As the firewall administrator, Claire notices a rule that permits traffic to tcp ports 20 and 21 on a range of internal servers. What is the MOST likely reason Claire would have to be suspicious of this rule
-
FTP servers should all be replaced with SFTP servers
-
There should be one specific firewall rule for each FTP server
-
FTP is deprecated and should be replaced by TFTP
-
It is uncommon to have more than one FTP server(Correct)
Explanation
A small analogy before a formal definition, is always good for better and easy understanding. Agree?
So, suppose that I baked a cake for my friend and send my younger brother to deliver it to her house. For this, he first opens the door of my house, comes out and then takes the route following the address of her house. Again, the door of her house has to be opened before the cake can reach her and she can taste it.
But wait, outside the house, he finds two main doors (one leading to her tenant section), one red and one blue. So, which one is he supposed to knock to reach her directly? How to identify the correct door? If the address given also specified the door colour or a number, it would have been much easier to locate her without possibly bumping into her tenants, right?
Now, we come to Networking scenario.
Here, the houses are analogous to the computers. Me and my friend are analogous to the processes (applications/programs) running on computers. The cake is the message or file that needs to be transferred. My younger brother is the TCP or UDP connection between the two computers using network. The doors are analogous to sockets which are interfaces between application and transport layer in a host. It is important to knock the correct door (socket) for the right delivery of the message.
IP address has been used to reach the destination computer. But now, how to identify the correct socket to reach the destined process? For this, the sockets are assigned special numbers called “Port Numbers” , which help to identify the exact sender and receiver processes (applications/ programs). So, along with IP address, port numbers are also provided and both of these work together to locate the destination computer and then the destined process.
If we look at the TCP and UDP segment structures, we can easily find the “source port number” and “destination port number” fields right at the top of the structures. Port numbers are associated with TCP/IP connections and mainly help in Multiplexing and Demultiplexing data.
For a formal definition, we can say,
“ A port number is the logical address of each application or process that helps in identifying the sender and receiver processes of messages.”
Each port number is a 16-bit number ranging from 0 to 65535.
Well-known Port Numbers :- Port Numbers reserved for use by some popular application protocols.
Example- HTTP has port number 80. FTP has port number 21.
Ephemeral Port Number:- Port numbers assigned temporarily for the duration of its use.
Hope it helps
We’ve included a basic summary of each protocol so you can quickly identify the key features.
| Layer 7 Application | Port Number | Use |
| File Transfer Protocol (FTP) | 20/21 | Port 21 is the control port while port 20 is used to transfer files. |
| Secure Shell (SSH) | 22 | Designed to transmit data through a remote connection. |
| SSH File Transfer Protocol | 22 | A completely separate protocol from FTP (it is not compliant with FTP servers) that uses SSH to encrypt file transfers. |
| TACACS+ | 49 | Cisco proprietary protocol used for authentication, authorization, and accounting (AAA) services |
| Domain Name System (DNS) | 53 | Used to associate IP addresses with domain names |
| Dynamic Host Configuration Protocol (DHCP) | 67/68 | This network management protocol is used to assign local IP addresses to devices on a network. It is used to create multiple private IP addresses from one public IPv4 address. |
| Hypertext Transfer Protocol (HTTP) | 80 | Protocol used for websites and most internet traffic. |
| Kerberos | 88 | Network authentication protocol that allows for communication over a non-secure network. |
| Post Office Protocol (POP) | 110 | E-mail protocol that allows e-mail clients to communicate with e-mail servers. POP provides only one-way communication. |
| Internet Message Access Protocol (IMAP) | 143, 993 | E-mail protocol used by e-mail clients to communicate with e-mail servers. Provides two way communication unlike POP. |
| Simple Network Management Protocol (SNMP) | 161/162 | Protocol used to monitor and manage network devices on IP networks. |
| Lightweight Directory Access Protocol (LDAP) | 389 | Used to manage and communicate with directories. |
| Hypertext Transfer Protocol Secure (HTTPS) | 443 | Secure version of HTTP that used TLS for encryption. Most websites use HTTPS instead of HTTP. |
| Lightweight Directory Access Protocol Secure (LDAPS) | 636 | Secure version of LDAP that uses TLS for encryption. |
| File Transfer Protocol Secure (FTPS) | 989/990 | FTPS uses TLS for encryption. It can run on ports 20/21 but is sometimes allocated to ports 989/990. |
| Internet Message Access Protocol Secure (IMAPS) | 993 | Secure version of IMAP that uses TLS for encryption. |
| Post Office Protocol 3 Secure (POP3S) | 995 | Secure version of POP that uses TLS for encryption. |
| Remote Authentication Dial-In User Service (RADIUS) | 1812, 1813 | Used to provide AAA for network services |
| Diameter | 3868 | Developed as an upgrade to Radius |
| Secure Real Time Protocol (SRTP) | 5004 | SRTP replaced RTP and is a protocol used to stream audio and video communication using UDP. |
| Layer 5 Session Layer | Port Number | Use |
| Layer 2 Tunneling Protocol (L2TP) | 1701 | Used to create point to point connections, like VPNs over a UDP connection. Needs IPSec for encryption. Designed as an extension to PPTP. Operates at the data link layer but encapsulates packets at the session layer. |
| Layer 4 Transport | Port Number | Use |
| Transmission Control Protocol (TCP) | N/A | One of two main protocols of the Internet Protocol (IP) suite used to transmit data over an IP network. TCP provides error checking to ensure packets are not lost in transit. |
| User Datagram Protocol (UDP) | N/A | The second main protocol in the IP suite that transmits datagrams in a best effort method. UDP does not include error checking. |
| Point to Point Tunneling Protocol (PPTP) | 1723 | Based on PPP. Deprecated protocol for VPNs. |
| Remote Desktop Protocol | 3389 | Windows proprietary protocol that provides a remote connection between two computers. |
| Layer 2 Data Link Layer | Port Number | Use |
| Point to Point Tunneling Protocol | 1723 | Based on PPP. Deprecated protocol for VPNs. |
Of course, the ports and protocols are only one of the many topics you’ll need to know to ace your Security+ exam. With our self-paced and instructor-led training, you’ll gain hands on experience with the networking and security tools tested on the exam!
Right now, your computer has 65535 potential ports to use over the internet. What’s a port, right?
Think of a port, like a porthole in a ship. It is a window or point of access to a specific place. You can redirect them in a router, take something sent to one port and alter the path to another. POP3 email programs, like Outlook or Thunderbird, send and receive email through specific ports…. 110 and 995 for receiving email, ports 25, 2525, and 443 for sending email, and ports 143 and 993 for connecting to IMAP servers. VNC servers typically accept connections on 5900, while pushing the java client on port 5800.
Your web browser works on port 80. Port 8080 is typically used for a personally hosted web server, when the ISP restricts this type of usage for non-commercial customers. If you were going to host your own website from your computer, you would prefer to be able to do so on port 80, since this would mean that anyone connecting to your computer wouldn’t have to add a port number to the end of the WWW address you paid for. They could just connect to it, or to your specific IP address, and they’d have the website visible in their browser, while being served from your desktop or laptop.
Some ISPs want to avoid people paying for a cheaper home connection, but using it for commercial webservice. So, they restrict access on port 80. To get around this, you can use whatever port you like. You could use port 12345 if you wanted to. Port 8080 is the just the default second choice for a webserver.
