CCIE Security v4.0 Quick Reference: Application and Infrastructure Security

Date: Sep 17, 2014

Return to the article

This chapter from CCIE Security v4.0 Quick Reference, 3rd Edition covers HTTP, HTTPS, Simple Mail Transfer, Protocol, File Transfer Protocol, Domain Name System, and Trivial File Transfer Protocol.

HTTP

HTTP is a request/response protocol between clients (user agents) and servers (origin servers) that is used to access web-related services and pages. An HTTP client initiates a request by establishing a TCP connection to a particular port on a remote host (port 80 by default). Resources to be accessed by HTTP are identified using uniform resource identifiers (URI or URL) using the http: or https: URI schemes.

HTTP supports authentication between clients and servers, which involves sending a clear-text password (not secure). HTTP is disabled by default on Cisco routers, but can be enabled for remote monitoring and configuration.

Configuring HTTP

Use the ip http access-class command to restrict access to specific IP addresses, and employ the ip http authentication command to enable only certain users to access the Cisco router via HTTP.

If you choose to use HTTP for management, issue the ip http access-class access-list-number command to restrict access to specific IP addresses. As with interactive logins, the best choice for HTTP authentication is a TACACS+ or RADIUS server. Avoid using the enable password as an HTTP password.

The ip http-server command supports the HTTP server. If a secure HTTP connection is required, ip http secure-server must be configured on the router. The default HTTP port 80 can be changed by using the command ip http port port-number . Varying forms of authentication for login can be set using the ip http authentication [ enable | local | tacacs | aaa ] command. However, to initiate the default login method you must enter the hostname as the username and the enable or secret password as the password. If local authentication is specified by using username username privilege [ 0 - 15 ] password password, the access level on the Cisco router is determined by the privilege level assigned to that user.

HTTPS

Secure HTTP, or HTTPS, offers a secure connection to an HTTPS server. It uses SSL and TLS (transport layer security) to provide authentication and data encryption.

An HTTPS client initiates a request by establishing a TCP connection to a particular port on a remote host (port 443 by default). Resources to be accessed by HTTPS are identified using URIs or URLs using the HTTPS URI schemes.

When a client connects to the secure HTTPS port, it first authenticates to the server by using the server’s digital certificate. The client then negotiates the security protocols to be used for the connection with the server and generates session keys for encryption and decryption purposes. If the authentication fails, the client cannot establish a secure encrypted session and the security protocol negotiation does not proceed.

Configuring HTTPS

Use the ip http access-class command to restrict access-specific IP addresses, and employ ip http authentication to enable only certain users to access the Cisco router via HTTP.

If you choose to use HTTP for management, issue the ip http access-class access-list-number command to restrict access to appropriate IP addresses. As with interactive logins, the best choice for HTTP authentication is a TACACS+ or RADIUS server. Avoid using the enable password as an HTTP password.

The ip http secure-server command enables the HTTPS server. HTTP authentication for login can be set using the ip http authentication [ enable | local | tacacs | aaa ] command. All default login methods and local authentication methods supported are the same as mentioned in the section, “HTTP.”

The ip http secure-port command can set the HTTPS port number from the default value of 443, if required.

Simple Mail Transfer Protocol

Simple Mail Transfer Protocol (SMTP) is a text-based method commonly used by two mail servers to exchange email. Users can then retrieve email from the servers via mail clients such as Outlook, Eudora, or Pine. Mail clients employ various protocols, such as Post Office Protocol 3 (POP3), to connect to the server.

SMTP uses well-known ports TCP port 25 and UDP port 25. The client and SMTP server send various commands when communicating. Table 3-1 lists some SMTP commands and their purposes.

Table 3-1 SMTP Commands

Command

Function

HELLO (HELO)

Identifies the SMTP client to the SMTP server.

MAIL (MAIL)

Initiates a mail transaction in which the mail data is delivered to an SMTP server, that is either transported to mailboxes or passed to another system via SMTP.

RECIPIENT (RCPT)

Identifies an individual recipient of the mail data. Various methods of the command are needed for multiple users.

DATA (DATA)

Identifies the lines following the command (such as the MAIL command) as the mail data in ASCII character codes.

SEND (SEND)

Initiates a mail transaction in which the mail data is delivered to one or more terminals.

SEND OR MAIL (SOML)

Initiates a mail transaction in which the mail data is delivered to one or more terminals OR mailboxes.

SEND AND MAIL (SAML)

Initiates a mail transaction in which the mail data is delivered to one or more terminals AND mailboxes.

RESET (RSET)

Aborts the current mail transaction. Any stored sender, recipients, and mail data must be discarded, and all buffers and state tables must be cleared. The receiver must send an OK reply.

VERIFY (VRFY)

Verifies whether a user exists. A fully specified mailbox and name are returned.

NOOP (NOOP)

Specifies no action other than that the receiver sent an OK reply.

QUIT (QUIT)

Closes the transmission channel. The receiver must send an OK reply.

File Transfer Protocol

File Transfer Protocol (FTP) enables users to transfer files from one host to another. FTP is a TCP-based connection-oriented protocol and uses port 21 to open the connection and port 20 to transfer data. FTP uses clear-text authentication. FTP clients can be configured for two modes of operation: PORT (active) mode and PASV (passive) mode. Figure 3-1 shows FTP modes of operation between an FTP client and FTP server for both the active and passive mode.

Figure 3-1 Overview of FTP Operation and Operating Modes

In active mode, the FTP client opens a random port (greater than 1023), sends the FTP server the random port number on which it is listening over the control stream, and waits for a connection from the FTP server. When the FTP server initiates the data connection to the FTP client, it binds the source port to port 20 on the FTP server. Active FTP is less secure than passive mode because the FTP server initiates the data channel, which means opening port 20 to the outside world, which is less secure than using port 21. In active mode, the FTP server initiates the FTP data channel.

In passive mode, the FTP server opens a random port (greater than 1023), sends the FTP client the port on which it is listening over the control stream, and waits for a connection from the FTP client. In this case, the FTP client binds the source port of the connection to a random port greater than 1023. In passive FTP the client initiated both the control connection and the data connection.

Domain Name System

Domain Name System (DNS) is a name resolution protocol that translates hostnames to IP addresses and vice versa. A DNS server is a host that runs the DNS service and is configured to process the translation for the user transparently by using TCP/UDP port 53. TCP port 53 is also used for DNS zone transfers. UDP 53 is used for DNS lookups and browsing.

DNS is a hierarchical database where the data is structured in a tree, with the root domain (.) at the top. Various subdomains branch out from the root, much like the directory structure of a UNIX or Windows file system. Cisco routers can be configured for DNS lookups so that users can simply type a hostname versus an IP address. Local names can also be statically configured for devices. A name server stores information about its domain in the form of several kinds of resource records, each of which stores a different kind of information about the domain and the hosts in the domain. These records are traditionally text entries stored in different files on the domain name server. The Cisco DNM browser is a graphical utility that enables you to edit these records via a graphical interface, which reduces the chance of errors in text files. A router does not provide DNS server responses to client devices such as PCs or UNIX hosts. Table 3-2 describes the different record types.

Table 3-2 Different DNS Record Types

Record Type

Function

Start of Authority (SOA)

Required for every domain. Stores information about the DNS itself for the domain

Name Server (NS)

Stores information used to identify the name servers in the domain that store information for that domain

Address (A)

Stores the hostname and IP address of individual hosts and translates hostnames to IP addresses

Canonical Name (CNAME)

Stores additional hostnames, or aliases, for hosts in the domain

Mail Exchange (MX)

Stores information about where mail for the domain should be delivered

Pointer (PTR)

Stores the IP address and hostname of individual hosts and translates IP addresses to hostnames in a reverse DNS lookup

Host Information (HINFO)

Stores information about the hardware for specific hosts

Well Known Services (WKS)

Stores information about the various network services available from hosts in the domain

Text Information (TXT)

Stores up to 256 characters of text per line

Responsible Person (RP)

Stores information about the person responsible for the domain

Trivial File Transfer Protocol

Trivial File Transfer Protocol (TFTP) uses UDP port 69 to transfer files between devices. Data transfer occurs between two UDP ports, where one is the source and the other the destination. TFTP is considered to possess weak security because the TFTP packet has no fields to authenticate with a username and password. Therefore, security is enabled by predefinition of the directories and filenames of files to be transferred to the TFTP server. This enables the remote hosts to TFTP the file from the remote TFTP client or server. Security relies on the application, not the operating system. TFTP is commonly used for upgrading Cisco IOS images on Cisco routers, Cisco switches, and Cisco security devices.

800 East 96th Street, Indianapolis, Indiana 46240

sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |