Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
For this lesson, we discuss protocol, what its functions are, and what they port assignments are. You'll also learn how to determine secure protocols from other, the difference between SSH and SSL. [toggle_content title="Transcript"] I will now be talking about the common protocols and their port numbers. We discuss the functions of the protocols and we learn their associated port numbers. The best way to learn the protocols and their port numbers, know what the protocol does, know the functions carried out by the protocol and you learn the corresponding port number. A quick trick, if we have S at the beginning of a protocol and that S stands for Security, it means we got the S from SSH. If we have 'S' at the end of a name and it stands for secure, so this is at the beginning, this is at the end we got it from SSL. Very quick tip for you, if we have 'S' at the beginning of a name and this 'S' means 'secure' that means we got it from 'SSH'. If you have S at the end of a name and the S means secure that means we got it from 'SSL'. First thing we need to know, what is SSH? What is SSL? SSH, secure shell. This is to give security to information we transmit across the internet, create a tunnel through which communications move through sort of shielding communications packets as they move through the internet. It is like you put a shell around your messages. SSH has a port number 22. Anytime we use SSH to secure messages, protocols, packets as we move them across the internet, anything We add SSH to, becomes 22. SSL, secure socket layer provides end to end security from one end to the other end across the internet. Anything you add SSL to- SSL has a pot number 443. If you were to add SSL to anything it becomes 443. Let's take [some] few other protocols. We have FTP. This is file transfer protocol and as the name implies this is the protocol with which we transfer files on the network. However FTP with the port number 21 is not very secure. It does its transmissions in plain text. You don't want to transmit anything on the internet across the network in plain text. What do we do? To make it secure we add SSH. We say SSH plus FTP. That gives us SFTP. I told you earlier anytime you add SSH to anything it becomes 22. The port number for SFTP is 22. The port number for FTP by itself is 21. We also have something called the copy protocol. The copy protocol is used on networks and it is not very secure. If you look at the copy protocol, if you add SSH to that, it gives us the secure copy protocol. The port number for secure copy protocol is 22 because we have added SSH to that. These are some protocols where we add SSH to improve the security. Let's take a look at some other protocols like HTTP. HTTP, Hypertext transfer protocol. This is the protocol with which we navigate the internet. Internet traffic goes through this protocol; HTTP. The port number for HTTP is port 80. HTTP has no business with security. Everything you do across the internet is not secure with HTTP. However if you go to some websites to do financial transactions, you need to secure your transmissions, your credentials, credit card numbers and passwords. At some point you need security. Then we have to employ SSL. SSL gives end to end security. I could be on a website like Amazon for example. When I land on amazon and if you check in the address bar, it will tell you HTTP. You navigate through all the pages, it still HTTP. You make your selections, put them in your cart. When you are done you say, proceed to check out. The moment you say "proceed to check out," you hit on the button "Proceed to check out" you are transferred from HTTP to HTTPs because at that point you have to log on to the server. You have to log on into your account, you are going to be exchanging credentials with the server. You are also going to be exchanging address, delivery address, credit card number to the server so you need a secure communication route. This is where SSL come into play. If we add HTTP plus SSL we get HTTPS. SSL is 443 added to HTTP so the port number HTTPs is 443. This is a very nice trick, to keep these numbers in our head. Next protocol we look at is something called TFTP. The Trivial File Transfer Protocol. This is the protocol with which we send and receive files on the network. The port number for TFTP is 69. Port 69 for TFTP. A protocol with which we send and receive files on the network. Another protocol, very important we look at is RDP. RDP is what we call the Remote Desktop Protocol. This is a proprietary protocol from Microsoft. It provides users with graphical interface to connect another computer over a network connection. The port number RDP is 3389. This is one of the port numbers that has 4 digits in the syllabus so it's very important we know this, 3389 for RDP. Another protocol we look at Is TELNET. TELNET has a port number 23. This is a protocol with which we do connections across the network to other computers on the network. Port number 23 for TELNET. We then look at some other protocols like SNMP and SMTP. SNMP, Simple Network Management Protocol, this is a protocol with which we gather configuration parameters from devices on the network. You see on your network you have some devices that have no panels, panels where you could read their configuration parameters so you need SNMP. Your computer is running an SNMP agent, the device on the network is also running an SNMP agent so using SNMP you are able to gather configuration parameters. You can monitor the performance of these devices. You can also push configuration parameters to those devices. The port number for SNMP is actually 161 that we focus on. There are 3 port numbers. We have 160, 161, 162. The focus for this exam is 161. It's actually 160, 161, 162 for SNMP but the focus is largely 161.We also have SMTP. SMTP, Simple Mail Transfer Protocol. This is the protocol that allows emails to move from one server to another server. We move emails from one server to another server using SMTP. The port number for SMTP is 25. 25, SMTP, it allows your emails to move from one exchange server to another server. Another protocol we look at is DNS, Domain Name Service. The port number for DNS is 53. What is DNS? Domain Name Service. The Domain Name Service allows us to do name resolution across the internet. When you sit in front of a machine you type the URL, the fully and qualified domain name. For example www.microsoft.com. Your system doesn't know where to take you. Your browser would actually make a query to the DNS and the DNS has tables of addresses for the IP addresses to all these servers. The query is satisfied by the DNS. Now the browser knows how to get you to the website. DNS does name resolution for our network traffic. We also will be looking at some email protocols. We have Post office protocol version 3. We also have HIMAP. Let's discuss POP3. Post office protocol version 3, this is the protocol with which we retrieve emails. We don't send emails with POP3, we only retrieve emails with POP3. We have to be very careful when we are setting up POP3. The default configuration of POP3 is that it will retrieve the emails from the server and delete them on the server. If you were to move from one device to another device, your emails are no longer available on the server. We should be careful when we set up POP3, to set it not to delete the emails, let the emails stay on the server. The port number for POP3 is 110, 110 for POP3.Another protocol for emails is something called IMAP. This is the Internet Message Access Protocol. The port number for IMAP is 143. IMAP is similar to POP3 in some of its abilities. However it allows us to do much more. In our inbox we are able to search for specific messages. Say I received the message from a friend 3 weeks ago about certification. I could even use the word Certification as a search factor while the emails are still on the server. IMAP also allows me to create folders in my email such that I could archive my emails appropriately. The port number for IMAP is 143. We have looked at SNMP, SMTP, RDP, TELNET, HTTPS, DNS, TFTP, HTTP port 80, IMAP POP3. We will now discuss ICMP. This is the Internet Control Message Protocol. The IP network services use, we use this for error reporting. You want to do network connectivity between two devices on the network, between a node and another node or between a host and a host on the network, we would use ICMP. The ICMP utility is used in the [pin]command. We would open up our command prompt, you open up your command prompt and you type in the pin command with the name or IP address to the device and you would pin the device. Effectively either you get a reply or you get an error or time out. This lets you know the state at which the device is on the network. Sometimes some organizations are also able to block your ping request because ping could be used in an attack. We have different types of ping, ping floods that could be used to overwhelm your servers. Some organizations actually could enable their firewalls to block a ping request as a preventive measure not putting themselves at risk of a flooding attack from a ping. Sometimes when you ping your website and you don't get a reply from the website, does not necessarily mean that the server is down. You could go through a browser and you still land on the website but when you ping them you don't get a reply. This is essentially because they are trying to avoid ping attacks. [/toggle_content]
CISSP CISM CISA CHFI CSXF CEH, Cyber Security Specialist & Trainer
Subscribe to become an Insider Pro and get access to premium content such as: