This write-up offers a comprehensive walkthrough of TryHackMe’s “Networking Secure Protocols” room, focusing on securing network communications through various protocols like TLS, SSH, and VPN. It serves as a valuable resource for individuals preparing for certifications such as CompTIA Security+ and OSCP.
TLS
To establish their identity, servers (or clients) must first obtain a signed TLS certificate. Typically, the server admin generates a Certificate Signing Request (CSR) and sends it to a Certificate Authority (CA), which then verifies the request and issues a digital certificate. Once received, this signed certificate can be used by the server or client to prove its identity to others, who can check the validity of the signature. For a host to verify a certificate’s authenticity, it must have the CA’s root certificates installed—similar to recognizing official stamps in the physical world. The screenshot below illustrates trusted authorities within a browser.
Usually, obtaining a signed certificate involves an annual fee, but Let’s Encrypt provides this service free of charge.
It’s also worth noting that some users choose to use self-signed certificates. These do not offer verified authenticity since they aren’t endorsed by an external authority.
HTTP & HTTPS
Before a web browser can request a webpage over HTTP, a few fundamental steps must occur. After resolving the domain name to an IP address, the client follows these two steps:
- Initiate a TCP three-way handshake with the destination server.
- Exchange data using the HTTP protocol, such as sending a
GET / HTTP/1.1request.
HTTPS (Hypertext Transfer Protocol Secure) is essentially HTTP layered on top of TLS (Transport Layer Security). When requesting a webpage over HTTPS, the client performs three key actions after DNS resolution:
- Establish a TCP connection via the three-way handshake.
- Initiate a TLS session to encrypt the communication.
- Communicate using HTTP, just as with standard HTTP, including commands like
GET / HTTP/1.1.
Once TLS is added, the contents of the packets are encrypted, making them unreadable without the appropriate private key. While access to such keys is rare, it’s possible to analyze decrypted traffic (e.g., in Wireshark if the key is provided). The structure of TCP and TLS handshakes remains unchanged; the main difference begins at the HTTP layer, now encrypted and labeled as step 3.
Key Takeaway
TLS enhances HTTP with encryption while maintaining compatibility with existing protocols. Neither TCP nor IP requires modification, and HTTP functions just as it does over plain TCP—only securely encapsulated.
SMTPS, POP3S, and IMAPS
Implementing TLS for SMTP, POP3, and IMAP works much like it does for HTTP. Just as HTTP becomes HTTPS with the addition of TLS for secure communication, SMTP, POP3, and IMAP transform into SMTPS, POP3S, and IMAPS. Since the process mirrors how TLS is added to HTTP, the benefits and principles of HTTPS largely apply to these protocols as well.
The non-secure versions typically use the following default TCP ports:
| Protocol | Default Port |
|---|---|
| HTTP | 80 |
| SMTP | 25 |
| POP3 | 110 |
| IMAP | 143 |
For the secure, TLS-encrypted versions, these are the standard default ports:
| Protocol | Default Port |
|---|---|
| HTTPS | 443 |
| SMTPS | 465 and 587 |
| POP3S | 995 |
| IMAPS | 993 |
TLS can also be integrated into many other protocols, with similar benefits and considerations.
SSH
Tatu Ylönen introduced the Secure Shell (SSH) protocol in 1995, releasing SSH-1 as freeware. Coincidentally, that same year saw the release of SSL 2.0 by Netscape Communications. The improved and more secure SSH-2 protocol followed in 1996. Later, in 1999, the OpenBSD project launched OpenSSH—an open-source implementation of SSH that remains widely used today. Most modern SSH clients are built upon OpenSSH libraries and code.
Key advantages of OpenSSH include:
- Secure authentication: SSH supports not only traditional password-based login but also public key and two-factor authentication for enhanced security.
- Confidential communication: End-to-end encryption ensures data privacy and alerts users to unknown server keys, helping prevent man-in-the-middle attacks.
- Data integrity: Cryptographic techniques safeguard the integrity of transmitted data in addition to securing its confidentiality.
- Protocol tunneling: SSH can securely route other network protocols, creating a VPN-like tunnel for secure communication.
- X11 Forwarding: SSH enables the use of graphical applications over the network when connected to Unix-like systems with GUI support.
To connect to a remote server via SSH, use the command ssh username@hostname. If your local username matches the remote one, simply type ssh hostname. You’ll either be prompted for a password or logged in automatically if public-key authentication is configured.
SFTP and FTPS
SFTP (SSH File Transfer Protocol) is a secure method for transferring files and is part of the SSH protocol suite, using the same default port—port 22. When enabled in the OpenSSH server configuration, users can connect with a command like sftp username@hostname. After logging in, commands such as get filename (to download) and put filename (to upload) can be used. SFTP commands resemble Unix shell commands and differ significantly from traditional FTP syntax.
It’s important not to confuse SFTP with FTPS. You’re right—FTPS stands for File Transfer Protocol Secure and is secured using TLS, similar to how HTTPS works. While FTP communicates over port 21, FTPS typically uses port 990. It requires a valid TLS certificate and can be challenging to configure behind strict firewalls because it uses separate channels for control and data.
Setting up an SFTP server can be as simple as enabling it in OpenSSH. On the other hand, FTPS, like HTTPS, SMTPS, IMAPS, and similar TLS-based protocols, depends on a correctly configured TLS certificate for secure communication.
VPN
A company with offices spread across multiple geographical locations can indeed link all sites to the main office, enabling devices at remote locations to access shared resources as if they were physically present at the headquarters. The most cost-effective way to achieve this is by implementing a Virtual Private Network (VPN) using existing Internet infrastructure. Here, the emphasis is on the “Virtual” aspect—creating a simulated private network over a public one.
The original design of the Internet, based on the TCP/IP protocol suite, focused on delivering data packets reliably. If a router goes offline, routing protocols adapt and find alternative paths. If a packet is lost or unacknowledged, TCP can detect and resend it. However, these protocols do not inherently protect data from interception or modification. This gap led to the widespread adoption of VPNs, which emphasize the “Private” aspect—ensuring secure data exchange over a public network.
For most organizations, maintaining privacy in their network communication is essential. VPNs offer an accessible and budget-friendly solution, requiring only Internet access and VPN server/client configurations.
Once a VPN tunnel is established, all Internet traffic is typically routed through this tunnel. As a result, websites and services see the VPN server’s IP address instead of the user’s actual one. This feature allows users to bypass geographic restrictions, as they appear to be located wherever the VPN server is. Moreover, local ISPs will only see encrypted traffic, limiting their ability to monitor or censor content.
For instance, connecting to a VPN server in Japan will make the user appear to be accessing the web from Japan. Websites may serve content in Japanese or offer location-specific features accordingly.
It’s worth noting that not all VPNs route all traffic through the tunnel. Some are configured only to provide access to a private network while leaving general Internet traffic unaffected. In other cases, VPNs may leak your true IP address, compromising your anonymity. To ensure full protection, tests like DNS leak tests are recommended.
Lastly, be aware that VPN use is restricted or illegal in some countries, and penalties may apply. Always verify local laws before using a VPN, especially while abroad.
TryHackMe Networking Secure Protocols Room Answers
What is the protocol name that TLS upgraded and built upon?
SSL
Which type of certificates should not be used to confirm the authenticity of a server?
self-signed certificate
How many packets did the TLS negotiation and establishment take in the Wireshark HTTPS screenshots above?
8
What is the number of the packet that contain the GET /login when accessing the website over HTTPS?
10
If you capture network traffic, in which of the following protocols can you extract login credentials: SMTPS, POP3S, or IMAP?
IMAP
What is the name of the open-source implementation of the SSH protocol?
OpenSSH
Click on the View Site button to access the related site. Please follow the instructions on the site to obtain the flag.
THM{Protocols_secur3d}
What would you use to connect the various company sites so that users at a remote office can access resources located within the main branch?
VPN
One of the packets contains login credentials. What password did the user submit?
THM{B8WM6P}
