or the text you type. Most spyware is installed through free software that you download, but in some cases simply visiting a website results in a spyware infection. Spyware gathers information on you to pass on to marketers or intercepts personal data such as credit card numbers and makes them available to third parties. References: http://windows.microsoft.com/en-US/windows7/Understanding-security-and-safer-computing

3.1.1 Adware

Adware Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during the installation process. The object of the Adware is to generate revenue for its author. Adware, by itself, is harmless; however, some adware may come with integrated spyware such as keyloggers and other privacy-invasive software. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen. The justification for adware is that it helps recover programming development cost and helps to hold down the cost for the user. Adware is criticized because it can include code that tracks a user's personal information and pass it on to third parties, without the user'

2.2.3 Incident Management

Incident management Incident management—the steps followed when events occur. A clearly defined incident response policy can help contain a problem and provide quick recovery to normal operations. In the event of some form of security incident, some form of procedure should be in place to deal with these events as they happen. The policy should cover each type of compromised security scenario and list the procedures to follow when they happen. The incident response policy should cover the following areas: Contact information for emergency services and other outside resources. Methods of securing and preserving evidence of a security breach. Scenario-based procedures of what to do with computer and network equipment depending on the security problem. How to document the problem and the evidence properly. The components of an incidence-response plan should include preparation, roles, rules, and procedures. Incident-response procedures should define how to maintain busi

2.2.2 Change Management

Change management Change management policies are official company procedures used to identify and communicate current or forthcoming changes to some aspect of the company’s networks and communications services. Change documentation should include the following: Specific details, about the change being proposed/implemented The name of the authority who approved the changes A list of the departments and the names of the supervisors involved in performing the change What the immediate effect of the change will be What the long-term effect of the change will be The date and time the change will occur After the change has occurred, the following should be added to the documentation: Specific problems and issues that occurred during the process Any known workarounds if issues have occurred Recommendations and notes on the event After the change has been requested, documented, and approved, you should then send out notification to the users so that they know what to exp

2.1.7 Risks associated to Cloud Computing and Virtualization

Risks associated to Cloud Computing and Virtualization If you ask two people a question about what cloud computing is, you are likely to get four different answers. That in itself should be considered a risk. For our purpose, we will consider cloud computing as the use of the Internet to host services and data instead of hosting it locally. Implementation of this include Google Mail, Amazon EC2, Salesforce.com, etc. The Security+ certification exam considers the following three ways of implementing cloud computing: The Platform as a Service (PaaS) model, vendors provide a platform for customers to build and run custom applications. Software as a Service (SaaS) is a way of delivering Web-based, on-demand, or hosted applications. Infrastructure as a Service The Infrastructure as a Service (IaaS) model closely resembles the traditional utility model used by electric, gas, and water providers. It delivers computer infrastructure – typically a platform virtualization environment – a

2.1.6 Risk-avoidance, transference, acceptance, mitigation, deterrence

Risk-avoidance, transference, acceptance, mitigation, deterrence Risk Avoidance Risk avoidance involves identifying a risk and making the decision to no longer engage in the actions associated with that risk. Risk avoidance should be based on an informed decision that the best course of action is to deviate from what would/could lead to exposure to the risk. One of the biggest problems with risk avoidance is that you are steering clear of activities you may benefit from. This is the most effective solution, but often not possible due to organizational requirements. Risk transference, you do not simply shift the risk completely to another entity, instead you share some of the burden of the risk with someone else, such as an insurance company. A typical policy would pay you a cash amount if all the steps were in place to reduce risk and your system still was harmed. Risk mitigation is accomplished anytime you take steps to reduce the risk. Steps include installing antivirus soft

2.1.4 Risk Calculation

Risk Calculation The likelihood and impact of a risk has a strong measure on your cost analysis for budgeting funds for risk countermeasures and mitigation. A calculation used to determine this factor is Annual Loss Expectancy (ALE). You must calculate the chance of a risk occurring, sometimes called the Annual Rate of Occurrence (ARO), and the potential loss of revenue based on a specific period of downtime, which is called the Single Loss Expectancy (SLE). By multiplying these factors together, you arrive at the ALE. This is how much money you expect to lose on an annual basis because of the impact from an occurrence of a specific risk. When you're doing a risk assessment, one of the most important things to do is to prioritize. Take into account the likelihood of an event happening and the impact to your organization if it does. Focus on the events that are likely and would have an impact. Not everything should be weighed evenly. One method of measurement to consider is

2.1 Explain risk related concepts

Explain risk related concepts Control types Technical Management Operational False positives Importance of policies in reducing risk Privacy policy Acceptable use Security policy Mandatory vacations Job rotation Separation of duties Least privilege Risk calculation Likelihood ALE Impact Quantitative vs. qualitative Risk-avoidance, transference, acceptance, mitigation, deterrence Risks associated to Cloud Computing and Virtualization

1.5 Identify commonly used default network ports

Identify commonly used default network ports TCP Port # UDP Port # Service 20 FTP (data channel) 21 FTP (control channel) 22 SSH; SCP; SFTP (over SSH) 989 989 FTPS (data): FTP over TLS/SSL 990 990 FTPS (control): FTP over TLS/SSL 69 Trivial File Transfer Protocol (TFTP) 23 Telnet 80 Hypertext Transfer Protocol (HTTP) 443 HTTPS (Hypertext Transfer Protocol over SSL/TLS) 137 137 NetBIOS Name Service 138 138 NetBIOS Datagram Service 139 139 NetBIOS Session Service

1.6.8 SSID Broadcast

SSID broadcast The SSID (Service Set IDentifier), or network name, of your wireless network is required for devices to connect to it. SSID is a function performed by an Access Point (AP) that transmits its name so that wireless stations searching for a network connection can 'discover' it. It's what allows your wireless adapter's software to give you a list of the AP in range. Wireless APs and routers can automatically broadcast their network name (SSID) into open air at regular intervals (every few seconds) to announce their presence. This feature of Wi-Fi network protocols is intended to allow clients to dynamically discover and roam between WLANs. One method of "protecting" the network that is often recommended is to turn off the SSID broadcast. This should be considered a very weak form of security because it is a trivial process for an attacker to discover the presence of the access point besides the SSID broadcast. Security by obscurity is no s

1.6.4 EAP

EAP Extensible Authentication Protocol (EAP) is an Internet Engineering Task Force (IETF) standard that provides an infrastructure for network access clients and authentication servers to host plug-in modules for current and future authentication methods. EAP is used to authenticate Point-to-Point Protocol (PPP)-based connections (such as dial-up, virtual private network remote access, and site-to-site connections) and for IEEE 802.1X-based network access to authenticating Ethernet switches and wireless access points (APs). EAP is used primarily in WEP/WPA/WPA2-based wireless networks for securely transporting authentication data. EAP separates the message exchange from the authentication process through the use of a different exchange layer and it provides a module-based infrastructure that supports several different authentication methods. EAP, is an authentication framework (not a specific authentication mechanism) frequently used in wireless networks and Point-to-Point connec

1.4.10 SFTP

SFTP In computing, the SSH File Transfer Protocol (SFTP) is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0, but is also intended to be usable with other protocols. SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group. The protocol itself does not provide authentication and security; it assumes that it is run over a secure channel, i.e. it expects the underlying protocol to secure this and that the server has already authenticated the client, and the identity of the client user is available to the protocol. SFTP is most often used as subsystem of SSH protocol version 2 implementations. Unlike standard FTP, SFTP encrypts both commands and data, preventing passwords and sensitive information from being transmitted in t

1.6.1 WPA

WPA Wi-Fi Protected Access (WPA) is a security protocol and security certification program developed by the Wi-Fi Alliance to secure wireless networks and surpass the older Wired Equivalent Privacy (WEP) protocol. The Alliance defined WPA in response to serious weaknesses researchers had found in WEP. WPA (defined in the draft IEEE 802.11i standard) became available around 1999 and was intended as an intermediate measure in anticipation that it would be replaced by the more secure WPA2 protocol. There are two versions, WPA and WPA2, with the latter being the full implementation of the security features. The difference between WPA and WPA2 is that WPA implements most—but not all—of 802.11i in order to be able to communicate with older wireless cards and it used the RC4 encryption algorithm with TKIP, while WPA2 implements the full standard and is not compatible with older cards. WPA also mandates the use of the Temporal Key Integrity Protocol (TKIP), while WPA2 favors Counter M

1.4.9 HTTPS

HTTPS Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer Protocol (http). HTTPS is a combination of Hypertext Transfer Protocol (HTTP) with SSL/TLS protocol. It provides encrypted communication and secure identification of a network web server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems. HTTPS combines HTTP with SSL/TLS to provide encrypted communication. When a user connects to a website via HTTPS, the website encrypts the session with a digital certificate. A user can tell if they are connected to a secure website if the website URL begins with https:// instead of http://. The default port is 443 and the URL begins with https://. The main idea of HTTPS is to create a secure channel over an insecure network. HTTPS is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layer

1.4.8 FTPS

FTPS FTPS (FTP over SSL) is an extension to the File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols for channel encryption as defined in RFC 2228. Well-known TCP & UDP ports for FTPS: 989 – FTPS (data channel) 990 – FTPS (control channel) Much like HTTPS, but unlike SFTP, FTPS servers may provide a public key certificate. Both FTPS and SFTP use a combination of an asymmetric algorithm (RSA, DSA), a symmetric algorithm (DES/3DES, AES, Twofish and so on), and a key-exchange algorithm. For authentication, FTPS uses X.509 certificates, whereas SFTP (SSH protocol) uses SSH keys. It's a good idea to use FTPS when you have a server that needs to be accessed from personal devices or from some specific operating systems that have FTP support but don't have SSH/SFTP clients. Pros of FTPS: Widely known and used The communication can be read and understood by humans Provides

1.4.6 SSL

SSL Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are cryptographic protocols that provide communication security over the Internet. SSL (and TLS) encrypt the segments of network connections at the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption. The primary goal of the SSL protocol is to provide privacy and reliability between two communicating applications. The SSL protocol uses an encryption scheme between the two systems. The client initiates the session, the server responds, indicating that encryption is needed, and then they negotiate an appropriate encryption scheme. TLS is a newer protocol that merges SSL with other protocols to provide encryption. TLS supports SSL connections for compatibility, but it also allows other encry