CompTIA Security+ Rapid Review: Network Security

Objective 1.5: Identify commonly used default network ports

In this exam Objective, you might be tested on what applications use specific ports. You do not need to memorize all 65,000 potential ports for the exam, but you will need to know common ports and protocols.

Exam need to know…

• FTP uses port 21 for command and control

  For example: Do you know that FTP sends information in the clear?

• SFTP uses TCP as a transport protocol

  For example: Do you know that SFTP is a secure version of FTP?

• TFTP used UDP as a transport

  For example: Do you know that TFTP does not use a user name or password?

• Telnet is considered an antiquated protocol

  For example: Do you know that Telnet is not considered secure?

• SSH is a secure version of the Berkeley “r” utilities

  For example: Do you know that SSH is a good replacement for Telnet?

• NetBIOS can use several ports for communication and use both TCP and UDP as a transport protocol

  For example: Do you know that common NetBIOS ports include 135 and 139?

FTP

FTP uses TCP as a transport. It makes a connection on port 21 and moves data on port 20. Security administrators should carefully configure FTP servers that allow anonymous access. Many FTP servers have anonymous FTP enabled; thus, to limit access to authenticated users only, it must be specifically disabled.

One basic security control is blind FTP. This capability means that when files are uploaded, they are unreadable by visitors. Even if a user knows the exact pathname and name of a file, reading or downloading it is not possible. This helps to add some level of security to an FTP site.

True or false? FTP is an acceptable protocol and found on many networks.

Answer: False. FTP is considered antiquated in that it sends information via clear text. It should be replaced with more secure protocols such as SSH.

SFTP

SFTP is a secure version of FTP that uses TCP port 22.

True or false? SFTP uses port 22 by default.

Answer: True. There are about 65,000 ports. Well-known services use default ports, and the default port for SFTP is TCP port 22.

FTPS

FTPS is another secure version of FTP. It makes use of SSL. FTP over SSL uses TCP port 990 for control and TCP port 989 for data communication.

True or false? SFTP uses port 20 and 21.

Answer: False. SFTP does not use the same ports and FTP. It uses ports 989 and 990.

TFTP

Trivial FTP (TFTP) is a stripped down version of FTP that requires no user name and password and offers no security. TFTP does not provide file listings or information as to what is in remote folders. TFTP is still widely used for router configurations. It uses UDP port 69.

True or false? TFTP can be secured by setting a strong user name and password.

Answer: False. TFTP does not use a user name and password; it is not considered secure.

TELNET

Telnet is another antiquated protocol. It functions as a TCP service that operates on port 23. Telnet enables a client at one site to establish a session with a host at another site. The program passes the information typed at the client’s keyboard to the host computer system. Although Telnet can be configured to allow anonymous connections, it should be configured to require user names and passwords. Unfortunately, even then, Telnet sends them in clear text. When a user is logged on, he can perform any allowed task. Applications such as SSH should be considered as a replacement.

True or false? Telnet uses UDP port 23.

Answer: False. Telnet uses TCP port 23.

HTTP

HTTP is a TCP service that operates on TCP port 80. This is one of the most well-known applications. HTTP has helped make the web the popular protocol that it is today. The HTTP connection model is known as a stateless connection. HTTP uses a request response protocol in which a client sends a request and a server sends a response. Attacks that exploit HTTP can target the server, browser, or scripts that run on the browser.

True or false? HTTP provides basic protection for sensitive data.

Answer: False. HTTP sends information in clear text and is not suitable for sensitive data. In those situations, HTTPS should be used.

HTTPS

HTTPS uses TCP port 443 or TCP port 80 in some configurations of TLS.

True or false? HTTPS uses TCP for communication.

Answer: True. HTTPS uses TCP for a transport protocol.

SCP

SCP is another secure alternative to FTP. It uses TCP port 22.

True or false? Both FTP and SCP use the same ports.

Answer: False. FTP uses port 20 and 21; SCP uses port 22.

SSH

SSH uses TCP port 22.

True or false? SSH was originally designed as a replacement to Telnet.

Answer: False. SSH was originally designed as a replacement to the Berkeley “r” utilities.

NetBIOS

Network Basic Input/Output System (NetBIOS) allows applications on separate systems to communicate over a LAN. There are several components to NetBIOS. NBT (NetBIOS over TCP/IP) uses UDP port 137; NetBIOS Session service uses TCP port 139; and NetBIOS Datagram service uses UDP port 138. The NetBIOS name is up to 16 characters long, and in Windows, it is separate from the computer name. This name is used to identify the computer.

True or false? NetBIOS is comprised of three distinct services.

Answer: True. There are several components to NetBIOS. NBT (NetBIOS over TCP/IP) uses UDP port 137, NetBIOS Session service uses TCP port 139, and NetBIOS Datagram service uses UDP port 138.

Can you answer these questions?

You can find the answers to these questions at the end of this chapter.

1. What port does FTP use for data exchange?

2. You have used a port scanning tool to scan a network host. You have found port 22 open on a Linux server. What program typically uses this port?

3. What protocol does TFTP use?

4. You have been asked to open up a port on the firewall to let HTTP traffic in. What port and protocol should you configure?

5. You have been asked to open port 443 on the firewall; what application uses this port?