1.5 Explain common ports and protocols, their application, and encrypted alternatives. Flashcards
1
Q
Intro to IP: A Series of Moving Vans
A
- Efficiently move large amounts of data
– Use a shipping truck - The network topology is the road
– Ethernet, DSL, coax cable - The truck is the Internet Protocol (IP)
– We’ve designed the roads for this truck - The boxes hold your data
– Boxes of TCP and UDP - Inside the boxes are more things
– Application information
2
Q
TCP and UDP
A
- Transported inside of IP
– Encapsulated by the IP protocol - Two ways to move data from place to place
– Different features for different applications - OSI Layer 4
– The transport layer - Multiplexing
– Use many different applications
at the same time
TCP and UDP
3
Q
TCP - Transmission Control Protocol
A
- Connection-oriented
– A formal connection setup and close - “Reliable” delivery
– Recovery from errors
– Can manage out-of-order messages
or retransmissions - Flow control
– The receiver can manage how much data is sent
4
Q
UDP - User Datagram Protocol
A
- Connectionless
– No formal open or close to the connection - “Unreliable” delivery
– No error recovery
– No reordering of data or retransmissions - No flow control
5
Q
Lots of Ports
A
IPv4 sockets
– Server IP address, protocol,
server application port number
– Client IP address, protocol, client port number
* Non-ephemeral ports –permanent port numbers
– Ports 0 through 1,023
– Usually on a server or service
* Ephemeral ports – temporary port numbers
– Ports 1,024 through 65,535
– Determined in real-time by the clients
6
Q
Port Numbers
A
- TCP and UDP ports can be any number
between 0 and 65,535 - Most servers (services) use non-ephemeral
(not-temporary) port numbers
– This isn’t always the case - it’s just a number. - Port numbers are for communication, not security
- Service port numbers need to be “well known”
- TCP port numbers aren’t the same as UDP port numbers
7
Q
ICMP
A
- Internet Control Message Protocol
– “Text messaging” for your network devices - Another protocol carried by IP - Not used for data transfer
- Devices can request and reply to administrative requests
– Hey, are you there? / Yes, I’m right here. - Devices can send messages when things don’t go well
– That network you’re trying to reach
is not reachable from here
– Your time-to-live expired, just letting you know
8
Q
Telnet
A
- Telnet – Telecommunication Network - tcp/23
- Login to devices remotely
- Console access
- In-the-clear communication
- Not the best choice for production systems
9
Q
SSH - Secure Shel
A
- Encrypted communication link - tcp/22
- Looks and acts the same as Telnet
10
Q
DNS - Domain Name System
A
- Converts names to IP addresses - udp/53
– www.professormesser.com = 162.159.246.164
– Large transfers may use tcp/53 - These are very critical resources
– Usually multiple DNS servers are in production
11
Q
SMTP - Simple Mail Transfer Protocol
A
- SMTP - Simple Mail Transfer Protocol
– Server to server email transfer - tcp/25 - Also used to send mail from a device to a mail server
– Commonly configured on mobile devices
and email clients - Other protocols are used for clients to receive email
– IMAP, POP3
12
Q
POP/IMAP
A
- Receive emails from an email server
– Authenticate and transfer - POP3 - Post office Protocol version 3 - tcp/110
– Basic mail transfer functionality - IMAP4 - Internet Message Access Protocol v4 - tcp/143
– Manage email inbox from multiple clients
13
Q
SFTP - Secure FTP
A
- Uses the SSH File Transfer Protocol - tcp/22
- Provides file system functionality
– Resuming interrupted transfers, directory listings,
remote file removal
14
Q
File transfer application protocols
A
- FTP – File Transfer Protocol
– tcp/20 (active mode data), tcp/21 (control)
– Transfers files between systems
– Authenticates with a username and password
– Full-featured functionality (list, add, delete, etc.) - TFTP – Trivial File Transfer Protocol
– udp/69
– Very simple file transfer application - Read files and write files
– No authentication - Not used on production systems
15
Q
DHCP - Dynamic Host Configuration Protocol
A
- Automated configuration of IP address,
subnet mask and other options
– udp/67, udp/68 - Requires a DHCP server - Dynamic / pooled
– IP addresses are assigned in real-time from a pool
– Each system is given a lease
– Must renew at set intervals - Reserved
– Addresses are assigned by MAC address
– Quickly manage addresses from one location
16
Q
HTTP and HTTPS
A
HTTP 80 HTTPS 443
* Hypertext Transfer Protocol
– Communication in the browser
– And by other applications
* In the clear or encrypted
– Supported by nearly all web servers and clients
17
Q
SNMP - Simple Network Management Protocol
A
- Gather statistics from network devices
– udp/161 - v1 – The original
– Structured tables, in-the-clear - v2 – A good step ahead
– Data type enhancements, bulk transfers
– Still in-the-clear - v3 – The new standard
– Message integrity, authentication, encryption
18
Q
Syslog
A
- Standard for message logging
– Diverse systems, consolidated log
– udp/514 - Usually a central log collector
– Integrated into the SIEM - You’re going to need a lot of disk space
– Data storage from many devices over
an extended timeframe
19
Q
RDP - Remote Desktop Protocol
A
- Share a desktop from a remote location over tcp/3389
- Remote Desktop Services on many Windows versions
- Can connect to an entire desktop or just an application
- Clients for Windows, MacOS, Linux, iPhone, and others
20
Q
NTP - Network Time Protocol
A
- Switches, routers, firewalls, servers, workstations
– Every device has its own clock - udp/123 - Synchronizing the clocks becomes critical
– Log files, authentication information, outage details - Automatic updates
– No flashing 12:00 lights - Flexible - You control how clocks are updated
- Very accurate
– Accuracy is better than 1 millisecond
21
Q
SIP - Session Initiation Protocol
A
- Voice over IP (VoIP) signaling
– tcp/5060 and tcp/5061 - Setup and manage VoIP sessions
– Call, ring, hang up - Extend voice communication
– Video conferencing, instant messaging,
file transfer, etc
22
Q
SMB - Server Message Block
A
- Protocol used by Microsoft Windows
– File sharing, printer sharing
– Also called CIFS (Common Internet File System) - Direct over tcp/445 (NetBIOS-less)
- Direct SMB communication over TCP
23
Q
LDAP/LDAPS
A
- LDAP (Lightweight Directory Access Protocol) - tcp/389
– Store and retrieve information in a network directory - LDAPS (LDAP Secure) - tcp/636
– A non-standard implementation of LDAP over SSL
– Still in use today
24
Q
Databases
A
- Microsoft SQL Server
– MS-SQL (Microsoft Structured Query Language)
– tcp/1433 - Oracle SQL *Net
– Also called Oracle Net or Net8 - tcp/1521 - MySQL free and open-source database
Ultimately acquired by Oracle - tcp/3306
25
Q
ICMP
A
- Internet Control Message Protocol
– “Text messaging” for your network devices - Another protocol carried by IP
– Not used for data transfer - Devices can request and reply
to administrative requests
– Hey, are you there? / Yes, I’m right here. - Devices can send messages when things don’t go well
– That network you’re trying to reach
is not reachable from here
– Your time-to-live expired, just letting you know
26
Q
GRE
A
- Generic Routing Encapsulation
– The “tunnel” between two endpoints - Encapsulate traffic inside of IP
– Two endpoints appear to be directly
connected to each other
– No built-in encryption
27
Q
AH (Authentication Header)
A
- Data integrity
- Origin authentication
- Replay attack protection
- Keyed-hash mechanism
- No confidentiality/encryption
28
Q
VPNs
A
- Virtual Private Networks
– Encrypted (private) data traversing a public network - Concentrator
– Encryption/decryption access device
– Often integrated into a firewall - Many deployment options
– Specialized cryptographic hardware
– Software-based options available - Used with client software
– Sometimes built into the OS
29
Q
IPSec (Internet Protocol Security)
A
Security for OSI Layer 3
– Authentication and encryption for every packet
* Confidentiality and integrity/anti-replay
– Encryption and packet signing
* Very standardized
– Common to use multi-vendor implementations
* Two core IPSec protocols
– Authentication Header (AH)
– Encapsulation Security Payload (ESP)
30
Q
IPsec Transport mode and Tunnel mode: AH and ESP
A
- Combine the data integrity of AH
with the confidentiality of ESP
