Protocols of the TCPIP Suite Part 2

00:05

just a few more protocols. Important numbers.

00:07

The next protocol we have is L. D. A P Lightweight directory access protocol.

00:13

This is the database format and structure for active directory and any sort of directory services that we use

00:19

when you see L. D. A. P. I want you to think domain controller if you're a Windows person

00:25

or a more general term authentication survey.

00:29

L. D P is the protocol that allows the structuring of organizations, and you can see that it's a kind of a hierarchical structure

00:36

at the top. We have a route Children and leaps

00:39

in windows at the top. You have the root down to domains down to organizational units, then down two groups and users.

00:47

But at any rate, it's a structuring of art and network environment that makes it very easy to access information and to retrieve information and to organize our network.

00:57

L. D. P. Uses Port 3 89 or secure L. D. A. P uses Port 6 36

01:06

mentioned a few minutes ago That http is insecure. So what do we do?

01:10

We can use SSL and TLS to provide security.

01:14

SSL and TLS uses Port 4 43.

01:18

These are not the same protocol. SSL and TLS are two different protocols, but they do both use for 43 a lot of ways they operate in a similar fashion

01:30

radius stands for remote authentication. Dial in user service is

01:36

we actually talked about the same idea back with Takacs. Plus

01:40

what Radius does is allow a centralized location to configure policies and rules remote access clients.

01:47

So, for instance, when we say remote access clients, we're talking about clients that access the network without being physically plugged into the network.

01:55

So what if I clients style up, which I know we kind of scoff at Dial up because we don't think of dusting off our models to connect to our networks, but dial up still exists in particular environments.

02:06

Plus, we have to keep in mind that not everywhere has high speed access,

02:09

so remote access services and dial up are still around.

02:14

We also think about VPN clients connecting to VPN servers

02:19

over on the left, where you see supplicants. Supplicant is the device that initiates the connection.

02:24

It's the remote device that wants to connect to the local area network.

02:29

Traditionally, the supplicants have to connect to two devices called Authenticators,

02:34

so my WiFi device connects to an access point.

02:37

My dial up client connects to a remote access server,

02:40

my VPN client, to a VPN server.

02:43

And traditionally what has happened is the policy decisions were configured and made on these authenticators.

02:51

What I mean by that is, if I want to set up very strict requirements for who can access the Net require Lucy,

02:57

what time, What type of connection, What location or any set of requirements. What I would have to do is go to those access points and configure the rules, the policies.

03:06

Same thing. If I have multiple dial up servers or remote access servers,

03:10

I would have to configure policy on each of those servers. Same thing with VPN.

03:15

So what I have is a really distributed environment where I would have to walk around from access point to access point and configure policy.

03:24

Or instead I can configure those devices with authenticators to Ford the authentication requests to a radius server.

03:31

I would configure policy just on that radius server.

03:35

That's exactly what tax plus was for.

03:38

There's also a protocol that's kind of similar, called diameter

03:42

diameter never really took off, but its purpose was to replace radius as an diameter is twice the radius.

03:47

So Radius is all about central authentication for remote access services, and it uses Port 18, 12 and 18 13. And it works very comparably to tack ax plus

04:00

remote desktop Protocol. Rdp.

04:02

This is a very dangerous protocol from a security perspective, because what Rdp allows you to do is access another user's system.

04:11

You can perform operations just as if you're sitting in front of that system.

04:15

In some ways, that's very helpful because if you need help doing some administrative type task and you don't know how to add a printer, then I can already p into your system. You can watch me at a printer that will make it easier for you next time.

04:30

But of course, then he sort of remote access going to be very careful, cautious and limited. Where we allow Rdp.

04:36

I can't think of a lot of reasons that I'm going to allow unfettered Rdp access from outside the network in probably not a good idea.

04:45

Rdp uses Port 3389.

04:50

Now I'm not going to tell you. These are all the port numbers you could conceivably see.

04:55

But if I were studying for this exam and for those of you who are coming down the line and looking forward to the Security plus exam,

05:01

these are the protocols that I would be sure to know

05:04

have a brief understanding at this level. You don't need to be in depth with any of these protocols, but I would encourage you as we continue. You want to go a bit deeper and we'll cover those throughout the class.

05:15

Now, in these key takeaways, there are few protocols that we have not discussed.

05:20

I request that you focus on the ones we've covered as far as understanding them in more depth.

05:25

But it doesn't hurt to know one or two additional protocols.

05:30

There's one here for Net B, I OS and network news transfer protocol.

05:34

The best way to memorize these ports is to get a deck of flash cards and put http on the front and on the back, Port 80.

05:43

If you take the time to do that, then I think you'll find that you can memorize the ports fairly quickly and it won't be too challenging

05:50

Like I said, these little wrap up ports give you a couple more. But I would focus on the port numbers that I've given you with this being one of those lists that out of everything that I could possibly throw at you,