Ports + Protocols Flashcards

1
Q

What ports does FTP use and what is it for?

A

20 (active mode) and 21 (control) - File Transfer Protocol is a generic way to transfer files between systems.

FTP authenticates with a username and password. It’s fully featured functionality allows you to list,add,delete files as you choose.

FTP isn’t secure - SFTP is because it uses SSH tcp/22 to encrypt files in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What protocol uses port tcp/22 and what does it do?

A

SSH - Secure Shell - is an encrypted way of communicating to a remote device from a console. E.g. SSH into a firewall device.

tcp/22 is also used for SFTP - Secure File Transfer Protocol via SSH encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What port does SFTP use and what is it for?

A

SECURE File Transfer Protocol is used to securely transfer files with encryption via SSH tcp/22.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What port is Telnet and what’s the problem with it?

A

Telnet udp/23 is a way of accessing remote devices but the connection is “in the clear”/unencrypted/unsecure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What protocol uses port tcp/587?

A

SMTP with TLS encryption uses port tcp/587 to SEND MAIL.

Simple Mail Transfer Protocol - server to server and client to server email transfers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the FOUR ports you can use to receive/retrieve emails from the server onto a client device?

A

tcp/143 - IMAP
tcp/993 - IMAPS (Secure)

tcp/110 - POP3
tcp/995 - POP3S (Secure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What ports does DNS use?

A

udp/53 or tcp/53 (for large transfers of one DNS server to another) - converts names to IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What ports does DHCP use?

A

udp/67 udp/68 are used for DHCP - Dynamic Host Control Protocol - automatic assignment of IP addresses/subnet masks from a pool with a lease time that renews at T1 (50%) and T2 (88%) of the lease time. If DHCP server can’t be contacted at either of those times then the device sends out for a new IP address across the network.

You can assign DHCP reservation to certain devices using their MAC address so that they always have the same IP address assigned to them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

TFTP port?

A

udp/69 ;) Trivial File Transfer Protocol - used for simple unsecure small file transfer like config. files at high speed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the two main web server communicating ports and protocols?

A

HTTP tcp/80 - web server communication.
HTTPS tcp/443 - encrypted web server communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What port/protocol manages time syncing across devices?

A

NTP udp/123 Network Time Protocol - precisely (within 1ms) syncs up the time across devices on a network. This is crucial for authentication information, usually happens a few times a day (the syncing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What ports does SNMP use?

A

udp161 for network device statistics and udp162 for traps/alerts - trigger when a statistic hits a pre-defined threshold.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which version of SNMP udp/161 uses Authentication and Encryption to send network statistics securely?

A

Version 3 of SNMP udp/161 uses encryption, authentication and message integrity checks to keep network statistics safe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What protocol uses port tcp/389 and what does it do?

A

LDAP tcp/389 - Lightweight Directory Access Protocol - stores/accesses/retrieves data from a network directory (e.g. Active Directory on Windows).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What port does LDAPS use?

A

tcp/636 is used by LDAPS - Lightweight Directory Access Protocol Secure - LDAP encrypted over SSL encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What port does SMB/CIFS use and what for?

A

Server Message Block/Common Internet File System - uses tcp/445 (NetBIOS-less) to share files/printers across Windows operating systems.

17
Q

What is a SIEM?

A

Security Information and Event Manager (SIEM) is a server that consolidates syslog files received across the network via port udp/514 syslog.

They need a lot of disk space!

18
Q

What port is commonly used to transfer syslog files across a network?

A

udp/514 SYSLOG - generally syslog files are sent to a SIEM for centralised consolidation and management.

19
Q

What port does Microsoft SQL use?

A

tcp/1433 - Structured Query Language (SQL) is sent via tcp/1433 for Microsoft Servers (MS-SQL).

20
Q

What is port tcp/3389 associated with?

A

RDP - tcp/3389.

21
Q

What’s ICMP?

A

Internet Control Message Protocol (ICMP) - send and receive requests to devices on the network to check they are connected and functional.

When TTL=0 an ICMP message “time exceeded” is sent to the source to let them know.

E.g. ping cmd uses ICMP.

22
Q

What is GRE? Does it have encryption by default?

A

Generic Routing Encapsulation (GRE) is the tunnel created between two endpoints that makes them appear as directly connected to each other.

No inherent/built-in encryption so should use a VPN concentrator (software or hardware) to encrypt and decrypt traffic at either end of the GRE tunnel via an encryption protocol such as IPSec.

23
Q

What is IPSec?

A

A standardised group/suite of Network (layer 3) protocols: Core protocols are Authentication Header (AH) and Encapsulation Security Payload (ESP)

24
Q

What is a Security Association?

A

SA - Security Association/Agreement - An agreement on what encryption/decryption keys are to be used between two endpoints when forming a tunnel. (The key isn’t sent across the network). This is called an Internet Key Exchange (IKE).

25
Q

What ports does the DORA process use and what is it for?

A

udp67/68 are used for the DORA process which is the four step setup process for DHCP for a new device connecting to a network.

26
Q

What are the four DORA steps in DHCP initialisation when a new device joins a network?

A

D=Discover - the new device sends out a broadcast to all devices on the subnet.
O=Offer - all DHCP servers that receive the broadcast will offer an IP address back to the device.
R=Request/accept - the device selects one of the offered IP addresses and responds to the DHCP server that offered it saying it wants to use it.
A=Acknowledgement - the DHCP sends confirmation back to the device saying its received the Request to use it’s IP address and sends any other relevant IP information along with the Acknowledgement of request.

27
Q

What router functionality/feature allows DHCP broadcasts to extend past the local subnet the new device is on? (e.g. can broadcast to other DHCP servers distributed around the network or centralised instead of just being able to reach the router in the current subnet)

A

DHCP relay = is the feature that allows DHCP broadcasts past the local subnet to reach other DHCP servers (e.g. for redundancy).

DHCP relay works by the router changing the destination broadcast address on the packet to the address of a DHCP server on its network and changes the source address to that of the router running the DHCP relay - in this way it becomes a middle man in the communication.

28
Q

What are DHCP options?

A

DHCP Options are special fields/vendor extensions within DHCP messages (254 set usable options provided they are supported by the DHCP server) that contain more information for devices such as:
-subnet mask
-HTTP proxy
-DNS Server - streamlines DNS lookups
-Static Route Option
-Domain Name for the network

This reduces the need for manual input and therefore manual input errors, DHCP options are configured on the DHCP server.

29
Q

What port do NTP servers listen on for updated time requests from devices on their network?

A

udp/123 is the port NTP servers listen on.

30
Q

What is PTP/Precision Time Protocol?

A

PTP - Precision Time Protocol = is a very precise (to the nanosecond/1 billionth of a second precision) specialised hardware-based time protocol used in financial trading and other areas that need very precise timings.

31
Q

What is the purpose of a VPN?

A

VPN = Virtual Private Network is a way of encrypting data sent across a public network for security.

32
Q

What is a Clientless VPN?

A

An in-browser VPN using HTML5 to support a web cryptography API, thus eliminating the need to install any client software. However, it’s generally limited to web based applications only.

33
Q

What’s the difference between full and split tunnel vpn?

A

Full tunnel VPN configuration is where ALL traffic is sent through the tunnel/is encrypted across public network.

Split tunnel config. has VPN traffic going through the tunnel securely but non-VPN traffic being sent normally. E.g. important info sent securely through the tunnel to your site but your funny gifs send separately directly to facebook servers (not routed via your site first).