3- Basic Network Security Flashcards

1
Q

Networking Concepts

A
  • Protocols
  • Understanding & Identifying Ports
  • Well-known Ports
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Networking Concepts: Protocols

A

Networking protocols provide the rules needed for computers to communicate with each other on a network. TCP/ IP is a full suite of protocols used on the Internet and many internal networks. Some of the TCP/ IP protocols, such as TCP, UDP, and IP, provide basic connectivity. Other protocols, such as HTTP and SMTP, support specific types of traffic, such as web traffic or e-mail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Networking Concepts: Protocols- TCP/IP

A

TCP/ IP isn’t a single protocol, but a full suite of protocols.

Grouped protocols can fall within the following sections:

  • Basic connectivity protocols
  • Encryption protocols
  • Application protocols
  • E-mail protocols
  • Remote access protocols
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Networking Concepts: Protocols- TCP/IP– Basic connectivity protocols

A

Some basic protocols used within the TCP/ IP suite for basic connectivity and testing basic connectivity include:

  • TCP (Transmission Control Protocol);
  • UDP (User Datagram Protocol);
  • The Internet Protocol;
  • Address Resolution Protocol;
  • ICMP (Internet Control Message Protocol).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Networking Concepts: Protocols- TCP/IP– Basic connectivity protocols: TCP (Transmission Control Protocol)

A

TCP (Transmission Control Protocol): provides connection-oriented traffic (guaranteed delivery). TCP uses a three-way handshake. To start a TCP session, the client sends a SYN (synchronize) packet. The server responds with a SYN/ ACK (synchronize/ acknowledge) packet, and the client completes the third part of the handshake with an ACK packet. At this point, the connection is established.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Networking Concepts: Protocols- TCP/IP– Basic connectivity protocols- SYN Flood Attack

A

SYN Flood Attack
The SYN flood attack is a common denial-of-service (DoS) attack. In the SYN flood attack, the attacker sends multiple SYN packets but never completes the third part of the handshake. Instead, the attacker withholds the last ACK packet, leaving the server with several open sessions waiting to complete the handshake in each.

This is like a friend extending his hand to shake hands with you, you extending your hand in response, and then, at the last instant, he pulls his hand away. While you or I will probably stop extending our hand back to someone doing this, the server doesn’t know any better and keeps answering every SYN packet with a SYN/ ACK packet.

Each uncompleted session consumes resources on the server, and if the SYN flood attack continues, it can actually crash the server. Some servers reserve a certain number of resources for connections, and once the attack consumes these resources, the system blocks additional connections. Instead of crashing the server, the attack prevents legitimate users from connecting to the server.

An intrusion prevention system (IPS, covered in chapter 4) can detect a SYN flood attack and respond to block the attack. Additionally, many firewalls include a flood guard that can detect SYN flood attacks and take steps to close the open sessions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Networking Concepts: Protocols- TCP/IP– Basic connectivity protocols: Internet Protocol

A

The Internet Protocol identifies hosts in a TCP/ IP network and delivers traffic from one host to another using IP addresses. IPv4 uses 32-bit addresses represented in dotted decimal format, such as 192.168.1.100. IPv6 uses 128-bit addresses using hexadecimal code such as: FE80: 0000: 0000: 0000: 20D4: 3FF7: 003F:DE62

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Networking Concepts: Protocols- TCP/IP– Basic connectivity protocols: User Datagram Protocol (UDP).

A

User Datagram Protocol provides connectionless sessions (without a three-way handshake). ICMP traffic and audio and video streaming use UDP. Many network-based denial-of-service (DoS) attacks use UDP. All TCP/ IP traffic is either connection-oriented TCP traffic or connectionless UDP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Networking Concepts: Protocols- TCP/IP– Basic connectivity protocols: Address Resolution Protocol

A

Address Resolution Protocol resolves IP addresses to media access control (MAC) addresses. MACs are also called physical addresses, or hardware addresses. TCP/ IP uses the IP address to get a packet to a destination network, but once it arrives on the destination network, it uses the MAC address to get it to the correct host. In other words, ARP is required once the packet reaches the destination subnet. ARP poisoning uses ARP packets to give clients false hardware address updates and can be used to redirect or interrupt network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Networking Concepts: Protocols- TCP/IP– Basic connectivity protocols: ICMP (Internet Control Message Protocol)

A

ICMP (Internet Control Message Protocol) is used for testing basic connectivity and includes tools such as ping, pathping, and tracert. As an example, ping can check for basic connectivity between two systems. Many DoS attacks use ICMP. Because of how often ICMP is used in attacks, it has become common to block ICMP at firewalls and routers, which disables a ping response. Blocking ICMP prevents attackers from discovering devices in a network with a host enumeration sweep.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Networking Concepts: Protocols- TCP/IP– Basic connectivity protocols- DoS Attack

A

Many DoS (Denial-of-Service) attacks use ICMP, so it is common to block ICMP at firewalls and routers. If ping fails, but other connectivity to a server succeeds, it indicates that ICMP is blocked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Networking Concepts: Protocols- TCP/IP– Encryption Protocols

A

Encryption Protocols
Any traffic sent across the wire in clear text is subject to sniffing attacks with a protocol analyzer. One way to protect against this vulnerability is to encrypt the data. Some protocols used to encrypt traffic include:
-SSH (Secure Shell);
-SCP (Secure Copy).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Networking Concepts: Protocols- TCP/IP– Encryption Protocols: SSH (Secure Shell)

A

SSH (Secure Shell) can be used to encrypt a wide variety of traffic, such as Telnet, Secure Copy (SCP), and Secure File Transfer Protocol (SFTP). UNIX and Linux administrators often use SSH to remotely administer these systems. When traffic is encrypted with SSH, it uses port of 22.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Networking Concepts: Protocols- TCP/IP– Encryption Protocols: SCP (Secure Copy)

A

SCP (Secure Copy) is based on SSH. Users can use SCP to copy encrypted files over a network. SCP uses port 22.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Networking Concepts: Protocols- TCP/IP– Encryption Protocols: Secure Sockets Layer protocol

A

The Secure Sockets Layer protocol secures HTTP traffic as HTTPS. SSL can also encrypt other types of traffic such as LDAP. SSL uses port 443 when encrypting HTTP, and port 636 when encrypting LDAP/ SSL (LDAPS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Networking Concepts: Protocols- TCP/IP– Encryption Protocols: Transport Layer Security protocol

A

Transport Layer Security protocol is the designated replacement for SSL. At this point, you can use TLS instead of SSL in just about any application. For example, TLS can encrypt HTTP traffic as HTTPS (on port 443), and LDAP traffic as LDAP/ TLS (LDAPS) on port 636. Notice that LDAPS can use either SSL or TLS and both use port 636.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Networking Concepts: Protocols- TCP/IP– Encryption Protocols: IPsec (Internet Protocol security)

A

IPsec (Internet Protocol security) is used to encrypt IP traffic. It is native to IPv6 but also works with IPv4. IPsec encapsulates and encrypts IP packet payloads and uses tunnel mode to protect virtual private network (VPN) traffic. IPsec includes two components: Authentication Header (AH), identified by protocol ID number 51, and Encapsulating Security Payload (ESP), identified by protocol ID number 50.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Networking Concepts: Protocols- TCP/IP– Encryption Protocols- summary

A

SSH encrypts a wide variety of traffic and uses port 22 in each implementation. It encrypts FTP traffic (as SFTP) using port 22 instead of the FTP ports of 20 and 21. It encrypts Telnet traffic using port 22 (instead of the Telnet port of 23). SSH is also used with SCP to copy encrypted files over a network.

SSL and TLS encrypt traffic, including traffic over the Internet. IPsec includes ESP to provide payload encryption and AH to provide authentication and integrity. IPsec is built into IPv6 but can also work with IPv4.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols

A

Application Protocols
Many different applications protocols are used on the Internet and within an intranet. A common protocol that you probably use frequently is HTTP to access web pages on the Internet. Some of the more commonly used application protocols are:
-

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: HTTP (Hypertext Transfer Protocol)

A

HTTP. Hypertext Transfer Protocol is used for web traffic on the Internet and in intranets. Web servers use HTTP to transmit web pages to client’s web browsers. Hypertext Markup Language (HTML) is the common language used to display the web pages. HTTP uses port 80.

Gibson, Darril (2011-11-10). CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (Kindle Locations 3912-3914). . Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: HTTPS (HTTP Secure)

A

HTTPS (HTTP Secure) secures web traffic by transmitting it in an encrypted format. Web browsers commonly indicate that a secure session is using HTTPS by displaying a lock icon and with HTTPS in the URL. HTTPS is encrypted with either SSL or TLS and it uses port 443.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: FTP (File Transfer Protocol)

A

FTP (File Transfer Protocol) uploads and downloads files to and from an FTP server. By default, FTP transmits data in clear text, making it easy for an attacker to capture and read FTP data with a sniffer or protocol analyzer. FTP active mode uses port 20 for data and port 21 for control signals. FTP passive mode uses port 21 for control signals and a random port for data. FTP uses TCP.

23
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: SFTP (Secure FTP)

A

SFTP (Secure FTP) is a secure implementation of FTP. It is an extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format. SFTP transmits data using port 22.

24
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: FTPS (FTP Secure)

A

FTPS (FTP Secure) is an extension of FTP and uses SSL or TLS to encrypt FTP traffic. Some implementations of FTPS use ports 989 and 990.

25
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: TFTP (Trivial File Transfer Protocol)

A

TFTP (Trivial File Transfer Protocol) uses UDP and is used to transfer smaller amounts of data, such as when communicating with network devices. Many attacks have used TFTP, but it is not an essential protocol and can often be disabled. TFTP uses UDP port 69. In contrast, FTP uses TCP ports 20 and 21.

26
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: Telnet

A

Telnet. Telnet is frequently used to connect to remote systems or network devices over a network. Telnet has a command line interface, and many administrators use Telnet to connect to routers and make configuration changes. Telnet transmits data in clear text, making it vulnerable to sniffing attacks, but you can use SSH to encrypt Telnet. Telnet uses port 23, or port 22 when encrypted with SSH.

27
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: SNMP (Simple Network Management Protocol)

A

SNMP (Simple Network Management Protocol) is used to monitor and manage network devices such as routers or switches. This includes using SNMP to modify the configuration of the devices or have network devices report status back to a central network management system. SNMP agents installed on devices send information to an SNMP manager via notifications known as traps (sometimes called device traps). The first version of SNMP had vulnerabilities, such as passing passwords across the network in clear text. SNMP v2 and SNMP v3 are much more secure. SNMP uses port 161.

28
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: DNS (Domain Name System)

A

DNS (Domain Name System) is a service that resolves host names to IP addresses on the Internet and internal networks. DNS servers host the DNS service and respond to DNS queries. DNS uses port 53.

29
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: NetBIOS (Network Basic Input/ Output System)

A

NetBIOS (Network Basic Input/ Output System) is a name resolution service for NetBIOS names on internal networks. In contrast, DNS resolves host names on the Internet and internal networks. NetBIOS also includes session services for both TCP and UDP communication. NetBIOS uses ports 137 through 139.

30
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: LDAP (Lightweight Directory Access Protocol)

A

LDAP (Lightweight Directory Access Protocol) is the language used to communicate with directories such as Microsoft’s Active Directory or Novell’s Netware Directory Services (NDS). LDAP provides a single location for object management and it uses port 389. LDAP can be encrypted with either TLS or SSL and uses port 636 when encrypted.

31
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: Kerberos

A

Kerberos. Kerberos (presented in chapter 1) is the authentication protocol used in Windows domains and some UNIX environments. It uses a KDC to issue time-stamped tickets. Kerberos uses port 88.

32
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: Microsoft’s SQL Server

A

Microsoft’s SQL Server. SQL server is a server application that hosts databases accessible from web servers and a wide array of applications. SQL server uses port 1433 by default.

33
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols: Remote Administration, Terminal Services, or Remote Desktop Services

A

Remote Administration, Terminal Services, or Remote Desktop Services. Remote administration allows a client to remotely access another system. Microsoft previously called this Terminal Services and then renamed it in Server 2008 R2 to Remote Desktop Services. Microsoft’s Remote Assistance allows one user to assist another user remotely. Microsoft’s Remote Desktop Protocol (RDP) allows an administrator to remotely administer servers from desktop computers. Terminal Services (and Remote Desktop Services) uses port 3389. Additionally, remote assistance uses the same protocol and port.

34
Q

Networking Concepts: Protocols- TCP/IP– Application Protocols– summary

A

HTTP and HTTPS use ports 80 and 443 and transmit data over the Internet in unencrypted and encrypted formats, respectively. FTP supports uploading and downloading files to and from an FTP server using ports 20 and 21. FTP uses TCP (ports 20 and 21) and TFTP uses UDP (ports 69). SFTP uses SSH to encrypt FTP traffic and uses port 22. FTPS uses SSL to encrypt FTP traffic.

Telnet is often used to connect to network devices (such as routers) to make configuration changes. It uses port 23 and sends data in clear text. You can encrypt Telnet traffic with SSH, and it uses port 22 when encrypted with SSH. SNMP monitors and manages network devices such as routers or switches, and SNMP agents report information via notifications known as SNMP traps (also called SNMP device traps).

NetBIOS is used on internal servers and uses ports 137– 139. Microsoft’s SQL Server hosts databases and uses port 1433. Remote Desktop Services uses port 3389. SMTP is used to send e-mail and it uses port 25.

35
Q

Networking Concepts: Protocols- TCP/IP– Email Protocols

A

Some common protocols used for e-mail include:

  • SMTP (Simple Mail Transport Protocol);
  • POP3 (Post Office Protocol v3);
  • IMAP4 (Internet Message Access Protocol).
36
Q

Networking Concepts: Protocols- TCP/IP– Email Protocols: SMTP (Simple Mail Transport Protocol)

A

SMTP (Simple Mail Transport Protocol) transfers e-mail between clients and SMTP servers, and between SMTP servers. SMTP uses port 25.

37
Q

Networking Concepts: Protocols- TCP/IP– Email Protocols: POP3 (Post Office Protocol v3)

A

POP3 (Post Office Protocol v3) transfers e-mails from servers down to clients. POP3 uses port 110.

38
Q

Networking Concepts: Protocols- TCP/IP– Email Protocols: IMAP4 (Internet Message Access Protocol)

A

IMAP4 (Internet Message Access Protocol) is used to store e-mail on an e-mail server. IMAP4 allows a user to organize and manage e-mail in folders on the server. IMAP4 uses port 143.

39
Q

Networking Concepts: Protocols- TCP/IP– Remote Access Protocols

A

Some common remote access and virtual private network (VPN) tunneling protocols include:

  • PPP (Point-to-Point Protocol);
  • IPsec;
  • PPTP (Point-to-Point Tunneling Protocol)
  • L2TP (Layer 2 Tunneling Protocol);
  • RADIUS (Remote Authentication Dial-In User Service);
  • TACACS/ XTACACS (Terminal Access Controller Access-Control System and Extended TACACS);
  • TACACS +.
40
Q

Networking Concepts: Protocols- TCP/IP– Remote Access Protocols

A

PPP (Point-to-Point Protocol) is used to create dial-up connections between a dial-up client and a remote access server, or between a dial-up client and an Internet Service Provider (ISP).

41
Q

Networking Concepts: Protocols- TCP/IP– Remote Access Protocols

A

IPsec. IPsec can be used as a remote access tunneling protocol to encrypt traffic going over the Internet. It uses the Internet Key Exchange (IKE) over port 500 to create a security association for the VPN.

42
Q

Networking Concepts: Protocols- TCP/IP– Remote Access Protocols

A

PPTP (Point-to-Point Tunneling Protocol) is a tunneling protocol used with VPNs that has some known vulnerabilities. PPTP uses TCP port 1723.

43
Q

Networking Concepts: Protocols- TCP/IP– Remote Access Protocols

A

L2TP (Layer 2 Tunneling Protocol) combines the strengths of Layer 2 Forwarding (L2F) and PPTP. L2TP is commonly used with IPsec for VPNs. Since NAT is not compatible with IPsec, L2TP/ IPsec can’t go through a device running NAT. L2TP uses UDP port 1701.

44
Q

Networking Concepts: Protocols- TCP/IP– Remote Access Protocols

A

RADIUS (Remote Authentication Dial-In User Service) provides central authentication to remote access clients. When an organization uses more than one remote access server, each remote access server can forward authentication requests to the central RADIUS server. RADIUS only encrypts passwords.

45
Q

Networking Concepts: Protocols- TCP/IP– Remote Access Protocols

A

TACACS/ XTACACS (Terminal Access Controller Access-Control System and Extended TACACS) are older network authentication protocols. TACACS is generic, and XTACACS is proprietary to Cisco. TACACS uses UDP port 49.

46
Q

Networking Concepts: Protocols- TCP/IP– Remote Access Protocols

A

TACACS +. TACACS + is used as an alternative over RADIUS. Cisco VPN concentrators use TACACS + and it encrypts the entire authentication process. It uses multiple challenge responses for authentication, authorization, and audit (AAA). TACACS + has wider uses including as an authentication service for network devices. TACACS + uses TCP port 49.

47
Q

Networking Concepts: Protocols- TCP/IP– Remote Access Protocols– summary

A

IPsec uses port 500 for IPsec VPN connections. RADIUS only encrypts the password in the authentication process. TACACS + encrypts the entire authentication process. TACACS + uses multiple challenge responses for authentication, authorization, and audit. TACACS + is also used as an authentication service for network devices. TACACS uses UDP and TACACS + uses TCP.

48
Q

Networking Concepts: Protocols- IPv4 vs IPv6

A

IPv6 addresses include 128 bits. IPv6 is expressed as eight groups of four hexadecimal characters (numbers and letters), such as this: FE80: 0000: 0000: 0000: 20D4: 3FF7: 003F:DE62.

Everyone will have enough addresses to assign IP addresses to their computers, TVs, mobile phones, refrigerators, coffee makers, toasters, and anything else they may want to control remotely.

IPv4 uses 32-bit IP addresses expressed in dotted decimal format. For example, the IPv4 IP address of 192.168.1.5 is four decimals separated by periods or dots. You can also express the address in binary form with 32 bits.

49
Q

Networking Concepts: Protocols- Subnetting

A

Subnetting divides a single range of IP addresses into several smaller ranges of IP addresses. This is often done to isolate traffic and increase efficiency.

As an example, you could have multiple users on a single Class C network. Some of the users may be running applications that stream audio and video across the network. A second group of users may regularly upload and download data via the Internet. A third group may upload and download files back and forth to servers on the network, and a fourth group could be users with just occasional access to the network. By subnetting a single Class C network into four smaller subnets, it isolates the traffic for each of these user groups. Imagine that the original Class C network is 192.168.1.0 with a subnet mask of 255.255.255.0. It could hold 254 host addresses (192.168.1.1 through 192.168.1.254). You can subnet this into four smaller subnets with each one using a subnet mask of 255.255.255.192 as follows:

  • Subnet 1. 192.168.1.1 through 192.168.1.62— use for streaming audio and video.
  • Subnet 2. 192.168.1.65 through 192.168.1.126— use for upload and download of files on the Internet.
  • Subnet 3. 192.168.1.129 through 192.168.1.190— use for upload and download of files to internal servers.
  • Subnet 4. 192.168.1.193 through 192.168.1.254— use for regular users. By dividing the network into the four subnets, you increase the efficiency by reducing collisions on each individual network. This effectively improves the performance of each subnet.
50
Q

Networking Concepts: Protocols- Subnetting and Availability

A

If a technician manually assigns a computer with an IP address outside of the subnet range, it loses availability. It will no longer be available on the network and it will lose availability to other resources on the network. While most computers aren’t assigned addresses manually, many servers are and misconfiguration of a server’s IP address has caused more than a few problems.

You should be able to identify the subnet of IP addresses and verify which IP addresses have the same subnet.

51
Q

Networking Concepts: Protocols- Calculating Subnet IP Addresses with a Calculator

A

Imagine that you have the same four IP addresses (192.168.1.50, 192.168.1.100, 192.168.1.165, 192.168.1.189) with a subnet mask of 255.255.255.192. The challenge is identifying which two are on the same subnet.

Imagine that the subnet mask is 255.255.255.224. Which of the four IP addresses are on the same subnet?

52
Q

Networking Concepts: Understanding and Identifying Ports

A

Ports are logical numbers used by TCP/ IP to identify what service or application should handle data received by a system. Both TCP and UDP use ports with a total of 65,536 TCP ports (0 to 65,535) and 65,536 UDP ports (0 to 65,535). Administrators open ports on firewalls and routers to allow the associated protocol into or out of a network. For example, HTTP uses port 80, and an administrator allows HTTP traffic by opening port 80.

Internet Assigned Numbers Authority (IANA) divided the ports into three ranges as follows:

  • Well-known Ports: 0-1023. IANA assigns port numbers to commonly used protocols in the well-known ports range.
  • Registered ports: 1024-49,151. IANA registers these ports for companies as a convenience to the IT community. A single company may register a port for a proprietary use, or multiple companies may use the same port for a specific standard. As an example, Microsoft’s SQL Server uses port 1433 for database servers, L2TP uses port 1701, and PPTP uses port 1723.
  • Dynamic and private ports: 49,152-65,535. These ports are available for use by any application. Applications commonly use these ports to temporally map an application to a port. These are also called ephemeral ports, indicating that they are short lived.

Port scanners will often simply check to see if a well-known port is open. For example, SMTP uses the well-known port 25, so if port 25 is open, the system is likely running SMTP.

IT personnel who regularly work with routers and firewalls can readily tell you what protocol is associated with which well-known port, such as 20, 21, 22, 23, 25, 80, or 443. The reason is that they use these ports to allow or block traffic.

For example, an administrator can close port 23 to block all Telnet traffic into a network. The router then ignores traffic on port 23 instead of forwarding it. Similarly, an administrator can close port 1433 to block database traffic to a Microsoft SQL Server. On the other hand, the administrator can open port 25 to allow SMTP traffic.

53
Q

Networking Concepts: Well-Known Ports

A

Well-Known Ports There are 1024 well-known ports, but you don’t need to know them all. However, at a minimum, you should know the ports listed:

  • 20: FTP data port;
  • 21: FTP control port;
  • 22: SFTP (using SSH);
  • 22: SSH, SCP;
  • 23: Telnet;
  • 25: SMTP;
  • 49: TACACS/ TACACS+;
  • 53: DNS;
  • 69: TFTP;
  • 80: HTTP;
  • 88: Kerberos;
  • 110: POP3;
  • 137-139: NetBIOS;
  • 143: IMAP4;
  • 161: SNMP;
  • 389: LDAP;
  • 443: HTTPS;
  • 500: IPsec (for VPN with IKE);
  • 636: LDAP/ TLS;
  • 1701: L2TP;
  • 1723: PPTP;
  • 3389: Terminal Services;
  • 3389: Remote Desktop Services.

Ports are commonly used to allow or block traffic on routers and firewalls. By blocking a port (such as port 23 for Telnet) at a network firewall, it blocks all traffic into the network using this port.

Many successful test takers memorize the ports in this table and write down the table as their very first action when they start the exam.

54
Q

TBD

A

TBD