CompTIA Security+ SY0-601 – 3.1 Implement secure protocols Part 1
March 29, 2023


In this video, we’re going to be talking about DNS SEC or SEC or DNS SEC. DNS SEC actually stands for Domain Name System Security Extension. What exactly is this? Well, let’s talk about DNS in general. So remember what DNS does. DNS translates domain names to IP address. Simple enough. Now, during the attack section, we had talked about poisoning the DNS service. And poisoning the DNS service basically means that when I ask my DNS server, hey, what’s the IP address to Facebook? It gives me an IP address that I believe is going to be the correct one, but it actually isn’t. It’s a spoofed IP or a bad IP that takes me to a spoofed Facebook website and steals all my credentials.

What I want is I want the ability. Now listen carefully to digitally sign the DNS server records. Remember what digital signatures are. If you remember from cryptography section, remember what digital signatures are. So if someone digitally signed something and they sent it to me, I’ll be able to prove 100% that it came from them. So what we want to do is we want to enable digital signatures on our DNS servers. That way, when we ask them for records, we know it came from them. And no one could have poisoned our cache or no one could have poison the servers or anything like that.

 So we want to maintain the integrity of our DNS records, and we want to know that this zone files are basically signed. So remember, for your exam, DNS SEC really protects against poisoning of your DNS servers DNS caches. And the way it does is by digitally sign in the zone files. So I have a Windows Server set up. Windows Server 2019. It already has Active Directory installed on it. And we’re going to take a look at the DNS server on it. And then we’re going to digitally sign the file. You can see how quick and easy this is. So here is my 20 Server 2019 server.

I’ve already logged into it. And this has a full Active Directory installation. So I’m going to go to start and I’m going to go Server Manager, and we’re going to open up our DNS console. So I’m going to go to Tools. We’ll say DNS. And here we go. So you actually have a sign to zone file and it’s pretty easy. So I have my domain, it’s called Arinc local. We’re going to right click on that. We’re going to say DNS SEC, and we’re going to say sign the zone. So it’s telling you what it’s going to do, right? So this one here, it’s telling you the DNS SEC provides authority, data integrity and authentication, an authenticated denial of existence. So basically, it’s going to allow trust within the DNS servers and its response. And I just don’t this by using digital signatures that we explained already.

 So let’s just click on next we’re just going to use the recommended default settings or the zone file. If not, you can customize some of the algorithm and the signature types and so on. That’s okay. We’ll just click next and that is it. That is all there was to it. The zone has been successfully signed. If I click on finish and I right click and I say refresh, you’ll notice that now there’s a little lock audit. So now the zone file is fully locked. Now this here is not that difficult to do. And you notice you have a whole bunch of different types of you notice how this is, say in Shah One, remember, different types of signatures. It has a whole bunch of different information or the signatures themselves. And this is good. This is exactly what we’re looking for. We want to be able to digitally sign our zone files. That way we can prevent different types of DNS attacks. Okay? So remember, for your example, what exactly is DNS SEC? Remember, this here will help to prevent or to stop DNS poisoning attacks.

2. Email security with S/MIME and PMP

In this video, I’m going to be talking about email security, in particularly SMIME, which stands for Secure Multipurpose Internet Mail Extension and PGP. Pretty good privacy. It’s a good one, right? Pretty good price. Not good one. Pretty good how I would love that one. Okay, let’s talk about email security. Smile and PGP. Now we’re basically going to be talking more but Smin than PGP since Smine is mostly installed on most people browsers and they both use PKI anyhow. So let’s talk about email. So email is insecure. If you put confidential data, your credit card information, your Social Security number, your date of birth, your address, and you send them along in emails. If those emails are intercepted, anyone can read that data because it’s all in clear text.

 So what we want is we want a way to encrypt our email. So that way if we encrypt it and we send it, hacker grabs it or sniffs the line, he ain’t going to get nothing out of it because it’s fully encrypted. Another thing we want is to have them digitally signed. That way you’ll know that email actually came from that person. For example, let’s say a CEO, somebody spoofs the CEO email and sends it to all the users, saying to click on this link and update your banking information for a new payroll. I’m pretty sure a lot of people would have clicked on it.

But if it was signed, if all emails from that CEO was signed and you are expecting it to be signed, and then you get this unsigned one, then you know not to trust it. So digitally sign in emails will really help to reduce spoofing of people’s email addresses, phishing attacks. So if I sign an email and send it to you, you’ll know 100% sure it came from me. Don’t forget how digital signature works. We covered that already in the cryptography section.

 So S Mime is the tech is what I’m talking about. And I have a little diagram here I got from someplace called the SSL store. So basically, S Mime is a pretty simple thing, right? So you have the recipients, you have the sender. You want to encrypt the email message. So you take the recipient’s public key. You then you encrypt your plaintext email with recipients public key. I got my pen here. So you take the plaintext email, you encrypt it with the recipients, right? Public key, you send it along. And then when the recipient gets it, they’re going to decrypt it with their private key, which is the only one they have not had the plaintext email. That’s all there is to it.

That website I got this from the is the SSL store. And here’s the thing with S Mime and PGP generally, these here are going to be purchase things. You have to actually purchase S Mime certificates for your users. Famous ones are going to be like komodo. So if I go to here a bunch of pop ups. There SMIME certificates. There’s no more free ones, okay? Like Komodo S Mine certificates from email clients here’s, email certificates. Now, they’re not super expensive, and organizations buy them for their users in order to send secure emails and to have those digital signatures and so on. So you do have the option of buying these things. I’m not going to go into the price, and you guys can check these things out. Actually, here it is. Okay, so it’s not super expensive. As I told you, $12 a year if you do three years. Now, keep in mind, this is probably going to be per user. If you have a lot of users, of course, this can get very pricey, very fast. So when you do it, I’m going to show you here in Outlook.

Here in Outlook. Here I have an Outlook account set up. And if you want to set up, once you subscribe to the services, they’re going to give you all your certificates and stuff. And if you want to set up your Outlook to then send encrypted emails, the way you would do it is you would go to file here’s, microsoft Outlook. Okay. This is Outlook. I think 2019, we’re going to go to Options. We’re going to go to Trust Center. We’re going to go to trust center settings and email security. You notice it says here, Encrypt email. Here you have your smiling request. You can set it.

 You can do your import export certificates in here, but you would need to get the certificate file from your SMIME provider. Now the other one is PGP and PGP. Notice our SMIME is based on PKI public infrastructure certificates. Basically, PGP does the same thing. Now PGP is used is also another popular one. I think semantics are now Broadcom is utilizing, I think semantics email security is now Broadcom security or something like that. I think Broadcom bought them. You can check out their websites on there. These are just third party providers of it. So remember, for your exam, PGP and SMIME is used to secure emails by encrypting them and digitally signing them.

3. Installing Wireshark on Windows 10

In this video, we’re going to be installing wireshark. All network administrators, security administrators, should have some kind of protocol analyzer or attackers would call them sniffers in their toolkits. What this does is this allow us to capture packets on your network, even packets hidden your particular nick card or leaving your particular nitcard. It then allows you to to analyze the traffic. So if there’s some kind of malicious traffic or some kind of traffic that you want to inspect in your network because you find it may be causing bottlenecks or issues, this is something to have in the world of security. You can use it to search for worms that are in the network or to analyze specific problems or bottlenecks.

So in this lab, what we’re going to do is we’re going to download wireshark when install it, and I’ll show you how to filter some of the traffic in it to give you a little head start there and how to use it. So let’s go right into it and get this installed. Okay, so I’m going to be installing this on my Windows Ten virtual machine. Now the virtual machine already has Internet connection, so you want to make sure you have that because we’re going to have to go to the Internet to install this. So I’m going to make this full screen. That way we can see everything nicely.

 So I’m going to go ahead and I’m going to go to my browser and I’m going to type in here. Wireshark. Wireshark would go to download and I’m going to download this. Now, it’s not a very large download. It’s about 60 megs or so to download it. And here it is, so it shouldn’t take too long to download. You’ll notice you have other things you can download Windows installer. You also have a Mac OS version of it if you don’t have Windows. Okay, so it’s almost finished your downloading. Now, I know some of you guys are probably saying that you use an Edge browser. Yeah, I used any browser that’s their browsers or browsers. I use Chrome all the time, but on this VM, I’m not going to really change it. Okay, so here it is. It’s all done. And you know what, I’m just going to go to my downloads folder to make sure it’s there. Downloads folder. Here it is. So I’m going to just double click on it to get it started. Now I had this installed on here for a previous lab that I was doing in another class. And some of the components are already installed. But I’ll tell you what you need to make sure to get when you’re installing this. So I’m going to go ahead and click on Next.

 Click I agree it’s going to install these. They do have some additional tools, but we’re going to leave everything here as default. We’re going to click on Next. You know what, I’ll put an icon on my desktop since it just makes it a lot easier. And I’m going to click on next. It’s going to install in the program files. It’s fine. Now this is the part I wanted to point out. You have to make sure you install Npcap or even if you have older versions of Wind PCAP. This allows you to capture the traffic coming into your nick card. This is the API that Wireshark will use to capture the traffic.

Now I already have it installed due to all the programs, but if not, make sure to check the box and it’s going to download it and install it during this installation. The other one that they have is USB PCAP that allows you to capture USB traffic. So I have that on, I’m just going to leave it there. If not, check the box to install it. And then we’re going to click Install. Now again, it’s not a very large program and it’s going to take up a lot of space, so it doesn’t take that long to install. I’ve been running that. You actually don’t need a lot of Ram either. You don’t need a lot of CPU, four gigs of Ram. I was running out a machine the other day, it’s fine with four gigs of Ram on Windows Ten. I recommend eight gigs though. I think this virtual machine I’m using is about four gigs of Ram or six gigs of Ram that I have on it. And it’s fine with that. Okay, so it says here, okay, it’s completed. We’re going to click on X and we’re going to just click on Finish. So here we have wireshark.

So I’m going to double click on this. And now we’re going to have to select the interface that we want to swap. So I have the Ethernet interface here and you can see that there’s some traffic on here already. If you’re not too sure what interface you have, you can just right click on your network interface here and we’re going to go to the bottom underneath the clock. I think I’m blocking that underneath there. So you could see right here, I just right click and I say Open network interface. And here I am with change adapter options. And you notice that Ethernet, some of you may say local area connection one or two or three, whichever one is connected to the Internet or the network you want to capture. So we already know that Ethernet. I can see I have a lot of activities going on.

 I’m just going to double click on this and it starts to capture the traffic right away. Now it could be capturing a lot of traffic and because there’s a lot of broadcasting that occurs within a normal network, generally our resolutions that are happening throughout UDP, resolutions that are happening all the time, you’re going to capture a lot and sometimes it’s very difficult to read because there’s just so much things. So you have to be able to filter the traffic. So in this lab, I’ll show you just a quick way to just do some quick filtering of traffic. But first I need to generate some traffic that is just not broadcast traffic. And you can see that, you can see all of these here. Broadcast, broadcast, broadcast. 192-168-1255 in the network IPS 1921-6810. This is all broadcast traffic. So I’m going to go ahead here and I am going to go to a website. Let’s go to Google. com. Okay, that’s it. I just wanted to go there. I’m going to close this out and you notice a whole bunch of TCP stuff just appeared there.

 So I’m going to scroll up pretty slowly. Now you’re probably wondering, I was doing this the other day and people were saying to me, hey Andrew, you went to Google, but there was no Http here, right? That’s because we used remember if we went to Google one more time, I’ll show you something. If you went to Google, this is secure web page. It’s all SSL. Right. It’s not http it’s TLS. So it’s telling you you can see that. So to filter the traffic for what you’re looking for, you can actually go right here and to apply a filter and type in what you’re looking for. So if you’re looking for TLS traffic, TLS traffic, you just press Enter and it finds all the TLS data. TLS is encrypted information, so you’re not going to get anything out of it. In another lab, I’ll show you how I actually use it, how I’m going to use wireshark to sniff FTP traffic and steal a password from an FTP traffic. Check the labs later in this video series for that. If you’re looking for maybe other traffic like DNS, just click on the X here to get rid of that.

I’m going to type in DNS and you can search for DNS. So at some point in here, I should have done a query to say, hey, where’s Google. com? So here’s my query that I did. Here a standard query here where’s Google. com? And the query response was, hey, Google. com is 172. Hey, let’s verify that. Is that actually Google IP? Well, just to show you what I mean, I’m going to go right here and I’m going to say, is that Google. com? Let’s find out. One 7221-716-5132, that is definitely Google. So you could see that by using and you would just close it and don’t save it there.

 So that’s just a really quick tutorial. How do you install wireshark? Turn it on to capture some traffic and then you can map, manually search for things or filter the traffic to get what is it that you’re looking for? So wireshark, pretty easy to use, pretty simple thing to use. Very powerful though.

 Okay, so keep, follow me, keep following me in this lab. I’ll see you in the next video. In the next couple of videos we’re going to be actually using wireshark to sniff some clear text password. That’s a pretty fun lab. I’ll see you then.

Leave a Reply

How It Works

Step 1. Choose Exam
on ExamLabs
Download IT Exams Questions & Answers
Step 2. Open Exam with
Avanset Exam Simulator
Press here to download VCE Exam Simulator that simulates real exam environment
Step 3. Study
& Pass
IT Exams Anywhere, Anytime!