Ports + Protocols

Question 1

What ports does FTP use and what is it for?

Answer 1

20 (active mode) and 21 (control) - File Transfer Protocol is a generic way to transfer files between systems.

FTP authenticates with a username and password. It’s fully featured functionality allows you to list,add,delete files as you choose.

FTP isn’t secure - SFTP is because it uses SSH tcp/22 to encrypt files in transit.

Question 2

What protocol uses port tcp/22 and what does it do?

Answer 2

SSH - Secure Shell - is an encrypted way of communicating to a remote device from a console. E.g. SSH into a firewall device.

tcp/22 is also used for SFTP - Secure File Transfer Protocol via SSH encryption.

Question 3

What port does SFTP use and what is it for?

Answer 3

SECURE File Transfer Protocol is used to securely transfer files with encryption via SSH tcp/22.

Question 4

What port is Telnet and what’s the problem with it?

Answer 4

Telnet udp/23 is a way of accessing remote devices but the connection is “in the clear”/unencrypted/unsecure.

Question 5

What protocol uses port tcp/587?

Answer 5

SMTP with TLS encryption uses port tcp/587 to SEND MAIL.

Simple Mail Transfer Protocol - server to server and client to server email transfers.

Question 6

What are the FOUR ports you can use to receive/retrieve emails from the server onto a client device?

Answer 6

tcp/143 - IMAP
tcp/993 - IMAPS (Secure)

tcp/110 - POP3
tcp/995 - POP3S (Secure)

Question 7

What ports does DNS use?

Answer 7

udp/53 or tcp/53 (for large transfers of one DNS server to another) - converts names to IP addresses

Question 8

What ports does DHCP use?

Answer 8

udp/67 udp/68 are used for DHCP - Dynamic Host Control Protocol - automatic assignment of IP addresses/subnet masks from a pool with a lease time that renews at T1 (50%) and T2 (88%) of the lease time. If DHCP server can’t be contacted at either of those times then the device sends out for a new IP address across the network.

You can assign DHCP reservation to certain devices using their MAC address so that they always have the same IP address assigned to them.

Question 9

TFTP port?

Answer 9

udp/69 ;) Trivial File Transfer Protocol - used for simple unsecure small file transfer like config. files at high speed.

Question 10

What are the two main web server communicating ports and protocols?

Answer 10

HTTP tcp/80 - web server communication.
HTTPS tcp/443 - encrypted web server communication.

Question 11

What port/protocol manages time syncing across devices?

Answer 11

NTP udp/123 Network Time Protocol - precisely (within 1ms) syncs up the time across devices on a network. This is crucial for authentication information, usually happens a few times a day (the syncing)

Question 12

What ports does SNMP use?

Answer 12

udp161 for network device statistics and udp162 for traps/alerts - trigger when a statistic hits a pre-defined threshold.

Question 13

Which version of SNMP udp/161 uses Authentication and Encryption to send network statistics securely?

Answer 13

Version 3 of SNMP udp/161 uses encryption, authentication and message integrity checks to keep network statistics safe.

Question 14

What protocol uses port tcp/389 and what does it do?

Answer 14

LDAP tcp/389 - Lightweight Directory Access Protocol - stores/accesses/retrieves data from a network directory (e.g. Active Directory on Windows).

Question 15

What port does LDAPS use?

Answer 15

tcp/636 is used by LDAPS - Lightweight Directory Access Protocol Secure - LDAP encrypted over SSL encryption.

Question 16

What port does SMB/CIFS use and what for?

Answer 16

Server Message Block/Common Internet File System - uses tcp/445 (NetBIOS-less) to share files/printers across Windows operating systems.

Question 17

What is a SIEM?

Answer 17

Security Information and Event Manager (SIEM) is a server that consolidates syslog files received across the network via port udp/514 syslog.

They need a lot of disk space!

Question 18

What port is commonly used to transfer syslog files across a network?

Answer 18

udp/514 SYSLOG - generally syslog files are sent to a SIEM for centralised consolidation and management.

Question 19

What port does Microsoft SQL use?

Answer 19

tcp/1433 - Structured Query Language (SQL) is sent via tcp/1433 for Microsoft Servers (MS-SQL).

Question 20

What is port tcp/3389 associated with?

Answer 20

RDP - tcp/3389.

Question 21

What’s ICMP?

Answer 21

Internet Control Message Protocol (ICMP) - send and receive requests to devices on the network to check they are connected and functional.

When TTL=0 an ICMP message “time exceeded” is sent to the source to let them know.

E.g. ping cmd uses ICMP.

Question 22

What is GRE? Does it have encryption by default?

Answer 22

Generic Routing Encapsulation (GRE) is the tunnel created between two endpoints that makes them appear as directly connected to each other.

No inherent/built-in encryption so should use a VPN concentrator (software or hardware) to encrypt and decrypt traffic at either end of the GRE tunnel via an encryption protocol such as IPSec.

Question 23

What is IPSec?

Answer 23

A standardised group/suite of Network (layer 3) protocols: Core protocols are Authentication Header (AH) and Encapsulation Security Payload (ESP)

Question 24

What is a Security Association?

Answer 24

SA - Security Association/Agreement - An agreement on what encryption/decryption keys are to be used between two endpoints when forming a tunnel. (The key isn’t sent across the network). This is called an Internet Key Exchange (IKE).