Protocols & Secure Transport

TCP/IP

The fundamental suite of communications protocols used to connect host computers on the internet. It provides end-to-end data connectivity specifying how data should be packetized, addressed, transmitted, routed, and received.

OSPF (Open Shortest Path First)

An interior gateway routing protocol that uses a link-state algorithm to find the best path for data to travel within a single network (Autonomous System). It is widely used in enterprise networks.

IPsec

A suite of protocols that secures IP communications by authenticating and encrypting each data packet in a data stream. It operates at the Network Layer (Layer 3).

AH (Authentication Header)

A protocol within the IPsec suite that provides data integrity and authentication (proving the data hasn't changed and came from the right source) but does NOT provide encryption (confidentiality).

ESP (Encapsulating Security Payload)

A protocol within the IPsec suite that provides confidentiality (encryption) in addition to authentication and integrity.

S/MIME

A standard for public key encryption and digital signing of email data. It ensures that an email can only be read by the intended recipient and verifies the sender's identity.

SPF (Sender Policy Framework)

An email authentication method designed to detect forged sender addresses. Domain owners publish a DNS record listing which IP addresses are authorized to send mail for their domain.

DNSSEC

A suite of extensions to the Domain Name System that adds cryptographic signatures to existing DNS records. This prevents attackers from redirecting users to fake websites via cache poisoning.

Kerberos

A network authentication protocol designed for client/server applications. It uses "tickets" to allow nodes to prove their identity over a non-secure network and relies heavily on time synchronization (timestamps) to prevent replay attacks.

RADIUS

A networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management. It typically uses UDP transport and encrypts only the password field.

TACACS+

A Cisco-proprietary protocol for AAA services. It separates authentication, authorization, and accounting, uses TCP for reliability, and encrypts the entire body of the packet (not just the password).

LDAP

A lightweight, vendor-neutral protocol used for accessing and maintaining distributed directory information services over an IP network. It is the language used to query a database of users.