1.5 Ports And Protocols

Question 1

SSH

Answer 1

Secure shell
Tcp/22

Encrypted communication link
Looks like telnet

Question 2

Telnet

Answer 2

Tcp/23

Log into devices remotely
In the clear communication
Console access

Question 3

DNS

Answer 3

Domain name system
UDP/53

Converts names to ip addresses
Large files may use tcp/53

Question 4

SMTP

Answer 4

Simple mail transfer protocol
Tcp/25

Server to server mail exchange
Send mail to server

Question 5

POP3

Answer 5

Post office protocol
Tcp/110

-Receive email from server
-Downloads email to one client
-authenticates and transfers

Question 6

IMAP4

Answer 6

Internet message access protocol
Tcp/143

-receive email from email server
- syncs to multiple clients

Question 7

SFTP

Answer 7

Secure file transfer protocol
Tcp/22

-Use SSH for file transfer
-provides file system functionality
*resuming interrupted transfers, directory listings, remote file removal

Question 8

FTP

Answer 8

File transfer protocol
Tcp/20 (active mode data)
and tcp/21(control)

-transfers files between systems
-authenticates with username and password
-full functionality (list, add, delete, etc)

Question 9

TFTP

Answer 9

Trivial file transfer protocol
UDP/69

-very simple file transfer
-reads and writes
-no authentication

Question 10

DHCP

Answer 10

Dynamic host configuration protocol
UDP/67, UDP/68

-automated configuration of IP address
-update from bootp
-DORA
-Uses IPv4 broadcast domain
-dhcp relay (helper) needed across different network since routers do not forward broadcast messages
-renewal
-T1 timer (50% of lease time)
-T2 timer (87.5% of lease time)

Question 11

HTTP

Answer 11

Hypertext transfer protocol
Tcp/80

-communication in browser or over web applications
-in the clear

Question 12

HTTPS

Answer 12

Hypertext transfer protocol
(Over SSL or TLS)
Tcp/443

-web applications
-encrypted

Question 13

SNMP

Answer 13

Simple network management protocol
UDP/161

-gather statistics from network devices

-v1 - structured tables, in the clear
-v2 - data type enhancements, bulk
transfers, in the clear
-v3 - message integrity,
authentication, encryption

Question 14

Syslog

Answer 14

UDP/514

-standard for message logging
- usually central log collector (SIEM)
- lot of disk space needed

Question 15

RDP

Answer 15

Remote Desktop protocol
Tcp/3389

-share a desktop from a remote location

Question 16

NTP

Answer 16

Network time protocol
UDP/123

-synchronizing clocks on all devices
-automatic updates
-flexible-you control how clocks update

-distance from original clock is a stratum
-stratum 0 (atomic or gps clock)
-stratum 1 (primary time servers)
-stratum 2(sync’d to stratum 1 servers)

Question 17

SIP

Answer 17

Session initiation protocol
Tcp/5060 and tcp/5061

-VoIP signaling
-setup and manage VoIP sessions
-video conferencing, instant messaging, file transfer, etc

Question 18

SMB

Answer 18

Server Message Block
Tcp/445 (NetBIOS-less)

-file sharing, print sharing used by Microsoft
-aka CIFS (Common Internet File System)

Question 19

LDAP

Answer 19

Lightweight directory access protocol
Tcp/389

-an access database used by 802.1x for authentication
-store and retrieve information in a network directory
-used to query and update an X.500 directory
(Used in windows AD, Apple
OpenDirectory, OpenLDAP, etc)
-Hierarchical structure (builds tree)
-Container objects
-country, organization, OUs
-leaf objects
-users, computers, printers, files

Question 20

MS-SQL

Answer 20

Microsoft SQL Server
Tcp/1433

Question 21

SQLnet

Answer 21

Oracle SQL Net
Tcp/1521

-aka oracle net or net8

Question 22

MySQL

Answer 22

tcp/3306

-free and open source database
-ultimately acquired by Oracle

Question 23

SMTP TLS

Answer 23

Tcp/587

Question 24

POP3 over SSL

Answer 24

Tcp/995

Question 25

IMAP over SSL

Answer 25

Tcp/993

Question 26

LDAPS

Answer 26

-non-standard implementation of LDAP over SSL
Tcp/636

Question 27

ICMP

Answer 27

Internet control message protocol
-carried by IP
-“test message” For your network devices

Question 28

GRE

Answer 28

• Generic Routing Encapsulation
– The “tunnel” between two endpoints
• Encapsulate traffic inside of IP
– Two endpoints appear to be directly connected to each other
– No built-in encryption

Question 29

VPNs

Answer 29

• Virtual Private Networks
– Encrypted (private) data traversing a public network
• Concentrator
– Encryption/decryption access device
– Often integrated into a firewall
• Many deployment options
– Specialized cryptographic hardware
– Software-based options available
• Used with client software
– Sometimes built into the OS

Question 30

IPSec

Answer 30

• Security for OSI Layer 3
– Authentication and encryption for every packet
• Confidentiality and integrity/anti-replay
– Encryption and packet signing
• Very standardized
– Common to use multi-vendor implementations
• Two core IPSec protocols
– Authentication Header (AH)
– Encapsulation Security Payload (ESP)

Question 31

AH

Answer 31

AH (Authentication Header)
• Data integrity
• Origin authentication
• Replay attack protection
• Keyed-hash mechanism
• No confidentiality/encryption

Question 32

ESP

Answer 32

Encapsulating Security Payload
• Data confidentiality (encryption)
• Limited traffic flow confidentiality
• Data integrity
• Anti-replay protection

Question 33

IPSec Transport and Tunnel Mode

Answer 33

AH and ESP
• Combine the data integrity of AH with the confidentiality of ESP

Transport mode keeps original IP header and adds AH and ESP before that IP header

Tunnel mode encrypts IP header, puts AH and ESP headers in front of it and adds a new IP header at the front