1.5 Explain common ports and protocols, their application, and encrypted alternatives. Flashcards
File Transfer Protocol (FTP)
20/21
Provides insecure file transfers
Secure Shell (SSH)
22
provides secure remote control of another machine using a text-based environment
Secure File Transfer Protocol (SFTP)
22
provides secure file transfers
Telnet
23
provides insecure remote control of another machine using a text-based environment
Simple Mail Transfer Protocol (SMTP)
25
provides the ability to send emails over the network
Domain Name System (DNS)
53
converts domain names to IP addresses, and IP addresses to domain names
Dynamic Host Configuration Protocol (DHCP)
67 & 68
automatically provides network parameters to your clients, such as their assigned IP address, subnet mask, default gateway, and the DNS server they should use
Trivial File Transfer Protocol (TFTP)
69
used as a lightweight file transfer method for sending configuration files or network booting of an operating system
Hypertext Transfer Protocol (HTTP)
80
used for insecure web browsing
Post Office Protocol v3 (POP3)
110
used for receiving incoming emails
Network Time Protocol (NTP)
123
used to keep accurate time for clients on a network
Internet Message Access Protocol (IMAP)
143
a newer method of retrieving incoming emails which improves upon the older POP3
Simple Network Management Protocol (SNMP)
161 & 162
used to collect data about network devices and monitor their status
Lightweight Directory Access Protocol (LDAP)
389
used to provide directory services to your network
Hypertext Transfer Protocol Secure (HTTPS) [Secure Sockets Layer (SSL)]
443
used as a secure and encrypted version of web browsing
HTTPS [Transport Layer Security (TLS)]
443
used as a secure and encrypted version of web browsing
Server Message Block (SMB)
445
used for windows file and printer sharing services
Syslog (System Logging Protocol)
514
used to send logging data back to a centralized server
SMTP TLS
587
secure and encrypted way to send emails
Lightweight Directory Access Protocol (over SSL) (LDAPS)
636
provides secure directory services
IMAP over SSL
993
secure and encrypted way to receive emails
POP3 over SSL
995
secure and encrypted way to receive emails
Microsoft (SQL) Server
1433
used for communication from a client to the database engine
SQLnet
1521
used for communication from a client to an Oracle database
MySQL
3306
used for communication from a client to the MySQL database engine
Remote Desktop Protocol (RDP)
3389
provides graphical remote control of another client/server (it is encrypted/secure)
Session Initiation Protocol (SIP)
5060 & 5061
used to initiate VoIP and video calls
Corporate hired a penetration testing expert to test their internal security. The final report given to the executives shows that the way the expert circumvented their security was by using port 1521 from a remote location. The expert suggested enabling access control lists on that service. What protocol did the expert use to infiltrate the network?
Syslog
SQLnet
Telnet
MySQL
Oracle’s remote data access protocol SQL*Net uses TCP/1521. Access lists should secure these ports to provide security.
Syslog is an example of a protocol and supporting software that facilitates log collection. It has become a de facto standard for logging events from distributed systems on port 514.
Telnet is both a protocol and a terminal emulation software tool that transmits shell commands and output between a client and the remote host on port 23.
The open-source MySQL platform uses TCP/3306. The MariaDB platform forked from MySQL uses the same port.
A network administrator is monitoring network traffic and notices a severe spike on port 993. Which protocol is causing the spike in network traffic?
SMTP
IMAP over SSL
IMAP
POP3 over SSL
A client connects to an IMAP server over port 143 and establishes connection security using a TLS. The default port for IMAPS (IMAP over SSL) is TCP/993.
A client establishes a connection to the POP server on TCP port 110. Using TLS encryption can secure POP. The default TCP port for secure POP (POP3S) is port 995.
A client connects to an IMAP server over TCP port 143. Like POP, IMAP is a mail retrieval protocol, but with mailbox management features lacking in POP.
SMTP is useful only to deliver mail to permanently available hosts. When an SMTP server receives a message, it delivers the message to a mailbox server using port 25.
A client is attempting to connect to a network, but is unable to successfully connect. They decide to open Wireshark to see if they can troubleshoot but want to filter based on the DHCP port. What should they filter on?
TCP 67
TCP 80
UDP 123
TCP 139
Information can be viewed from Dynamic Host Configuration Protocol (DHCP) traffic by filtering on TCP 67 and 68. DHCP dynamically assigns IP addresses to network hosts.
Server Message Block (SMB) provides File/Print Sharing Service and operates on TCP 139 and 445. SMB allows a machine to share its files and printers to make them available.
Hypertext Transfer Protocol (HTTP) operates over TCP 80 and enables clients to request resources from a HTTP server.
The Network Time Protocol (NTP) enables the synchronization of time-dependent applications. A server or host that is configured with the incorrect time may not be able to access network services. Authentication, and other security mechanisms will often fail if the time is not synchronized on both communicating devices. Errors are likely to be generic failed or invalid token messages.
Which port will a Domain Name Server (DNS) use for record transfers over 512 bytes?
Transmission Control Protocol (TCP) port 23
User Datagram Protocol (UDP) 69
Transmission Control Protocol (TCP) port 53
User Datagram Protocol (UDP) port 53
A Domain Name Server (DNS) server that needs to allow large record transfers over 512 bytes will be configured to allow connections over Transmission Control Protocol (TCP) port 53.
A DNS server is usually configured to listen for queries on User Datagram Protocol (UDP) port 53. Larger transfers (over 512 bytes) require use of TCP port 53.
Telnet uses TCP port 23 by default. Telnet is terminal emulation software to support a remote connection to another computer.
Trivial File Transfer Protocol (TFTP) is a connectionless protocol running over User Datagram Port 69.
A router downloads configuration files over User Datagram Protocol (UDP) port 69. The router does not have access to browse the directory or to delete files. Analyze File Transfer Protocols (FTPs) and determine what protocol the router is using.
Active File Transfer Protocol (FTP)
Trivial File Transfer Protocol (TFTP)
File Transfer Protocol over Secure Sockets Layer (SSL)
Secure File Transfer Protocol (SFTP)
The Trivial File Transfer Protocol (TFTP) is a connectionless protocol that runs over User Datagram Port (UDP) port 69. TFTP supports reading and writing files, not directory browsing or file deletion.
Secure FTP (SFTP) runs over Transmission Control Protocol (TCP) port 22. SFTP addresses the privacy and integrity issues of FTP by encrypting the authentication and data transfer.
FTP connects to TCP port 21 on an FTP server and opens a chosen dynamic client port number (N). In active mode, the client sends a PORT command specifying the chosen data connection port number (typically N+1).
FTP over Secure Sockets Layer (SSL) uses either Explicit Transport Layer Security (FTPES) or Implicit Transport Layer Security (FTPS) for secure communication.
A new system administrator configures a shared repository for access to files through a web-based interface. What port must the administrator enable on the repository?
21
445
22
80
The Hypertext Transfer Protocol (HTTP) enables clients to request resources from an HTTP server. HTTP uses port 80.
Secure Shell (SSH) is the principal means of obtaining secure remote access to a UNIX or Linux server. SSH uses port 22.
The Server Message Block (SMB) protocol provides File/Print Sharing Service. SMB allows a machine to share its files and printers to make them available. SMB uses port 445.
File Transfer Protocol (FTP) connects to Transmission Control Protocol (TCP) port 21 on an FTP server and opens a chosen dynamic client port number for communications and transfers.
