Ports

Question 1

Port 21

Answer 1

File Transfer Protocol (FTP) - send username and password using plaintext from the client to the server

Question 2

Port 23

Answer 2

Telnet- used by many Linux systems as basic text-based terminal
All information to/from host on telnet connection is sent in plaintext and can be intercepted by an attacker

Question 3

Secure File Transfer Protocol (SFTP)

Answer 3

Port 22- secure alternative using encryption to protect user credentials and packets of data being transferred

Question 4

Secure Shell (SSH)

Answer 4

Port 22- Uses encryption to ensure traffic between the host and terminal is not sent in plaintext format

Question 5

Port 25

Answer 5

Simple Mail Transfer Protocol (SMTP)- default unencrypted port for sending email addresses

Question 5

Port 37

Answer 5

Time Protocol- may be used by legacy equipment. Used for time.

Question 6

Port 587

Answer 6

Secure alternative for SMTP is Transport Layer Security (TLS) which will encrypt data between mail client and mail server

Question 7

Port 123

Answer 7

Network Time Protocol (NTP)- mostly replaced Time Protocol by offering better error handing capabilities, reducing likelihood of unexpected errors, a widely used Internet protocol that synchronizes computer clocks across a network, ensuring accurate timekeeping for various applications and services

Question 8

Port 53

Answer 8

Domain Name Service (DNS)- still widely used. Acts as the internet’s “phone book”, translating human-friendly domain names (like google.com) into numerical IP addresses (like 192.0.2.1) that computers use to communicate

Question 9

Port 853

Answer 9

DNS over TLS (DoT) protects DNS information from being modified in transit

Question 10

Port 80

Answer 10

HyperText Transfer Protocol (HTTP)- basis of nearly all web browser traffic on the internet. Information sent via HTTP not encrypted.
HTTPS using TLS encryption is preferred because it protects data in transit between server and browser. (often notated as SSL/TLS)

Question 11

Secure Sockets Layer (SSL)

Answer 11

has been compromised and is no longer considered secure

Question 12

Transport Layer Security (TLS)

Answer 12

is now recommended that web servers and clients use Transport Layer Security (TLS) 1.3 or higher for the best protection
TLS is a cryptographic protocol that ensures secure communication between a client and a server over a computer network, protecting data transmitted from eavesdropping and tampering.

Question 13

Port 143

Answer 13

Internet Message Access Protocol (IMAP)- protocol used for retrieving emails. Traffic is not encrypted and is susceptible to network sniffing.

Question 14

Port 161 and 162

Answer 14

Simple Network Management Protocol (SNMP) version 2 or 3- recommended to include encryption and additional security features
SNMP is a protocol for monitoring and managing network devices, facilitating the exchange of information between network devices and management systems

Question 15

Port 445

Answer 15

Server Message Block (SMB)- used by many versions of Windows for accessing files over the network. network communication protocol enabling computers to share files, printers, serial ports, and other resources over a network. Files are transmitted UNENCRYPTED and many vulnerabilities are well known. Recommended traffic on port 445 should not be allowed to pass through a firewall at the network perimeter

Question 16

Port 2049

Answer 16

Network File System (NFS)- More secure alternative to Secure Message Block (SMB) port 445. It is recommended that NFS not be allowed through firewalls.

Question 17

Port 389- Lightweight Directory Access Protocol (LDAP)

Answer 17

Lightweight Directory Access Protocol (LDAP)- Used to communicate directory information from servers to clients.
This can be an address book for email or usernames for login. The LDAP protocol also allow records in the directory to be updated, which includes additional risk. LDAP is not encrypted, making it susceptible to sniffing and manipulation attacks.

Question 18

Three way handshake

Answer 18

A system for synchronizing and acknowledging any request, used to establish a TCP connection between 2 devices

Question 19

SYN/ACK

Answer 19

web server replies to the SYN packet with an acknowledgement known as SYN/ACK

Question 20

Synchronization (SYN) packets

Answer 20

to establish communications on a web server, to the web server’s port 80 or 443

Question 21

Acknowledgement (ACK)

Answer 21

Client acknowledges connection with an acknowledgement (ACK)
At this point, the basic connection is established and client and host will further negotiate secure communications over that connection.