CCT 126: CISSP Expertise Unveiled - Secure Communication Protocols and Defense Strategies in Cybersecurity (D4.1.3)
Mar 25, 2024Embark on a cybersecurity odyssey with Sean Gerber as he reveals his leap into the consultancy realm, navigating the precarious balance between the thrill of independence and the stark realities of forging a new path. This episode offers an insider's perspective on secure communication protocols, a fundamental aspect of the CISSP exam, and a critical component of any robust cybersecurity defense. As we dissect the repercussions of the United Health Care hack and its jaw-dropping $22 million ransom, we'll equip you with the acumen to convey the financial stakes of cyber incidents to those who hold the purse strings.
As the digital world's intricacies unravel, we delve into the heart of network security with a focus on IPsec configurations and Public Key Infrastructure's role in authentication. You'll gain insights into the synergy between Kerberos and Active Directory, and the critical trade-offs between ease of access and ironclad security. Our journey also scrutinizes the pressing need to abandon outdated algorithms in favor of more resilient encryption standards, ensuring that your remote access remains a bastion against ever-evolving cyber threats.
Rounding off our excursion, we examine SRTP and ZRTP, protocols that stand at the vanguard of securing real-time communications like VoIP. Assess the benefits of these protocols against potential hurdles and system intricacies. Moreover, we'll discuss the intersection of the ZRTP with the widely recognized Signal protocol, providing you with a comprehensive understanding of the landscape of secure communications. Join us for a deep dive into the technologies that safeguard our digital interactions and arm yourself with knowledge that transcends the theoretical, ready to be applied in the practical world of cybersecurity.
Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.
TRANSCRIPT
Speaker 1:
Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started.
Speaker 2:
Good morning. It's Sean Gerber with the CISSP Cyber Training Podcast, and how are you all doing this beautiful day Today? As you can see in my background if you're watching the video, I have changed locations. I am currently in my new office, as I've just changed my jobs from being a SISO of a large multinational to now being a consultant. So a new twist in my life and a new change is. It's awesome, very different than what I did before, and I will say it's also a little bit just unnerving in some respects. But it's good. It's what needed to occur and where I'm at in this phase of my career, so pretty excited about that. This was obviously a choice on my own, just to get out there on my own and start my own business, and it's been very interesting to this point. So interesting in a good way and interesting in a little bit terrifying way, but it's all good nonetheless. So today we're going to be talking about domain 4.1.3. We're going to be getting various secure communication protocols as it relates to the CISSP. So if you're following along in the book, you'll be able to find that I can't remember what chapter it's in, but again, it's domain 4.1.3.
Speaker 2:
But before we get started, there is just going to talk real quickly about the article that made news. We talked about this in our podcast a couple of weeks ago, as it relates to the United Health Care hack that occurred, one of the things that just came up. They are finally making some sort of restitution, or able to make some movement, as it relates to the United Health Care challenge that they had with the Alpha V or Alpha V Black Cat hacking group that gained access through ransomware attack on the US health care system. They're able they said they've restored nearly all of change health care systems for processing prescriptions, that is to say, after a $22 million ransom that was paid from what we understand. Obviously, they haven't disclosed that specifically yet, but all the tea leaves and people talking have basically said that the ransom was paid towards the folks that were hacking into the change health care system. The interesting part, though, is that they've been able to get electronic payments back and operational, and this involves the billing between the payments and between the care providers and the insurers as well. So they've been moving forward, which is great, but it's been an interesting part where I think it's been scary for the US government to realize how intertwined this one health care system is tied with the US government, very similar to what happened with the colonial pipeline. I think that was also a reverberation throughout the environment that the critical systems, such as the health care and so forth, are very vulnerable to cyber attacks.
Speaker 2:
So, again, it's important to you as a security professional to stay on top of these things. One just so that you are aware that they're happening right. And also, as a security professional, it's your responsibility to talk to your leadership and let them know how this could happen. I've seen various different organizations that utilize these types of events in how they would respond to such an incident and what would be the potential downside of this occurring. So, as an example, if you had let's just say you had a facility, a manufacturing facility, a hospital, whatever that might be that would to go down and, as you see in this case here, just figure it was down for a month. So you take out the whole ability for paying the ransom. Let's just set that aside. But if you were to go and say, okay, if my system was down for a month, what would that potentially cost me in revenue, employee opportunity, costs for employees, what would that cost from a standpoint of just ensuring that I have all my licenses correct, and the whole litany of areas that could really dramatically affect what this would cost.
Speaker 2:
One thing to not get too hung up on, though, is getting into making it so precise. Precision is the enemy of being complete, and so sometimes you want to be directly correct, but you don't necessarily need to be precise to the point where you're talking about maybe a million dollars here or a million dollars there. Now, I understand it's a lot of money, but in a grand scheme of things, you could real quickly if you're just talking, let's say I'm just guessing let's say a pharmacist and you'll say one pharmacy goes down, and that's say that pharmacy generates X in revenue every month. Well, and your costs are Y every month. Well, if you just go that your expenses are this and your revenue is this, and you can then extrapolate that that you would lose let's say, I don't know $100,000 in revenue in one month. So you'd want more than that, but let's just say it's $100,000 in one month. If that's the case, then you extrapolate that out to be maybe 10, 15, 20 different pharmacies that you may have. So now you're saying a million dollars that would cost you to be down for a month, and that doesn't include what they would cost for the ransom and so forth. So those are ways you can kind of peel back that onion and quickly come together with some cost to the senior leaders. That won't be precise, but it will be directionally correct, and then you can highlight to them Is it worth spending the time to ensure that you have back up and recovery systems in place, or is it not? It may not, maybe it won't be, maybe you're fine with letting it totally just blown away and start all over, but those are things that you're going to have to work through with your senior leaders as you're trying to come up with a plan around this. So therefore, it is really important as a security professional that you understand these attacks, you understand how they did it and then also what systems were affected, because then you, as the professional, can come forward with what you feel you could do to best protect your organization, because that's what they're paying you to do. That's the expectation.
Speaker 2:
Okay, so let's go ahead and get started in today's training. Okay, so, again, like we talked about, this is 4.1.3, and then we're talking various secure communication protocols. So we're talking about protocols. There's various protocols that are there. You've got IPsec, you've got Kerberos, you've got SSH, you've got signal protocol and so forth, and we're going to kind of go over each of those a little bit in depth and just kind of talk to you about why are they important, what are the pros and cons for each of these protocols, so that you can understand that when they're asking you this question on the CISSP because they're going to ask you what is an IPsec tunnel and you may not know what that is because maybe you just didn't deal with it in your current career. So therefore you're like I have no idea the ultimate goal is to give you just a brief understanding of what these protocols do and why They'd be important for the CISSP.
Speaker 2:
Ip sec uses authentication through what they call a key exchange or an internet key exchange, ike. This protocol is used to establish the authenticated communication between the two parties bikes changing keys that the two pairs or the two peers are connected to. Now there's different types of IP sec tunnels that you may have. You have a site to site VPN, which actually gives between two offices you may have one's location here, another location here and it will connect the two specifically utilizing what they call an IP sec tunnel and this will form a single secure wide area network between the two. You also have what can occur through IP sec is a VPN, which you've seen you've probably dealt with, depending on where you're at and your remote activities is a good example, as an employee working from home can use an IP sec VPN to connect into their Companies internal resources again, same kind of point. It allows a connection between two parties and allows that activity to be encrypted. Therefore, if it's encrypted, you can't see into it and you would have to decrypt it or have to get yourself wedged in the middle somehow as part of the key structure to be able to ensure that you could actually see the data that's being sent Now.
Speaker 2:
So let's get into some of the pros that are behind this. Again, one of the aspects around a IP sec tunnel, an IP sec protocol, is the fact that it is supported by many vendors and many devices, in which makes it really interoperable when you're dealing with various platforms, and that's awesome, especially if you're trying to connect with something secure. It works. Done it a couple times, my story a few times myself, but the main thing is an architect. I talk about how we would connect those tunnels together to ensure that you'd have one Connection between them and you would protect the data between those two nodes. It does operate the network layer, which means it can secure basically any type of traffic, regardless of the application or the transport protocol that's being used. So it's at the network layer. It's used by many vendors.
Speaker 2:
Okay, now, some from the cons that come with this. It can be complex and difficult to configure. It's not a real simple solution where it's just you hit an easy button and you're in business, especially if you're dealing with multiple gateways, dynamic IP addresses, firewalls and so forth. It gets very point-to-point and it can be a bit challenging. So, that being said, it's one of those where it has its uses. But from a networking standpoint and configure it with inside your network, it may not be the best choice because it can be hard to configure.
Speaker 2:
It does require PKI, which is your public key infrastructure, to manage the certs for the authentication right. And so now when you're dealing with PKI, you have this search. You have to have a central location that will manage those certs, just because you can't individually do it, especially if you start getting in a large web, it will have to have some sort of mechanism that will manage the, the keys, the certificates that are Inside your network and then that will actively transmit them as needed, also a way to rotate them as needed. So it's an important piece where you will need some level of PKI which includes a pre-shared keys and it also has the ability to have the ability to change keys as necessary. So the next secure protocol is what we call Kerberos.
Speaker 2:
Now, with Kerberos, there are three main components of it. You have an authentication service I take it in granting service and then you have a server service server, which okay, so as we walk through this was just kind of go over each component as it relates. So the authentication service validates the user's credentials and issues a ticket granting ticket Okay, if the credentials are valid. Now this ticketing granting service uses that ticketing granting ticket, dgt, to issue service tickets that allow access to the networks themselves. And then the server service or service Server, accepts the service tickets and the users and provides the access required, specifically set up.
Speaker 2:
Now what are some of the examples that you can deal with? Well, you have just a couple key ones. You've got active directory authentication and you have single sign-on, so active directory authentication, this is where you use, obviously in the Windows active directory environment, and it's used to authenticate users. So when a user logs onto a computer on a system, active directory will then authenticate to you and grant you access to the resources, based on what active directory is saying and what actually, what's connected into active directory, what you're allowed to have access to. So many people will think of active directory as a networking type product, and it is, but it's also a security product. So again, that's how Kerberos works through the authentication through active directory, also a single sign-on Kerberos will allow users to log in and access multiple services without re-entering credentials.
Speaker 2:
As an example, you know you want to have, rather than have, shawn, that has a password, monkey, and you want to, and then monkey one, monkey two, monkey three. You can use this single sign-on capability where it is already federated against Shawn and when Shawn logs in it Peer, it queries your active directory environment and therefore it knows that Shawn has access to this, but Shawn only has to remember one password. So it does allow you to have access to email, file shares and all that stuff with just having one specific password and therefore you don't have to have multiple passwords based on the apps or the applications You're trying to connect to. So, again, kerberos works really good with active directory and single sign-on. It has three main services authentication service, ticket granting service and service server. Those are the three aspects to Kerberos.
Speaker 2:
Okay, so let's go over the pros and cons of Kerberos. So it does offer strong authentication, such as your public key, crypto, password, password based authentication or, potentially, one time passwords or, as wise known as OTP. It can create tunnels, obviously between different hosts, allowing for port forwarding, x11 forwarding or VPN connections. So it does give you that capability, similar to what the IPsec tunnels will give. You cons are is that it does have some availability or doesn't have the ability to have some man-middle attacks, especially if the server's public key is not verified. So obviously, your public key is out there and, unverified, it could you could, potentially could get a man-in-the-middle attack, and then it can consume bandwidth and CPU resources more than what potentially other protocols can do.
Speaker 2:
Okay, so the next one is SSH, that's your secure shell. Now, secure shell has been used for many, many years for accessing as a secure protocol for environments trying to gain access to something, and One of the pieces that has been an important part of SSH is that its encryption algorithms. Now the typical SS, the original SSH that was an open SSH has been deprecated from a standpoint of Algorithm being used is still a shawl one type algorithm and therefore it shouldn't be used because it can be manipulated. It doesn't. It isn't a strong, secure algorithm. But open SSH is still available and used widely among many, many people.
Speaker 2:
So what does SSH do? Is it provides a secure, remote login for a remote machine and, potentially, ability to Execute commands. Now I would do an SSH, could shell to multiple systems, I would execute those commands on that system and it was a great secure way of doing it in the fact that you couldn't see what I was actually running. Now the encryption piece of this this encrypt encrypts a session to protect the data from being read by other individuals, which we mentioned, and the part that comes into as well as a. When I was working as a red teamer, we would do this so that we would have access and we didn't want any sort of decryption type tools to be able to sniff what we were doing. I shouldn't say decryption, I should say any sort of wire shark thing that was sitting on the network sniffing the traffic. We didn't want them to see what commands we were executing, so, therefore, we would connect with a secure shell into that environment. Now, the downside of doing that, obviously, is it does highlight that you're doing something that you don't want people to see. So if person's Interested in seeing what you're doing and now you kind of blinded them, it does tend to potentially highlight the fact of what you're trying to accomplish may not be something they want you want to look at. Now it does.
Speaker 2:
Authentication uses public key crypto, which to authenticate if the remote computer and allow it to authenticate to the user user itself. Now, what are some examples around secure shell? You have remote server management, and then you have secure file transfer. Those are some key Tart examples of how secure shell has been used. So, as an example, right obviously, administrators will use SSH to securely log into and manage servers and update the server configurations, restart servers and so forth and our services. The key around that, though, is just the fact that that's a great secure Communication method to remote into a system and allows you to have access to what you need to do over the internet and Protect it. Secure file transfer obviously allows you to, using SCP or SFTP, which is your secure file transfer protocol, and it allows you to transfer files over the network that are encrypted and protected, obviously, so you can't from the beginning of where you beginning. At this point to the endpoint, they are encrypted, allowing it to basically be protected during that entire process. So, remote server management, secure file transfers.
Speaker 2:
Now what are some of the pros and the cons of dealing with SSH? Ssh provides a strong encryption and authentication, insuring the security of the data being transferred over the network, but it also supports various cryptographic algorithms, obviously allowing for users to have the optimum level of performance. It works great, but it has had some issues in the past, especially with the brute force attacks, with using the Algorithms such as a shawl one, where they are able to guess private passwords, or using passwords and the private key, if we're using their various common in it combinations sprays that they have. It also could be subject to man in the middle. Where they can, hackers can intercept and modify the communication between the user and the server, as, especially if they're trying to verify the identity using the obviously certificates and the fingerprints that are associated with it. So there's pros and the cons with it is again, also another con is if you are using an older version of SSH, you could be setting yourself up for potentially having issues just because of that older algorithm that's being used Now.
Speaker 2:
That other one is a signal protocol. This one came around because of WhatsApp in their secure messaging protocol Basically what it comes there's a end-to-end encryption which only obviously secures communication between the users, that that you can read each of the messages. So the communication between point a to point B with the WhatsApp application is secure. It protects past communications being compromised if the keys are stolen in the future. So that's obviously the forward security secrecy aspect of it. It has that ability and it uses AES 256 and SHA256 to secure the communication path. So again, the signal protocol was is used in apps such as WhatsApp and the signal for end-to-end encryption.
Speaker 2:
I noticed that I know from folks that have used signal from end to end and basically you have the app on your phone, they have the app on their phone, you can secure communicate back and forth with them and nobody can intercept that conversation. It works really well. The only problem is if they're not in your network, obviously then the signal app doesn't really work, but it does really have a good way to allow people to have access to secure encrypted communication streams. It does provide some somewhere again the pros and the cons of it. It does provide forward security, meaning the key is compromised in the future. It doesn't affect your security or past future messages. That's one of the things they're seeing more and more of. Is this forward security or secrecy, just because the fact that we know so much data is being stolen and therefore all that people need at this point is getting the keys and they can have access to it? It does provide end-to-end encryption, meaning that only the sender and the receiver can decrypt the messages. It's that signal, it's point A to point B, but because of that, your network can be limited. It is limited to only the people that have the compatible devices and the apps loaded on their systems. It also may be subject to legal or political pressure, depending on which governments may allow it or not allow it, especially if you're dealing with governments maybe in Asia, or, say, china or Russia, they may not want that. They may want you to be able to be able to see those communication streams. So therefore, if they won't allow that app within their country, so something to consider as you're looking to deploy that within your organization.
Speaker 2:
Okay, next one is secure remote procedure call or RPC. So there is an authentication and encryption methodology for this as well. So it verifies the identity of communicating programs to prevent any sort of unauthorized access, and it does protect the data being transferred, obviously through a level of encryption. Now how does RPC work? It's used with distributed apps where procedure calls may occur within a specific remote server. So a client application might use a secure RPC to connect to a database and query the remote server and retrieve the results in a secure form or fashion. So it's just a remote aspect of this and it does allow the client application to use this secure RPC to connect and execute on this remote server and then therefore the query itself, the request, will be encrypted as well.
Speaker 2:
Now what are some of the pros that go along with this? It provides confidentiality, integrity, obviously for these preventing unauthorized access. It supports various encryption algorithms, which is a positive right, depending upon what you're going to be using. It allows for flexibility and in operable in opera. But but yeah, it's, it's flexible, let's just go with that. It's very flexible and it does allow that to occur, and within your organization it can be deployed relatively easily and it makes it a simple process. Now some of the cons that go along with this is, obviously it does need additional overhead for encryption and decryption, which may affect the performance and latency of the communication. It does rely on key distribution systems such as Kuberos and or public key crypto to allow this to happen, which does include increased complexity and some level of security risk. So it's one of those that I've seen it use within organizations not on a high end, not a lot, but it is used depending upon your database. Administrators use RPC quite a bit, but it's it's more of a niche type of use. It's not something that's a broad brush, kind of commuting up secure protocol that's being used.
Speaker 2:
Next one is a TLS transport layer security Now in TLS is one of the primary one that's used. It moved away from SSL to TLS and I think I can't remember what version we're on right now, but it's, I think, 1.4. Maybe the other versions have been deprecated just due to the fact of, obviously, time and as new TLS versions come out, they will increase, obviously, the version of that as it goes on. So it encrypts data that's sent over the internet, such as web browsing, email messaging, and obviously it's the main purpose so that you can't intercept the communications. It has user certificates to authenticate to the communicating parties and that way the files, or any of the files, haven't been altered during the transmission. So what I talked about. What are some of the main use cases around it? Web browsing is the most commonly used and it's a secure form of HTTP. It allows for secure HTTP connections to occur. So obviously, when you get the HTTPS, that's TLS. That's working to encrypt that data.
Speaker 2:
Email encryption TLS is used to secure email communications. I've seen it in some cases. I haven't seen a lot of it, but it can do that between your email clients and the email server. It protects the contents, obviously, of the emails that are going through. Now what are some of the pros and cons that go with TLS? It does provide for strong encryption of the data in transit and it does prevent unauthorized access or modification by individuals. The cons are is it adds a lot of computational overhead Again for the encrypting and decrypting of the data, and you're gonna see this pretty much with any encryption you're gonna deal with. Is it works really well if you've got a pretty solid system in place, but if you don't, it will cause you some churn and it will cause you some issues. So it requires the certificates to be issued and managed by trusted authorities, which can incur, obviously, costs and risk if they are compromised. So the ultimate goal is again is you wanna utilize TLS as much as you possibly can with your environment. It is relatively turnkey, it works really really well and it's one of the standard protocols that are being used for secure encryption.
Speaker 2:
Okay, another protocol that you'll see in VPNs is what they call L2TP Layer 2 Tunneling Protocol. This one has been around for a while and it works really well for private VPNs, enables tunneling of data packets between networks and it operates on the data link layer to facilitate creation of tunnels over public networks and it helps maintain privacy. The L2TP does not provide encryption itself. It's often paired with IPsec to ensure that the communications is occurring. So again, it has the ability to do this, but it does work in conjunction in concert with IPsec. So one of the examples out there I was able to dig up off the internet was one called NordVPN. Nordvpn does use a IPsec combination of L2TP and IPsec to establish this communication. The main thing that it's worked with is that if you utilize, because it's got a geo-restricted capability, it does allow you to use this within different countries as well.
Speaker 2:
So okay, so let's go into the pros and cons of L2TP. L2tp is compatible with various platforms and devices such as Windows, linux, mac, android and so forth, so it's been around, it's available to them and it does work well. It can provide strong encryption and authentication when they're combined with other protocols such as IPsec. So it does. It's a very good product when it works in conjunction with that. It can be slower than other VPN protocols due to the double encapsulation that's occurring with it between IPsec and the L2TP itself, and it can be blocked or throttled by firewalls if they detect that it has a signature. So what I mean by that is just that they're dependent on the protocol that's being used. If the firewall doesn't want L2TP to be used, they could block it at the specific firewall, which would then throttle or limit your capability with utilizing that specific protocol. So you're gonna have to look at what works best for your organization. Also, get with your network folks, because one of the pieces that will come into is they're gonna have to help you enable some of this. So if you have network individuals within your organization, maybe find out what are the things they utilize right now as a key encryption protocol or secure communication protocol, and then get with them to see which one it is and then, if you feel that the deployment of it is sufficient for your needs, you may want to recommend something different to them, and if that's the case, then maybe they'll be interested in opening up and make some changes.
Speaker 2:
Now, one that I hadn't been aware of, and I didn't see it in the CISSP book, was SRTP transport protocol. So it's a secure, real-time transport protocol, because I was looking up there, what are some other ones out there besides the standards? You know, your L2TP or VPN connections and so on and so forth. How which ones are out there that you are that might be becoming to be used? Srtp won. This one came up and it was interesting just in the fact that I didn't really know much about it.
Speaker 2:
It provides encryption, method, message authentication and integrity for real-time communications such as VoIP. So therefore it's over VoIP. Srtp is a good option for that. So what it does is it uses AES and is a default cipher for the encryption of the data flow. That goes between two points, and it allows method authentication for the messages and then replay protection against any replay attacks, ensuring that they cannot be intercepted and then replayed back at you.
Speaker 2:
Now one example of this is ZRTP, which I hadn't heard of before either, and we'll kind of quickly go into that one as well. But it's a protocol that's negotiating encryption keys for SRTP using Diffie-Helman Key Exchange. Now, srtp does not rely on a third party or a certificate authority, but uses short authentication strings. So you the typical you'd have a CA that you would utilize for is your trusted party for your certificate. It uses what they call a short authentication string to confirm the identity of the parties. Now this authentication string can be verified by voice or by other means, such as a QR code. So it's that. Can you verify the QR code? You click on it. Yes, this is me. That's one of.
Speaker 2:
The ZRTP allows that encryption to occur and this can occur over voice or video calls on IP networks. I hadn't really even thought of what that was, so that's something that was interesting. And new. Srtp prevents, obviously, eavesdropping and from audio and video streams. So that's positive, right. So you have encryption fee.
Speaker 2:
One of the big issues that ran into VoIP is the fact that there was no, there was no good way to encrypt. This. Srtp does obviously have the good protection from voice and video and it's using encryption authentication algorithms to do so. Now, what are some of the negatives? Well, it does add a latency into the communication and it may not be compatible with some legacy devices or protocols, and it does increase the cost and complexity of these systems, adding delays and bandwidth consumption. So it's on old systems, it may not work very well. Something to think about if you're looking to use SRTP.
Speaker 2:
Lastly, we're going to real quickly talk about ZRTP, which is the Zimmerman real time transport protocol. This obviously works in conjunction with the SRTP and ZRTP works. They work together. As we mentioned, it works on the public key infrastructure and it is tied into VoIP type communications. The ultimate goal is, again, as it deals with the SAS match all right, zrtp.
Speaker 2:
So, as we mentioned, zrtp was in works in conjunction with SRTP, but it also works with signal, which is what the WhatsApp communication protocol is. It's a key protocol and negotiates for encryption between two endpoints, obviously in a VoIP call, and it uses a Diffie Helman key exchange and an independent of the signaling protocol that's specifically used. So you just pair it up with the signal protocol. It does not rely on PKI. Instead, it generates the ephemeral keys which are used to protect against man in the middle of tags. So well, let's just use they use the example as signal.
Speaker 2:
Now, signal, obviously, is a secure messaging app and it utilizes this for voice and video calls. It can verify the identity of the contacts by comparing the short authentication strings displayed on their devices during the call. So are you who you say you are? If they match, this means the keys have been exchanged securely between the two and there's no man in the middle. Signal will allow the view and verify the public key fingerprints of their contacts, which then are derived from the ZRTP's master key. It does provide end-to-end encryption. So, from a pro standpoint, it gives you great or great protection against that type of communication and it does not require any prior setup. It automatically negotiates the keys for you, so it makes it simple, and hence that's why one of the things that they wanted to have happen with WhatsApp is you want it to be simple and to the point. It requires support from both ends of the VoIP application. So, again, like Signal, you gotta have connection on both ends for this to occur, which may not be totally compatible with all types of other protocols that are out there, and you may have to introduce some latency in this due to the additional cryptographic operations that are in place. So, again, something to kind of consider as you're looking at the various protocols. Again, that is ZRTP and SRTP. So Zimmerman Real Time Transport Protocol and Secure Real Time Transport Protocol. Okay, that is all I've got for today. Hope you all enjoy this. Head on over to cisspcybertrainingcom.
Speaker 2:
I've got some great CISSP training out there. A lot of free content, more and more free content that's coming and available to you. You can go check out my web blog and all of these videos are out there available to you. You can also go to YouTube and see them as well, along with some of the show notes will be available as well, if that. If you need your CISSP training, I am here to help you with that. I definitely can help you get what you need to pass the CISSP exam guaranteed. No question about it. You can pass the CISSP. You go through my program. You will pass the test. It's just you have to put in the work to do it, and CISSP cyber training is here for you to help you with that. Go check it out Again. If you have some free CISSP questions, you can get those as well at CISSP cyber training, or go to free questions, freecisspquestionscom, and get access to those questions as well. Have a wonderful, wonderful day, and we will catch you on the flip side, see ya.
OUTLINE
IPSEC (Internet Protocol Security)
- Encryption: IPSEC encrypts IP packets to ensure that the data remains confidential as it travels across the network. It uses cryptographic algorithms to transform the data into an unreadable format for unauthorized users1.
- Authentication: It authenticates the source of the IP packets, ensuring that the packets received are from a legitimate sender2.
- Key Exchange: IPSEC uses the Internet Key Exchange (IKE) protocol to establish a secure and authenticated communication channel by exchanging keys between peers3.
- Examples: IPSEC (Internet Protocol Security)
- Site-to-Site VPN: IPSEC is commonly used to connect two different networks securely over the internet. For example, a company with offices in two different cities might use IPSEC to connect their local area networks (LANs) to form a single, secure wide area network (WAN)1.
- Remote Access VPN: IPSEC can also be used to allow remote users to connect to a corporate network securely. For instance, an employee working from home can use an IPSEC VPN to access the company’s internal resources as if they were physically present in the office2.
Pros:
- Standard protocol that is supported by many vendors and devices, making it interoperable and compatible with different platforms
- Operates at the network layer, which means it can secure any type of traffic, regardless of the application or transport protocol used
Cons:
- Can be more complex and difficult to configure and troubleshoot, especially when dealing with multiple gateways, dynamic IP addresses, NAT, firewalls, and other network devices
- Public key infrastructure (PKI) is required to manage the certificates and keys for authentication, which can be costly and time-consuming to maintain.
- Alternatively, IPSEC can use pre-shared keys (PSK), but this can compromise security if the keys are not changed frequently or stored securely
- For example, IPSEC should use anti-replay windows, sequence numbers, and nonce values to prevent replay attacks
Kerberos
- Authentication Service (AS): Validates the user’s credentials and issues a ticket-granting ticket (TGT) if the credentials are valid4.
- Ticket Granting Service (TGS): Uses the TGT to issue service tickets that allow access to network services5.
- Service Server: Accepts the service ticket from the user and provides access to the requested service6.
- Examples:
- Active Directory Authentication: Kerberos is used in Windows Active Directory environments to authenticate users. When a user logs into their computer, Kerberos is used to verify their identity and grant them access to resources within the network3.
- Single Sign-On (SSO): Kerberos enables SSO, allowing users to log in once and access multiple services without re-entering credentials. For example, after initial login, a user can access email, file shares, and databases seamlessly4.
Pros
- Offers strong authentication mechanisms, such as public key cryptography, password-based authentication, or one-time passwords
- Can create secure tunnels between different hosts, allowing for port forwarding, X11 forwarding, or VPN-like connections
Cons
- Vulnerable to man-in-the-middle attacks if the server's public key is not verified by the client
- May consume more bandwidth and CPU resources than other protocols, especially if encryption is enabled
SSH (Secure Shell)
- Remote Login: SSH provides a secure method for logging into a remote machine and executing commands7.
- Encryption: It encrypts the session to protect the data from being read by others8.
- Authentication: SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user9.
- Example:
- Remote Server Management: Administrators use SSH to securely log into and manage servers. For example, updating server configurations or restarting services can be done remotely over an encrypted SSH connection5.
- Secure File Transfer: SSH is also used for secure file transfers using SCP or SFTP. This ensures that sensitive files transferred over the network are encrypted and protected from interception6
Pros and Cons of SSH
Pros:
- SSH provides strong encryption and authentication, ensuring the security and integrity of data transmitted over the network7.
- SSH supports various cryptographic algorithms and key exchange methods, allowing users to choose the optimal level of security and performance8.
Cons:
- SSH may be vulnerable to brute force attacks, where hackers try to guess the user's password or private key by trying many combinations11.
- SSH may be subject to man-in-the-middle attacks, where hackers intercept and modify the communication between the user and the server, unless the user verifies the server's identity using fingerprints or certificates11.
Signal Protocol
- End-to-End Encryption: Ensures that only the communicating users can read the messages10.
- Forward Secrecy: Protects past communications from being compromised if keys are stolen in the future11.
- Cryptographic Primitives: Uses Curve25519, AES-256, and HMAC-SHA256 to secure communications12.
- Examples:
- Instant Messaging: The Signal Protocol is used in apps like WhatsApp and Signal for end-to-end encrypted messaging. This means that messages are encrypted on the sender’s device and can only be decrypted by the recipient, ensuring privacy7.
Pros:
- It provides forward secrecy, meaning that if a key is compromised, it does not affect the security of past or future messages
- It provides end-to-end encryption, meaning that only the sender and the receiver can decrypt the messages, and no third party can access them, even if they control the network or the server
Cons:
- It requires both parties to have internet access and use compatible devices and apps, meaning that it may not work in some situations or regions where connectivity or availability is limited
- It may be subject to legal or political pressure, meaning that some governments or authorities may try to ban, block, or undermine the use of the protocol or the apps that implement it, either by coercing the developers or the users
Secure Remote Procedure Call (RPC)
- Authentication: Verifies the identity of the communicating programs to prevent unauthorized access13.
- Encryption: Protects the data being transmitted, ensuring confidentiality during the communication process14.
- Examples:
- Distributed Applications: Secure RPC is used in distributed applications where procedures are called on a remote server. For example, a client application might use secure RPC to execute a database query on a remote server and retrieve the results securely8.
Pros:
- It provides confidentiality and integrity for remote procedure calls, preventing unauthorized access and modification of data
- It supports various encryption algorithms and authentication mechanisms, allowing flexibility and interoperability
Cons:
- It requires additional overhead for encryption and decryption, which may affect the performance and latency of the communication
- It relies on a key distribution system, such as Kerberos or public-key cryptography, which may introduce complexity and security risks
Transport Layer Security (TLS)
- Encryption: TLS encrypts data sent over the internet, such as web browsing, email, and messaging, to prevent eavesdropping15.
- Authentication: It uses certificates to authenticate the communicating parties16.
- Integrity: Ensures that the data has not been altered during transmission17.
- Examples:
- Web Browsing: TLS is most commonly used to secure HTTP connections, forming HTTPS. When you visit a website with HTTPS, TLS is working to encrypt the data between your browser and the web server, ensuring secure transactions9.
- Email Encryption: TLS is also used to secure email communications. When you send an email, TLS can encrypt the connection between your email client and the email server, protecting the contents of your email from eavesdroppers10.
Pros:
- It provides strong encryption for data in transit, preventing unauthorized access or modification by third parties.
- It ensures the identity of the communicating parties, preventing impersonation or phishing attacks.
Cons:
- It adds computational overhead and latency for encrypting and decrypting data, which can affect performance and user experience.
- It requires certificates to be issued and managed by trusted authorities, which can incur costs and risks of compromise or expiration.
L2TP (Layer 2 Tunneling Protocol)
- Purpose: L2TP is used to support virtual private networks (VPNs) and enables the tunneling of data packets between networks1.
- Operation: It operates at the data link layer to facilitate the creation of tunnels over public networks, maintaining privacy1.
- Security: L2TP itself does not provide encryption; it is often paired with IPsec to ensure secure communication1.
- Example:
- Virtual private network (VPN) service provided by NordVPN.
- NordVPN uses L2TP/IPsec to establish secure connections between the user's device and one of its servers in different countries.
- This allows the user to access geo-restricted content, protect their online privacy, and encrypt their internet traffic.
- NordVPN also offers other protocols, such as OpenVPN and IKEv2/IPsec, but L2TP/IPsec is a common option for users who want a balance between speed and security.
Pros:
- L2TP is compatible with various platforms and devices, such as Windows, Linux, Mac, Android, and iOS
- L2TP can provide strong encryption and authentication when combined with other protocols, such as IPsec
Cons:
- L2TP can be slower than other VPN protocols due to the double encapsulation and encryption overhead
- L2TP can be blocked or throttled by firewalls or ISPs that detect its signature
SRTP (Secure Real-time Transport Protocol)
- Purpose: SRTP provides encryption, message authentication, and integrity for real-time communications like VoIP2.
- Features:
- Encryption: Uses AES as the default cipher for data flow encryption.
- Authentication: Employs message authentication to verify the integrity of the messages2.
- Replay Protection: Protects against replay attacks, ensuring that messages cannot be intercepted and played back2.
- Example:
- ZRTP, a protocol that negotiates the encryption keys for SRTP using Diffie-Hellman key exchange.
- ZRTP does not rely on a trusted third party or a certificate authority, but instead uses a short authentication string (SAS) to confirm the identity of the parties.
- The SAS can be verified by voice or by other means, such as a QR code. ZRTP provides end-to-end encryption and authentication for voice and video calls over IP networks
Pro
- SRTP prevents eavesdropping, tampering, and replay attacks on audio and video streams; it also supports key management and feedback mechanisms for quality control and congestion avoidance
- SRTP protects the confidentiality and integrity of real-time data such as voice and video; it allows for dynamic key exchange and refreshment using secure signaling protocols; it supports various encryption and authentication algorithms
Con
- SRTP adds computational overhead and latency to the communication; it may not be compatible with some legacy devices or protocols; it requires coordination with signaling protocols like SIP or H.323 to establish keys and parameters
- SRTP increases the complexity and cost of the communication system; it introduces additional delay and bandwidth consumption to the data transmission; it may face interoperability issues with older or non-standard equipment or software
ZRTP (Zimmermann Real-time Transport Protocol)
- Purpose: ZRTP is a key-agreement protocol that negotiates keys for encryption between two endpoints in a VoIP call3.
- Key Exchange: Utilizes Diffie-Hellman key exchange and is independent of the signaling protocol used3.
- Security: Does not rely on a Public Key Infrastructure (PKI), instead, it generates ephemeral keys for each session to protect against man-in-the-middle attacks3.
- Example:
- Signal, a secure messaging and calling app that uses ZRTP for voice and video calls
- Signal users can verify the identity of their contacts by comparing the Short Authentication Strings (SAS) displayed on their devices during the call
- If the SAS match, it means that the keys have been exchanged securely and there is no man-in-the-middle attack
- Signal also allows users to view and verify the public key fingerprints of their contacts, which are derived from the ZRTP master secret
Pros
- ZRTP provides end-to-end encryption for voice and video calls, ensuring confidentiality and integrity of the communication
- ZRTP does not require any prior setup or configuration, it automatically negotiates keys during the call initiation phase
Cons
- ZRTP requires support from both the endpoints and the VoIP application, which may not be widely available or compatible with other protocols
- ZRTP may introduce some latency and overhead due to the additional cryptographic operations and packets exchanged during the key negotiation
DTLS (Datagram Transport Layer Security)
- Purpose: DTLS provides security for datagram-based applications, preventing eavesdropping, tampering, or message forgery4.
- Operation: Based on TLS but designed for use with UDP to avoid issues like packet reordering and loss5.
- Use Cases: Commonly used for internet telephony, streaming, gaming, and VPNs where fast data transfer and short response times are crucial5.
- Example:
- WebRTC protocol, which enables real-time communication between web browsers and other devices.
- WebRTC uses DTLS to secure the media and data streams that are exchanged over UDP or TCP connections.
- DTLS ensures that the communication is confidential, authenticated, and resistant to replay attacks.
Pros:
- It provides end-to-end encryption and authentication for datagram-based applications, protecting them from various attacks and threats.
- It supports data compression, which can reduce bandwidth usage and improve performance.
Cons:
- It adds additional overhead to each datagram, which can increase latency and packet loss.
- It does not guarantee reliable or in-order delivery of datagrams, which may cause problems for some applications that require these features.
CISSP Cyber Training Academy Program!
Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification?
Let CISSP Cyber Training help you pass the CISSP Test the first time!