Podcast
Questions and Answers
In the context of network communication, which analogy best describes the function of a port in relation to an IP address?
In the context of network communication, which analogy best describes the function of a port in relation to an IP address?
- An IP address is like a house number, and a port is like the street name.
- An IP address is like a city, and a port is like a specific neighborhood.
- An IP address is like an apartment building, and a port is like an apartment number within that building. (correct)
- An IP address is like a country, and a port is like a state within that country.
What is the primary role of the Internet Assigned Numbers Authority (IANA) in the context of network ports?
What is the primary role of the Internet Assigned Numbers Authority (IANA) in the context of network ports?
- To optimize network traffic flow across different port ranges.
- To dynamically allocate ephemeral ports for all internet communications.
- To enforce security protocols on all ports below 1024.
- To manage and register well-known and registered port numbers to prevent conflicts and ensure standardization. (correct)
Which of the following statements accurately differentiates between registered ports and ephemeral ports?
Which of the following statements accurately differentiates between registered ports and ephemeral ports?
- Registered ports require formal registration through IANA for organizational use, while ephemeral ports are used dynamically by client applications without registration. (correct)
- Registered ports operate on TCP, while ephemeral ports operate exclusively on UDP.
- Registered ports are reserved for common system processes, while ephemeral ports are for user applications.
- Registered ports are dynamically assigned by the server, while ephemeral ports are pre-assigned by IANA.
Consider a scenario where a client initiates multiple simultaneous connections to a web server. How are ephemeral ports utilized in this communication?
Consider a scenario where a client initiates multiple simultaneous connections to a web server. How are ephemeral ports utilized in this communication?
What is the key characteristic of well-known ports that distinguishes them from other port ranges?
What is the key characteristic of well-known ports that distinguishes them from other port ranges?
Which of the following scenarios exemplifies the use of an ephemeral port in network communication?
Which of the following scenarios exemplifies the use of an ephemeral port in network communication?
How does the Transmission Control Protocol (TCP) ensure reliable data delivery in network communication?
How does the Transmission Control Protocol (TCP) ensure reliable data delivery in network communication?
What is the significance of the 'three-way handshake' in TCP communication?
What is the significance of the 'three-way handshake' in TCP communication?
Which of the following best describes the 'windowing' mechanism in TCP?
Which of the following best describes the 'windowing' mechanism in TCP?
In which scenario would User Datagram Protocol (UDP) be preferred over Transmission Control Protocol (TCP)?
In which scenario would User Datagram Protocol (UDP) be preferred over Transmission Control Protocol (TCP)?
What is a defining characteristic of UDP in terms of connection management and data delivery?
What is a defining characteristic of UDP in terms of connection management and data delivery?
Why is UDP described as a 'fire-and-forget' protocol?
Why is UDP described as a 'fire-and-forget' protocol?
What is the primary purpose of the Internet Control Message Protocol (ICMP)?
What is the primary purpose of the Internet Control Message Protocol (ICMP)?
Which layer of the OSI model does ICMP primarily operate within?
Which layer of the OSI model does ICMP primarily operate within?
What are the key components of an ICMP message header?
What are the key components of an ICMP message header?
What is the 'Ping of Death' attack, and what vulnerability does it exploit?
What is the 'Ping of Death' attack, and what vulnerability does it exploit?
Why do network administrators sometimes choose to block ICMP traffic at boundary firewalls and routers?
Why do network administrators sometimes choose to block ICMP traffic at boundary firewalls and routers?
What is the fundamental difference in security between HTTP (port 80) and HTTPS (port 443) in web communication?
What is the fundamental difference in security between HTTP (port 80) and HTTPS (port 443) in web communication?
When a user types http://www.example.com
in their browser, what port is the browser attempting to connect to by default, and what is the security implication?
When a user types http://www.example.com
in their browser, what port is the browser attempting to connect to by default, and what is the security implication?
What is the role of SSL/TLS in HTTPS, and how does it enhance web security?
What is the role of SSL/TLS in HTTPS, and how does it enhance web security?
Why do modern web practices favor HTTPS over HTTP, and what are the broader implications beyond just security?
Why do modern web practices favor HTTPS over HTTP, and what are the broader implications beyond just security?
What is the primary function of SMTP (Simple Mail Transfer Protocol) in email communication, and on which port does it typically operate?
What is the primary function of SMTP (Simple Mail Transfer Protocol) in email communication, and on which port does it typically operate?
How does SMTPS (SMTP Secure) enhance the security of SMTP, and what are the common ports associated with it?
How does SMTPS (SMTP Secure) enhance the security of SMTP, and what are the common ports associated with it?
What is the main difference in email retrieval between POP3 (Post Office Protocol Version 3) and IMAP (Internet Message Access Protocol)?
What is the main difference in email retrieval between POP3 (Post Office Protocol Version 3) and IMAP (Internet Message Access Protocol)?
In the context of email protocols, what are POP3S and IMAPS, and why are they recommended over their non-secure counterparts?
In the context of email protocols, what are POP3S and IMAPS, and why are they recommended over their non-secure counterparts?
For which primary purpose is File Transfer Protocol (FTP) designed, and what are the two ports it commonly uses?
For which primary purpose is File Transfer Protocol (FTP) designed, and what are the two ports it commonly uses?
What is the key security vulnerability associated with standard FTP, and how does SFTP (SSH File Transfer Protocol) address this?
What is the key security vulnerability associated with standard FTP, and how does SFTP (SSH File Transfer Protocol) address this?
What is TFTP (Trivial File Transfer Protocol) primarily used for, and why is it considered 'trivial'?
What is TFTP (Trivial File Transfer Protocol) primarily used for, and why is it considered 'trivial'?
For what type of network environment and operating system is SMB (Server Message Block) primarily designed, and on which port does it operate?
For what type of network environment and operating system is SMB (Server Message Block) primarily designed, and on which port does it operate?
What is the primary function of SSH (Secure Shell), and on which port does it operate?
What is the primary function of SSH (Secure Shell), and on which port does it operate?
Why is Telnet considered insecure, and what is its primary security flaw?
Why is Telnet considered insecure, and what is its primary security flaw?
What is the main purpose of RDP (Remote Desktop Protocol), and on which port does it typically operate?
What is the main purpose of RDP (Remote Desktop Protocol), and on which port does it typically operate?
In the context of remote access protocols (SSH, Telnet, RDP), which protocol is most suitable for secure, command-line based server management?
In the context of remote access protocols (SSH, Telnet, RDP), which protocol is most suitable for secure, command-line based server management?
What is the primary function of DNS (Domain Name System), and on which port does it operate?
What is the primary function of DNS (Domain Name System), and on which port does it operate?
In what way does DNS utilize both UDP and TCP protocols, and why?
In what way does DNS utilize both UDP and TCP protocols, and why?
What is the purpose of DHCP (Dynamic Host Configuration Protocol), and on which ports does it operate?
What is the purpose of DHCP (Dynamic Host Configuration Protocol), and on which ports does it operate?
What are the common ports associated with SQL services, and for which specific SQL server systems are ports 1433 and 3306 typically used?
What are the common ports associated with SQL services, and for which specific SQL server systems are ports 1433 and 3306 typically used?
What is SNMP (Simple Network Management Protocol) used for, and on which ports does it operate?
What is SNMP (Simple Network Management Protocol) used for, and on which ports does it operate?
What is the function of Syslog, and on which port does it primarily operate?
What is the function of Syslog, and on which port does it primarily operate?
What is NTP (Network Time Protocol) used for, and on which port does it operate?
What is NTP (Network Time Protocol) used for, and on which port does it operate?
What is the primary application of SIP (Session Initiation Protocol), and on which ports does it operate?
What is the primary application of SIP (Session Initiation Protocol), and on which ports does it operate?
What is LDAP (Lightweight Directory Access Protocol) used for, and on which port does it operate?
What is LDAP (Lightweight Directory Access Protocol) used for, and on which port does it operate?
What is LDAPS (LDAP Secure), and how does it enhance the security of LDAP?
What is LDAPS (LDAP Secure), and how does it enhance the security of LDAP?
Flashcards
What is a network port?
What is a network port?
A logical opening in a computer, representing a service or application listening for traffic.
What are well-known ports?
What are well-known ports?
Ports numbered from 0 to 1,023, including services like FTP (ports 20 and 21) and HTTP (port 80).
What are registered ports?
What are registered ports?
Ports numbered from 1,024 to 49,151, reserved for specific applications; require registration with IANA.
What are ephemeral ports?
What are ephemeral ports?
Signup and view all the flashcards
What is TCP (Transmission Control Protocol)?
What is TCP (Transmission Control Protocol)?
Signup and view all the flashcards
What is the TCP three-way handshake?
What is the TCP three-way handshake?
Signup and view all the flashcards
What is Windowing (TCP)?
What is Windowing (TCP)?
Signup and view all the flashcards
What is Packetization (TCP)?
What is Packetization (TCP)?
Signup and view all the flashcards
What is a port in TCP/IP?
What is a port in TCP/IP?
Signup and view all the flashcards
What is UDP (User Datagram Protocol)?
What is UDP (User Datagram Protocol)?
Signup and view all the flashcards
What is connectionless communication (UDP)?
What is connectionless communication (UDP)?
Signup and view all the flashcards
What does it mean for UDP to be stateless?
What does it mean for UDP to be stateless?
Signup and view all the flashcards
What is ICMP (Internet Control Message Protocol)?
What is ICMP (Internet Control Message Protocol)?
Signup and view all the flashcards
What is an ICMP Flood Attack?
What is an ICMP Flood Attack?
Signup and view all the flashcards
What is a Ping of Death attack?
What is a Ping of Death attack?
Signup and view all the flashcards
What are web ports and protocols?
What are web ports and protocols?
Signup and view all the flashcards
What is HTTP (Hypertext Transfer Protocol)?
What is HTTP (Hypertext Transfer Protocol)?
Signup and view all the flashcards
What is HTTPS (Hypertext Transfer Protocol Secure)?
What is HTTPS (Hypertext Transfer Protocol Secure)?
Signup and view all the flashcards
What are email ports and protocols?
What are email ports and protocols?
Signup and view all the flashcards
What is SMTP (Simple Mail Transfer Protocol)?
What is SMTP (Simple Mail Transfer Protocol)?
Signup and view all the flashcards
What is SMTPS (Simple Mail Transfer Protocol Secure)?
What is SMTPS (Simple Mail Transfer Protocol Secure)?
Signup and view all the flashcards
What is POP3 (Post Office Protocol Version 3)?
What is POP3 (Post Office Protocol Version 3)?
Signup and view all the flashcards
What is POP3S (Post Office Protocol Secure)?
What is POP3S (Post Office Protocol Secure)?
Signup and view all the flashcards
What is IMAP (Internet Message Access Protocol)?
What is IMAP (Internet Message Access Protocol)?
Signup and view all the flashcards
What is IMAPS (Internet Message Access Protocol Secure)?
What is IMAPS (Internet Message Access Protocol Secure)?
Signup and view all the flashcards
What are file transfer ports and protocols?
What are file transfer ports and protocols?
Signup and view all the flashcards
What is FTP (File Transfer Protocol)?
What is FTP (File Transfer Protocol)?
Signup and view all the flashcards
What is SFTP (Secure File Transfer Protocol)?
What is SFTP (Secure File Transfer Protocol)?
Signup and view all the flashcards
What is TFTP (Trivial File Transfer Protocol)?
What is TFTP (Trivial File Transfer Protocol)?
Signup and view all the flashcards
What is SMB (Server Message Block)?
What is SMB (Server Message Block)?
Signup and view all the flashcards
What are remote access ports and protocols?
What are remote access ports and protocols?
Signup and view all the flashcards
What is SSH (Secure Shell)?
What is SSH (Secure Shell)?
Signup and view all the flashcards
What is Telnet?
What is Telnet?
Signup and view all the flashcards
What is RDP (Remote Desktop Protocol)?
What is RDP (Remote Desktop Protocol)?
Signup and view all the flashcards
What is DNS (Domain Name System)?
What is DNS (Domain Name System)?
Signup and view all the flashcards
Study Notes
Network Port Fundamentals
- Ports tell data where it is going when transferred over networks.
- IP addresses get data to the right system, but ports specify the application listening on that system.
- A port is a logical opening in a computer that represents a service or application waiting for traffic.
- Ports are numbered from 0 to 65,535, allowing over 65,535 different openings to run services and applications, even with only one IP address.
- Ports are divided into three categories: well-known ports, registered ports, and ephemeral ports.
Well-Known Ports
- Numbered from 0 to 1,023.
- Include well-known services.
- File Transfer Protocol (FTP) operates on ports 20 and 21.
- Simple Mail Transfer Protocol (SMTP) operates on port 25.
- Web browsing uses port 80, while secure web browsing uses port 443.
Registered Ports
- Numbered from 1,024 to 49,151.
- Both well-known and registered ports need to be registered with the Internet Assigned Numbers Authority (IANA).
- To reserve a port (e.g., 33,333) for a new video game, a request must be made to IANA.
Ephemeral Ports
- Short-lived, temporary ports open for a short period from a predefined range.
- Also called dynamic ports or private ports.
- Can be used by anyone without requesting them, unlike well-known or registered ports.
- Consist of ports numbered from 49,152 up to 65,535.
- During data transfer, both an IP address and a port are needed to specify the system and the service or application for communication.
- When downloading an audio file, a device picks a random port (e.g., around 60,000).
- A web browser opens a port on the recording device to download the file, then closes it.
- A client at IP address 192.168.1.24 communicates with a website at 64.82.46.21 by picking a random high port from the ephemeral port range.
- A random ephemeral port (e.g., 49,163) is selected to initiate a communication session.
- Two-way communication is established between a web server on port 80 and a client on port 49,163.
- After transmitting data, the ephemeral port is closed.
- The client will still send data to port 80, but uses a new randomly generated ephemeral port for sending data and listening for responses.
- A port is a logical opening in a computer, representing a service or application that’s listening and waiting for communication.
- IP address identifies the server or client, while the port number specifies the application or service to communicate with.
Transmission Control Protocol (TCP)
- TCP is a fundamental protocol within the internet protocol suite that governs data exchange over the internet.
- TCP is widely used due to its reliability in delivering packets of data across the network, ensuring packets reach their destination correctly and in order.
- Achieved through error checking, data sequencing, and acknowledgement.
- Operates through the transport layer of the OSI model.
- Responsible for reliable data transmission between a client and a server, which breaks down messages into smaller packets and reassembles them at the destination.
- Packetization makes data transfer more efficient and manageable.
- TCP uses a three-way handshake to establish a connection between two systems.
- The three steps of handshaking process: SYN (synchronize), SYN-ACK (synchronize-acknowledge), and ACK (acknowledge).
- The client sends a SYN packet to initiate communication.
- The server responds with a SYN-ACK packet.
- The client sends an ACK packet back to confirm the connection.
- Error checking and flow control mechanisms ensure reliable deliverability using sequence numbers and acknowledgement messages.
- Lost or corrupted packets are retransmitted by the sender.
- Flow control prevents overwhelming the receiver using a mechanism called windowing. Windowing allows the receiver to specify the amount of data it can handle at one time.
- Ports are used as numerical identifiers within the TCP/IP suite to distinguish between different services or applications.
- Each TCP connection is identified by a pair of endpoint addresses, consisting of an IP address and a port number (source and destination IPs/ports).
- Ports enable multiple network applications to coexist on the same server, with each application having a unique port number.
- TCP ensures reliability and ordered delivery of data between a client and a server through packetization, acknowledgement, and error checking.
User Datagram Protocol (UDP)
- UDP is a communication protocol used for time-sensitive transmissions like video playback or DNS lookups.
- Useful for applications where losing some packets is acceptable.
- UDP is known for its low latency and reduced processing overhead, as it lacks the error checking and recovery services of TCP.
- Operates at the transport layer of the OSI model, like TCP.
- Works on a connectionless communication model, sending data packets (datagrams) without prior communications.
- Unlike TCP, UDP does not require a three-way handshake.
- UDP packets are simpler and smaller than TCP packets.
- Each UDP datagram includes source and destination port numbers, a length field, and a checksum, leading to smaller packet headers (8 bytes compared to TCP’s 20-60 bytes).
- UDP does not contain sophisticated error checking and recovery mechanisms due to limited header space.
- UDP is stateless, meaning it does not maintain the state of the connection or track packets.
- After data is sent, the protocol doesn’t check if it was received properly by the intended recipient.
- The lack of acknowledgement leads to faster data transfer rates, but packets may arrive out of order, be duplicated, or not arrive at all.
- UDP is used when transmission speed is more important than precision, such as live broadcasts, online gaming, and voiceover IP calling.
- UDP is suitable for streaming video where the loss of a few packets is not noticeable due to the large size of the video file.
- Also used for simple request-response communication like DNS lookups.
- Each UDP datagram contains source and destination ports in its header to direct the datagram to the correct application process.
- UDP doesn't ensure data integrity or delivery but includes a checksum in the header for minimal protection against data corruption during transmission.
- UDP is a simple, connectionless protocol for applications requiring efficient, speed-sensitive data transmissions.
- UDP is stateless and does not guarantee delivery or order of packets.
- UDP uses ports to direct data to the correct application on a client or server for time-sensitive data.
Internet Control Message Protocol (ICMP)
- ICMP is a network layer protocol primarily used for diagnosing network communication issues and providing hosts with information about network problems.
- ICMP operates at the network layer of the OSI model and is encapsulated within IP packets.
- Used for error reporting and testing.
- Used to indicate when a service or host is unreachable, when a packet’s time to live has expired, or when a router can’t forward packets due to a full buffer.
- The PING utility uses ICMP to send an Echo Request message to test the reachability of a host on an IP network, expecting an ICMP Echo reply in return.
- The PING utility measures the roundtrip time, or latency, of a network connection.
- ICMP messages have a simple structure with a header consisting of:
- Type: A one-byte field indicating the type of ICMP message.
- Code: A one-byte field providing context about the message type.
- Checksum: A two-byte field used for error checking the message header and data.
- The ICMP message contains different data based on the type and code of the message. For example, Echo Request and Echo Reply messages include an identifier and a sequence number.
- ICMP does not have the reliability mechanisms used in TCP, so there is no guarantee of message delivery, ordering, or error correction.
- ICMP is designed for speed and simplicity, not data integrity or security.
- ICMP is used for error handling and diagnostics, not for transmitting regular user data.
- Attackers and hackers have used ICMP for network attacks: -ICMP Flood Attack: Overwhelms a target machine with ICMP Echo Request packets (Ping packets) to consume system resources, leading to a Denial of Service (DoS). -Distributed Denial of Service (DDoS): Amplifies the attack using a network of compromised computers (botnets). -Ping of Death: Exploits a vulnerability in older systems by sending malformed or oversized packets using the ICMP protocol. -IP packets are traditionally limited to 65,535 bytes, including headers. -The Ping of Death attack involves crafting an ICMP Echo Request packet larger than this size. -When the target system tries to reassemble these oversized packets, it can lead to buffer overflows, system crashes, or other unpredictable behavior. Modern operating systems and network equipment are no longer vulnerable to the Ping of Death attack due to security measures and patches.
- Network administrators often block ICMP traffic at firewalls and routers because of vulnerabilities.
- Blocking ICMP traffic can make troubleshooting network connectivity harder, as tools like ping and traceroute may not work.
- The Internet Control Message Protocol (ICMP) is a network diagnostic and error reporting tool, not a transport protocol like TCP or UDP.
- ICMP is encapsulated within IP packets and is essential for network troubleshooting with tools like ping and traceroute.
- The ICMP Protocol has vulnerabilities that can be exploited by attackers through ICMP Flood Attacks or sending oversized ping packets.
Web Ports and Protocols
- Web ports and protocols govern data transmission and communication over the internet for websites and web pages.
- Port 80 and port 443 are two main ports used for the web, each using a different protocol for communication.
- Ports are integral to how the internet functions and allow computers to distinguish between different types of traffic and services.
- HTTP, or the Hypertext Transfer Protocol, relies on port 80 by default.
- HTTP is the foundation of data communication on the World Wide Web.
- Web browsers use port 80 to request webpages from a server when a specific port is not specified in the URL.
- HTTP is an application layer protocol designed to enable communications between clients and servers.
- HTTP works by sending plain text requests from a client to a server, which returns a plain text response with requested content like HTML pages and images.
- Transferred data via HTTP is sent in plain text and is not encrypted.
- Data sent over port 80 via HTTP is vulnerable to eavesdropping and on-path attacks.
- Never enter sensitive information on a webpage sending data back to the server over port 80 using HTTP.
- Instead, use a secure alternative to HTTP, which uses port 443.
- Port 443 is used by HTTPS, also known as Hypertext Protocol Secure or HTTP Secure.
- HTTPS adds a layer of encryption by sending data through a secure socket layer (SSL) or transport layer security (TLS) tunnel.
- Tunnels use encryption so any data transferred between the client and server is encrypted, securing it from interception or tampering.
- HTTPS in the URL means the browser established a connection using port 443.
- The S in HTTPS stands for secure, indicating communications are encrypted using SSL or TLS.
- HTTPS over port 443 protects sensitive data, such as online banking, e-commerce websites, and login pages.
- Many websites automatically redirect users from HTTP (port 80) to HTTPS (port 443) for added security.
- Using http://www.diontraining.com will redirect to the secure version at https://www.diontraining.com.
- Key differences between HTTP over port 80 and HTTPS over port 443: -Security and Encryption: HTTP is unencrypted and insecure, while HTTPS is encrypted and secure. -Default Usage: Port 80 was traditionally used for unsecure web browsing since 1991, but port 443 is now the standard for secure browsing. -SEO and Trust: Modern web practices favor HTTPS for increased security, leading search engines to rank HTTPS websites higher. -HTTPS encrypts data before transmission between the client and the server.
Email Ports and Protocols
- Email ports and protocols refer to conventions and numerical gateways that govern email transmission across the internet.
- These protocols: SMTP, POP3, and IMAP are the backbone of email communication, ensuring messages are sent, received, and managed efficiently.
Simple Mail Transfer Protocol (SMTP)
- SMTP is the standard protocol used for sending emails across the internet.
- SMTP operates over Port 25, the default port used by email servers to relay messages.
- SMTP is solely used for transmitting outbound emails.
- Considered an insecure protocol because data is sent in plain text.
- SMTPS (SMTP Secure) was introduced as a secure variant, it secures the SMTP protocol by transporting it via secure socket layer or transport layer security protocols, creating an encrypted tunnel.
- SMTPS operates over port 465 or port 587 to ensure email messages are encrypted during transit.
Post Office Protocol Version 3 (POP3)
- POP3 is used to retrieve emails from a remote server to a local client over port 110.
- The POP3 protocol downloads messages from the server to the email client and then deletes them from the server after they're downloaded.
- The main way email was received in the 1990s and early 2000s when people only had access to a single computer.
- Subsequent updates to POP3 allow downloading emails from the server while keeping the original copy on the server, but the read or delete status was not synchronized across devices.
- POP3 transmits emails in plain text, considered an insecure protocol.
- A secure variant called POP3S or POP3 Secure was created.
- POP3 Secure operates over Port 995, using SSL or TLS to encrypt the POP3 data.
Internet Message Access Protocol (IMAP)
- IMAP offers more flexibility than POP3 when receiving emails.
- IMAP operates over Port 143 and allows managing emails directly on the email server.
- Enables access to and synchronization of messages across multiple devices.
- IMAP transmits emails in plain text between the server and the client.
- To increase email security, select IMAPS, also known as IMAP Secure.
- IMAP Secure operates over Port 993 to provide a secure connection between the email server and the email client by transmitting data inside of an SSL or TLS tunnel.
- SMTP and SMTPS are used for sending emails, with SMTPS providing a secure path for data transmission.
- POP3 and IMAP are used for receiving emails, but IMAP offers more sophisticated email management for multiple devices.
- The more secure variants like SMTPS, POP3S, and IMAPS prevent eavesdropping or on-path attacks.
File Transfer Protocol (FTP)
- File transfer ports and protocols are specialized rules and procedures for transmitting files across networks.
- FTP, SFTP, TFTP, and SMB. serve different purposes and offer various levels of security and functionality.
- The file transfer protocol (FTP) is one of the oldest protocols for transferring files between a client and a server over a network.
- FTP uses port 20 for data transfer and port 21 for control commands.
- Port 20 is used for the actual data transfer.
- Port 21 is used for setting control commands to upload or download files.
- An FTP session initiates when the client uses port 21 to communicate, authenticate, and set up the file transfer.
- Data transfer takes place over port 20.
- Transmissions over FTP are not encrypted, sent in plain text.
- Usernames and passwords can be intercepted when logging into an FTP server.
Secure File Transfer Protocol (SFTP)
- Created to address the security concerns of FTP.
- SFTP stands for SSH file transfer protocol or secure FTP.
- SFTP operates over port 22.
- Tunneling an FTP protocol through an SSH connection is already encrypted.
- SFTP encompasses the functionalities of FTP and encrypts the data before it's transferred, preventing unauthorized disclosure.
- SFTP ensures secure file transmissions.
Trivial File Transfer Protocol (TFTP)
- Trivial file transfer protocol operates over port 69.
- TFTP is a simpler, more basic version of FTP without user authentication or directory browsing.
- TFTP sends files when minimal security is sufficient.
Server Message Block (SMB)
- Server message block operates over port 445.
- SMB is a network file-sharing protocol that allows applications to read and write files and request services from server programs.
- Predominantly used for Windows file sharing, allowing Windows computers to communicate and share files on a network.
- A cross-platform version called Samba exists on Linux systems.
- SMB is now considered cross-platform but was originally designed just for Windows systems and is almost exclusively used inside local area networks.
- FTP (ports 20 and 21) is for basic file transfers.
- SFTP operates over port 22 and secures file transfer capabilities with the security of SSH.
- TFTP occurs over port 69 for simple, unsecured transfers.
- SMB operates over port 445, mostly for Windows network file sharing inside a local area network.
- Align security requirements, network environment, and functionality to select the proper file transfer protocol.
Remote Access Ports and Protocols
- Remote access ports and protocols manage systems and networks from across the network or the world.
- Remote access technologies allow users to control systems, run commands, and manage files from remote locations.
Secure Shell (SSH)
- SSH provides secure remote login and network services over an unsecure network, operating over port 22.
- Provides a secure channel over an insecure network in a client-server architecture with strong authentication and encrypted data communications inside the SSH tunnel.
- SSH is widely used by administrators to control web applications remotely, and to ensure that communication is secure
- SSH creates a secure encrypted tunnel to operate text-based commands from a remote server over an unsecured network.
Telnet
- One of the earliest remote login protocols that operates over port 23.
- Telnet allows a user on one computer to log in remotely into another computer that's part of the same network.
- Telnet was designed for local area networks only and data transfers in plain text.
- Telnet data is susceptible to eavesdropping and on-path attacks due to lack of encryption.
- SSH was developed as a replacement for Telnet.
Remote Desktop Protocol (RDP)
- RDP is a proprietary protocol developed by Microsoft - graphical user interface to connect to another computer over a network.
- RDP operates over port 3389 and is designed to support different network topologies and multiple LAN protocols.
- RDP allows for the encryption of data, smart card authentication, and bandwidth reduction mechanisms for managing Windows-based systems remotely.
- SSH operates over port 22 for secure command line-based management.
- Telnet operates over Port 23 is replaced by SSH because Telnet does not operate in an encrypted manner.
- RDP operates over Port 3389 for secure graphical access to Windows-based systems.
- Always choose the protocol that aligns with security requirements and specific tasks.
Network Service Ports and Protocols
- Network service ports and protocols are fundamental to the operation of modern networks.
- Network services ensure that network devices can discover each other, communicate efficiently, and relay important system information.
- Network services are DNS, DHCP, SQL services, SNMP, and Syslog.
Domain Name System(DNS)
- DNS, or the Domain Name System, translates domain names into IP addresses.
- DNS uses port 53 by default and operates on both TCP and UDP and operates. DNS servers listen to client requests.
- UDP is used for querying and responses that fit in one packet.
- TCP is used for larger messages, including zone transfers.
Dynamic Host Configuration Protocol (DHCP)
- DHCP, or the Dynamic Host Configuration Protocol, automates the assignment of IP addresses, subnet masks, gateways, and other networking parameters.
- DHCP servers listen for client requests over port 67 using UDP.
- DHCP clients receive responses over port 68, using UDP.
SQL Services
- SQL services manage, query database operations from client applications.
- There isn't a standard port for all SQL services. Microsoft SQL Server operates over port 1433, and MySQL server operates over port 3306.
- These ports are used for managing databases and retrieving data.
Simple Network Management Protocol (SNMP)
- SNMP collects information from and configuring network devices (servers, printers, hubs, switches, routers) and operates over ports 161 and 162 using UDP.
- Port 161 is used by SNMP managers communicating with SNMP agents.
- Port 162 is used when agents send unsolicited trap messages back to the SNMP manager, such a network administrator or network technician.
Syslog
- Syslog for system logging allows devices to send event messages across IP networks to a syslog server.
- Syslog servers store, process, or forward logs.
- Syslog operates over port 514 using either UDP or TCP.
- UDP is used by default, or TCP is used if reliability is a concern.
- DNS resolves names to IP addresses over port 53.
- DHCP assigns network parameters using ports 67 and 68.
- Microsoft's SQL Server on port 1433, and MySQL server on port 3306 allow database management and data querying.
- SNMP use this for network management, and that operates over ports 161 and 162. Syslog is used for event logging over port 514.
Network Time Protocol (NTP)
- NTP synchronizes the clocks of a computer over a given network.
- Crucial for tim-dependent processes.
- Time synchronization operates over Port 123 using UDP.
- Enables networks to maintain accurate time.
Session Initiation Protocol (SIP)
- SIP initiates, maintains, and terminates real-time sessions involving voice, video, messaging, and other communication services.
- SIP runs over Port 5060 on both UDP and TCP for unencrypted signaling and Port 5061 with TCP for encrypted signaling with TLS.
Lightweight Directory Access Protocol (LDAP)
- LDAP accesses and maintains distributed directory information services over an IP network.
- LDAP Port 389 uses both TCP and UDP for all network communication.
- LDAP is insecure and transmits all information in plain text.
Lightweight Directory Access Protocol over SSL (LDAPS)
- LDAPS is a version of LDAP, encrypted with SSL or TLS.
- Used for connections that need to be protected.
- LDAPS runs over Port 636 using TCP.
- Protects sensitive data via an encrypted tunnel.
- NTP operates over Port 123 for network time.
- SIP operates over ports 5060 and 5061 and is for voice and video.
- LDAP is for directory services using Port 389, and LDAPS uses Port 636 for secure directory services.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.