Protocols and Ports Flashcards
The purpose of this lesson is to introduce you to what ports and services are, and some common protocols and services that you should become familiar with for general IT, networking, and cybersecurity usage.
What are Ports and Services
In computer networking, a port is a communication endpoint. At the software level, a port identifies a specific process or a type of network service. The port numbers are divided into three ranges; well-known ports, registered ports, and private ports.
Well-known ports range from 0 to 1023. This is where some of the most common ports are, such as FTP, SSH, DNS, and HTTPS. We will cover more of these below.
Registered ports range from 1024 to 49151.
Private ports range from 49152 to 65535. These are typically used for “ephemeral” ports, which is the name given to the source port used by a client in a server-client communication. For example, if we’re connecting to a web server on port 443 HTTPS (destination port) then our source port would be a random port between 49152 to 65535.
Now let’s jump into some of the most common and important ports and services. You can find a complete list of ports here.
Port 20, 21 - File Transfer Protocol (FTP)
This protocol is used to transfer files between systems, where users can connect to an FTP product and can view, upload, or download them. An example of usage would be a company using a server for file storage, where employees can connect in via FTP and retrieve files. FTP is extremely insecure as the communication is in clear text, including the username and password used, which can easily be captured by attackers that are listening to network traffic.
Port 22 - Secure Shell (SSH)
SSH allows users to connect to a remote host, such as a server if they have SSH open. This channel is encrypted, so any data moved between two connected systems will not be clearly visible. An example of usage would be an IT technician using SSH to connect to a server from their desktop to carry out maintenance.
Port 23 - Telnet
This service was used before SSH and offers the same functionality, however, Telnet does not use encryption, so the traffic can be captured and read by an attacker. Telnet should not be used due to this weakness, and SSH should always be implemented instead.
Port 25 - Simple Mail Transfer Protocol (SMTP)
This protocol is used to send emails between servers within the network, or to external networks, such as over the internet. This is just a transport method, to actually download and view emails you need to use an email client and the protocol POP or IMAP.
Port 53 - Domain Name System (DNS)
DNS operates on TCP and UDP ports 53 and uses relational databases to convert human-readable hostnames and domain names (such as Google.com) into their respective IP addresses so that communications can be sent to and from these hosts. The reason we use domain names is that they’re easy to remember. You remember securityblue.team, but you probably won’t remember 3.9.68.12!
Port 67, 68 - Dynamic Host Configuration Protocol (DHCP)
DHCP is designed to assign IP address-related information to any hosts on the network automatically, such as the subnet mask and IP address. When you connect your phone to your network, it is assigned an IP on the network because of the dynamic host configuration protocol. DHCP uses 2 ports; UDP port 67 and UDP port 68.
Port 80 - Hypertext Transfer Protocol (HTTP)
HTTP allows clients (browsers such as Chrome and Firefox) to connect to web servers and request content, which appears in the form of file downloads, web pages, and streaming services. So if you want to view the securityblue.team homepage, your browser will make an HTTP request to our web server, requesting to download the HTML web page. The server will respond with a 200 status code (which means “OK”, it has been successful) and then send the HTML page to the client, so you can view it on your screen. As HTTP is not encrypted, it is possible to conduct sniffing attacks and see cleartext data as it is transmitted between the client and the server, such as passwords.
Port 443 - Hypertext Transfer Protocol Secure (HTTPS)
HTTPS is a secure version of HTTP and has the same functionality of retrieving content from web servers. However, the difference between the two is that HTTPS uses encryption to protect the transfer of data between a web server and a client. How do you turn HTTP into HTTPS? You need to use Transport Layer Security (TLS) formerly known as Secure Socket Layer (SSL). Sites that use HTTPS are less susceptible to man-in-the-middle and sniffing attacks.
Port 514 - Syslog (UDP)
A Syslog server will have port 514 open and listening for incoming Syslog notifications, transported by UDP protocol packets. These packets are generated by remote systems that have been set up to forward Syslog information to the server. This is typically used to send information about IT systems to a SIEM platform so that devices can be monitored for security events or issues.
Risk
Simply put, a risk is the possibility of a negative impact on practically anything i.e., business, financial, security, there are many areas where risk may reside. A vulnerability is a weakness that can be exploited by a threat. Vulnerabilities can be managed whereas a threat cannot. Management of risk is done by applying controls to bring the risk to an acceptable level. Risk can be at different levels in an organization, from a single piece of equipment to a whole department or division.
The likelihood that a threat will exploit a vulnerability depends on the existence of the threat, the vulnerability, and how effective the controls in place are.
Risk Assessments
Risk assessments are conducted to identify and determine the impacts of risk, the likelihood and the consequences should a risk materialize. These can help organizations make informed decisions based on the outcome of the assessment. Some risk assessments are required by law and so risk assessments are carried out to comply with these laws and regulations.
For example, there is a risk of a corporate laptop being lost by an employee, the likelihood is the probability it will occur and the consequence/impact is equipment & data loss. A risk assessment highlights this and enables mitigation to be put in place to prevent the consequence from ever materializing.
Conducting an Assessment
There are various ways risk assessments are carried out, but the basic steps are below:
Identifying potential hazards
Identifying who might be harmed by those hazards
Evaluating risk (severity and likelihood) and establishing suitable precautions
Implementing controls and recording your findings
Review your assessment and re-assessing if necessary.
Risk assessments should be dynamic to be effective, they should be periodically reviewed and updated. In the world of cybersecurity, things are always changing at a fast pace and so should a risk assessment change with the risks.
Managing Risk
Risk can be managed in four different ways depending on the organization’s risk appetite or objectives.
Policies and Procedures
This lesson will cover what policies and procedures are, why they’re used, and provide some examples so you can become familiar with these administrative security controls and management concepts. Policies and procedures are an extremely important part of cybersecurity and are used every single day, helping to reduce threats by stating what employees can and can’t do and providing documentation on how activities should be conducted.
Policies
A policy is a plan of intent or course of action towards a particular domain. This could be a country’s attitude towards an issue or a business’s plan of responsibility. Policies guide actions in many ways. Some policies are laws or regulations whereas some are principles, direction, or guidelines. They range in complexity, from home to office and government. Policies are at the highest level, followed by procedures and standards, and then guidelines.
Why are they used?
A policy outlines rules and provides principles that guide the actions to be taken, it will set out roles and responsibilities that can be accountable.
You have followed policies all your life and may never have thought of it. For example, “No TV until homework is done” or “bedtime at 8 pm”, are policies commonly laid down by parents. These are simple and easy to understand; consequences may include loss of TV privileges or no treats. Policies laid down in business and government will be more complex and have more serious consequences. For example, an insurance policy is a very detailed agreement between you and the insurance provider.
Policies may also be a collection of policies, and IT Security policy will have other policies pertaining to it. Any new employee will be expected to, read, and sign an acceptable use policy to use company assets. It may also include a policy on the use of personal devices. Knowing and understanding an organization’s policy is vital to operations, most companies will have many policies. A good practice is to have a detailed knowledge of the policies relevant to your roles and responsibilities, but to be aware of other policies and know where to seek guidance on them as they are often interlinked.
Common Policy Examples
Acceptable Use Policy (AUP)
This is a document that stipulates what a user can and cannot do on a corporate, university, or internet service provider (ISP) network and /or internet access. The user agrees to the terms laid out by the policy to gain access to the network. A code of conduct governs the behavior of the user while using the network/internet provided to them; such as no social media or adult content. These policies should outline the consequences in case a user violates this agreement, for example, loss of internet privileges or suspension of the account.
Service Level Agreement (SLA)
A service level agreement lays out a set level of commitment between a service provider and a customer. For example, an internet service provider or cloud provider will have included a service level agreement when you take out their services. This will dictate; the services provided, performance levels, resolution response times, and repercussions if the service is not provided.
Bring Your Own Device (BYOD)
This is a policy that outlines the usage of a personally owned device on a corporate network, such as a laptop or mobile phone.
Memorandum of Understanding (MOU)
A Memorandum of Understanding is a document that formally outlines an agreement between two or more parties but, is not legally binding. An MOU is usually a sign that a binding contract is imminent.
Standard Operating Procedures
A standard operating procedure is a step-by-step set of instructions developed for a routine task. They provide specific technical processes and techniques used to complete a set task. This ensures tasks are performed effectively and efficiently while reducing errors, miscommunication, and failure to comply with regulations. If all members of a team or organization use the same SOP this creates uniformity within the organization. An SOP can be written for almost any task and is periodically reviewed and developed. Any SOP should be tested prior to being put into practice. Once in practice, they should be easily accessible throughout the organization.
Standard operating procedures may have local or branch variations. This could be to comply with regulations in different areas such as state laws in the US; or when including specific establishments that are local to your branch or office, potentially a local distributor. These variations do not distract from the set of instructions being used; they are the standard in your environment. You may often find a head office will set the policy, but your local management will design the SOP. Good SOPs are designed with input from those using them to give a complete picture of the tasks they are outlining.
