SY0-601 Implementation Study Guide for the CompTIA Security+
Questions about implementation on the CompTIA Security+ test make up about 25% of the entire test, so you’ll need to be fluent in the concepts in this study guide. CompTIA Security+ questions sometimes begin with a scenario and all of the implementation questions do this. This makes sense because implementation is all about devising procedures related to security, and you need to know the situation before addressing each issue.
Implementing Secure Protocols
As a cybersecurity professional, you need to be able to implement protocols to secure the entire networking environment. You should be able to identify and understand common secure protocols. Questions about these concepts will be scenario based.
A protocol is a set of rules that define how connected devices exchange information across a network. Not all protocols are secure. To ensure the security of a network, there are common best protocol practices that should be implemented within the network.
Domain Name System Security Extensions (DNSSEC)
DNSSEC uses a digital signature to validate the authenticity of a DNS query. This ensures that the DNS data itself has not been tampered with or altered. However, DNSSEC does not provide confidentiality. DNSSEC uses UDP/TCP port 53.
Secure Shell (SSH)
SSH is a protocol that provides a method of secure login remotely to another console. SSH provides encryption as well as password and public key authentication. SSH can also be used in conjunction with other protocols or as a tunneling protocol to increase security. SSH uses TCP port 22.
Secure/Multipurpose Internet Mail Extensions (S/MIME)
S/MIME provides authentication, integrity, nonrepudiation, and confidentiality for MIME messages (the format for email attachments). S/MIME requires a certificate, either locally generated or from a public certificate authority, to authenticate the message.
Secure Real-Time Transport Protocol (SRTP)
SRTP is the secure version of the Real-Time Protocol (RTP), which provides audio and video streams over a network through the use of encryption. The client and server exchange keys unique to the current session to encrypt and decrypt data.
Lightweight Directory Access Protocol Over SSL (LDAPS)
LDAPS provides security to LDAP data using Transport Layer Security (TLS)/Secure Sockets Layer (SSL) to establish a secure connection between the client and server through certificates. All the LDAP data is encrypted, from the directory data to the user credentials.
File Transfer Protocol Secure (FTPS)
FTPS uses TLS/SSL as the encryption method for File Transfer Protocol (FTP).
SSH File Transfer Protocol (SFTP)
SFTP provides another method of encrypting FTP using an SSH channel.
Simple Network Management Protocol Version 3 (SNMPv3)
SNMPv3 is the most current version of SNMP, which provides source authentication, message integrity, and encryption. SNMPv3 provides multiple tiers of security, which means that not all SNMPv3 transmissions are secure unless configured properly. SNMP uses ports 161 and 162.
Hypertext Transfer Protocol over SSL/TLS (HTTPS)
HTTPS secures HTTP traffic using SSL/TLS on port 443. HTTPS is also often referred to as Hypertext Transfer Protocol Secure. While many websites use the HTTPS protocol automatically, when typing a web address, the HTTPS designation can be manually entered to guarantee a secure connection.
IPSec is a set of protocols that is used to create a secure connection over Internet Protocol (IP), which is the common standard for internet communications. IPSec works on Layer 3 (network) of the Open Systems Interconnection (OSI) model and does not affect protocols run on higher levels.
Authentication Header (AH)/Encapsulating Security Payloads (ESP)—AH uses hashing and a shared secret key to ensure data authenticity and integrity of the entire packet but does not provide confidentiality of the payload. ESP, on the other hand, provides confidentiality for the payload through encryption but not necessarily the authenticity of the header, depending on which mode, tunnel, or transport it is used in.
tunnel/transport—ESP operating in tunnel mode provides authentication to the entire packet as well as integrity and confidentiality. ESP operating in transport mode only protects the payload of the packet.
Post Office Protocol (POP)/Internet Message Access Protocol (IMAP)
POP and IMAP are both email server protocols that are, in their original form, not secure. POP3 secure uses TLS/SSL and runs on port 995. IMAP4 secure, like POP3 secure, uses TLS/SSL and runs on port 993.
Use cases refer to the situations in which security protocols should be implemented. You need to be able to recognize which protocols work best in certain scenarios or cases. Remember, though, that the most effective security is layered security. No single method is enough.
Voice and Video
Voice and video transmissions can use various methods to transport data over a network, such as HTTP and RTP. Use HTTPS or SRTP as required.
Time synchronization across servers uses the Network Time Protocol (NTP). Network Time Security (NTS) uses TLS to authenticate the origination of the NTP data as well as its integrity. It is important to note that NTS does not ensure the validity of the NTP data, only where it came from and that it was not altered during transmission.
Email and Web
While both web and email traffic can use numerous security protocols, the primary security protocol used for web traffic is HTTPS, while for email it is IMAP secure and POP secure. Email can also use HTTPS if it is accessed via HTTP.
To secure file transfers, FTPS or SFTP can be used, as can HTTPS if files are transferred via HTTP.
To secure directory services, use LDAPS.
Remote access can be secured by using multiple protocols, depending on the method of access. SSH can be used to create a secure connection, as can HTTPS. Remote Desktop Protocol (RDP) is Microsoft’s proprietary method of remote access and is encrypted by default, creating a secure connection.
Domain Name Resolution
DNSSEC can be used with DNS to provide authentication, but it does not provide confidentiality.
Routing and Switching
Routing and switching do not have a specific set of protocols for security. Instead, security protocols should be built around routing and switching to provide layered security. For example, firewalls and access control lists can be used to keep threat actors from reaching the routers or switches within the network.
Network Address Allocation
Network address allocation commonly uses DHCP to lease and assign IP addresses and does not have a secure protocol. The most effective way to protect DHCP is through monitoring and auditing logs for abnormalities as well as enacting rapid response to potential threats.
Subscription services offer access to services that are not local to the device, such as cloud services, or access to software, such as photo editing software. Most subscription services use HTTPS for security but still need to be evaluated on a by-service basis.
All Study Guides for the CompTIA Security+ are now available as downloadable PDFs