Navigating the Network: A Cybersecurity Enthusiast’s Guide to Essential Ports and Protocols
It’s yet another exciting series where I share my journey towards becoming a better cybersecurity enthusiast. In this particular episode, we delve into the world of network security basics. These are fundamental for anyone who wants to succeed in the cybersecurity field.
As we all know, one of the biggest challenges in cybersecurity is that computers are all connected through networks, making it easy for viruses and other threats to move rapidly through them. In this series, we explore this issue in depth, opening our eyes to the vulnerabilities that exist in TCP/IP.
Improperly implemented TCP/IP stacks in various operating systems are vulnerable to various attacks such as DOS/DDOS (Denial of Service/Distributed Denial of Service Attacks), fragment attacks, oversized packet attacks, spoofing attacks, and man-in-the-middle attacks. TCP/IP, like most protocols, is also subject to passive attacks via monitoring or sniffing. Network monitoring, or sniffing, is the act of monitoring traffic patterns to obtain information about a network.
To understand TCP/IP better, we need to understand logical ports. When two systems establish a communication connection, they use ports.
A logical port, also known as a socket, is a little more than an address number that links both ends of a communication link agreed to use when transferring data. Ports allow a single IP address to support multiple simultaneous communications, each using a different port number. For example, web traffic (or HTTP) is port 80, while secure web traffic (or HTTPS) is port 443. Sometimes, several cases, a service (or protocol), may have two ports assigned, one secure and one insecure.
Let’s consider the following ports:
- FTP (File Transfer Protocol) = 21 and SFTP (Secure File Transfer Protocol) = 22: FTP is an insecure port while SFTP is a secure and encrypted version.
- TELNET = 23 and SSH = 22* TELNET is insecure while SSH (Secure Shell) is highly recommended.
- SMTP = 25 while its alternative on port 587 is more secure, using Transport Layer Security (TLS).
- TIME = 37 and NTP = 123: Network Time Protocol (NTP) is more secure.
- DNS = 53, DOT = 853: DNS (Domain Name System) is still widely used, but DOT (Domain Name System over TLS) is more secure.
- HTTP = 80, HTTPS = 443: HTTP (Hyper Text Transport Protocol) on port 80 is not encrypted, while HTTPS (Hyper Text Transport Protocol Secure) is much more secure.
- IMAP = 143, IMAP over SSL/TLS = 993: IMAP over SSL/TLS is more secure.
- SNMP = 161/162: SNMP (Simple Network Management Protocol) has no definitive secure and insecure pairing. Additional context will be needed to determine if information on ports 161 and 162 is secured or not.
- SMB = 445 and NFS = 2049: SMB (Server Message Block) is less secure than NFS (Network File System).
- LDAP (Lightweight Directory Access Protocol) on port 389 is less secure than LDAPS (Lightweight Directory Access Protocol Secure) on 636.
It’s essential to know and familiarize yourself with these ports if you want to progress in the cybersecurity field. Thank you for joining me on this journey. Till we meet again, keep learning!