Secure Protocols - CompTIA Security +
Hola!
Here is the second part on protocol list Did a missed one? Discuss this post: Bluesky
| Protocol | Port(s) | Main Use | Risks / Insecurity | Secure Alternative |
|---|---|---|---|---|
| HTTPS | TCP 443 | Secure web browsing | - | - |
| SSH | TCP 22 | Secure remote access (replaces Telnet) | - | - |
| SFTP | TCP 22 | Secure file transfer (via SSH) | - | - |
| SCP | TCP 22 | Secure copy for UNIX/Linux systems | - | - |
| IMAPS | TCP 993 | Secure IMAP email access | - | - |
| POP3S | TCP 995 | Secure POP3 email retrieval | - | - |
| SMTPS | TCP 587 | Secure email sending | - | - |
| SNMPv3 | UDP 162 | Secure monitoring and device reporting | Older versions (v1/v2) use plaintext | SNMPv3 (already secure) |
| LDAPS | TCP 636 | Secure access to directory services | LDAP is insecure without encryption | LDAPS (already secure) |
| TLS/SSL | TCP 443 | Secure transport layer | Older SSL versions have vulnerabilities | TLS 1.2+ |
| SMB | TCP 445 | File and printer sharing | If exposed to internet, can be exploited | Use with strong authentication |
| IPSec | UDP 500 | Secure VPN or host-to-host sessions | Misconfiguration, outdated algorithms | Properly configured IPSec |
| FTPS | TCP 989/990 | Secure large file transfers | Complex to configure correctly | FTPS (properly configured) |
| RDP | TCP 3389 | Remote desktop access (Windows) | Exposed RDP can be brute-forced or exploited | Use VPN, MFA, and monitoring |
| SIP | TCP/UDP 5060/61 | Internet-based call initiation | If not encrypted, vulnerable to interception | Use SIP with TLS |
| SRTP | UDP 5061 | Secure voice traffic | - | - |
| DNSSEC | TCP/UDP 53 | Secure DNS traffic | DNS without DNSSEC is vulnerable to spoofing | DNSSEC (already secure) |
| Kerberos | TCP 88 | Secure authentication using tickets | Time desynchronization, ticket theft | Use with NTP, hardened configs |
| Other Secure Practices | Description | Recommendation |
|---|---|---|
| Protocol selection | Choose appropriate secure protocols based on use case | Understand purpose and scope before deployment |
| Port selection | Open only necessary ports to minimize attack surface | Follow least privilege principle |
| Transport method | Techniques like TLS or IPSec to protect data in transit | Use modern versions (TLS 1.2+) |
| Tunneling (TLS, IPSec) | Encapsulates traffic to securely cross insecure networks | Use with strong encryption and authentication |
