WHAT IS A PORT
Ports: are logical numbers used by Transmission Commission
Protocol / Internet Protocol (TCP/IP) to identify what service or application
should handle data received by a system.
HOW THE PORT WORKS
Imagine that you decide to visit
the web site (https:toddlershaven.com) using your web browser so you type the
URL into the browser, and the web page appears. Here are the details of what is
happening. The following text explains the process.
CLIENT
PORTS
TCP/IP works with the client operating system to maintain a table of client-side ports. This table associates port numbers with different applications that are expecting return traffic. Client-side ports start at port 49,152 and increment up to 65,535. If the system uses all the ports between
49,152 and 65,535 before being
rebooted, it’ll start over at 49,152.
When you use your web browser to
request a page from a site, your system will record an unused client port
number such as 49,152 in an internal table to handle the return traffic. When
the web server returns the web page, it includes the client port as a
destination port. When the client receives web page packets with a destination
port of 49,152, it sends these packets to the web browser application. The
browser processes the packets and displays the page.
SERVER
PORTS
Different protocols are enabled
and running on a server. These protocols have well known or registered port
numbers, such as port 22 for SSH, 25 for SMTP, 80 for HTTP, 443 for HTTPS, and so
on. When the system receives traffic with a destination of port 80, the system knows
to send it to the service handling HTTP.
Any web browser knows that the
well-known port for HTTP is 80. Even though you don’t see port 80 in the URL, it
is implied as http://GetCertifiedGetAhead.com:80. If you omit the port number,
HTTP uses the well-known port number of 80 by default.
Popular web servers on the Internet
include Apache and Internet Information Services (IIS). Apache is free and runs
on UNIX or Linux systems. Apache can also run on other platforms, such as
Microsoft systems.
IIS is included in Microsoft
Server products. These web servers use port 80 for HTTP. When the server
receives a packet with a destination port of 80, the server sends the packet to
the web server application (Apache or IIS) that processes it and sends back a
response.
THE
IMPORTANCE OF PORTS IN SECURITY
Routers, and the routing component of firewalls, filter packets based on IP
addresses, ports, and some protocols such as ICMP or IPsec. Because many
protocols use well-known ports, you can control protocol traffic by allowing or
blocking traffic based on the port.
In the previous example, the client firewall must allow outgoing traffic on
port 80. Firewalls automatically determine the client ports used for return traffic,
and if they allow the outgoing traffic, they allow the return traffic. In other
words, because the firewall allows the packet going to the web server on the destination
port 80, it also allows the web page returning on the
dynamic source port of 49,152.
SHORT TERMS
1.
TCP: Transmission Commission
Protocol
2.
IP: Internet Protocol
3.
URL: Uniform Resources Locator
4.
HTTP: Hypertext Transfer Protocol
5.
UDP: User Datagram Protocol (UDP)
6.
IANA: Internet Assigned Numbers
Authority
7.
SMTP: Simple
Mail Transfer Protocol
8.
SQL: Structure
Query Language
HOW TO FIND YOUR PORT NUMBER ON
WINDOW
Type
netstat -a
Both TCP and User Datagram Protocol
(UDP) use ports with a total of 65,536 TCP ports (0 to 65,535) and 65,536 UDP
ports (0 to 65,535).
Administrators open ports on firewalls and routers to allow the associated protocol
into or out of a network. For example, HTTP uses port 80, and an administrator
allows HTTP traffic by opening port 80.
Additionally, administrators disable unnecessary ports and services as part of
a basic security practice. These ports and services are associated with specific
protocols and if they are disabled, it blocks any attacks on these ports,
services, and protocols.
Assigned port numbers by The
Internet Assigned Numbers Authority (IANA):
• Registered ports: 1024–49,151.
IANA registers these ports for companies as a convenience
the IT community. A single company may register a port for a proprietary use, or multiple companies may use the same
port for a specific standard. As an example, Microsoft
SQL Server uses port 1433 for database servers, Layer 2 Tunneling Protocol (L2TP) uses port 1701, and Point-to-Point
Tunneling Protocol (PPTP) uses port 1723.
• Dynamic
and private ports: 49,152–65,535. These ports are available for use by any application. Applications commonly
use these ports to temporarily map an application to a port. These temporary port mappings are often called
ephemeral ports, indicating that they
are short lived.
Although virtually all the ports
are subject to attack, most port attacks are against the well- known ports.
Port scanners often simply check to see if a well-known port is open. For
example, SMTP uses the well-known port 25, so if port 25 is open, the system is
likely running SMTP.
Network administrators who
regularly work with routers and firewalls can easily tell you which protocol is
associated with which well-known port, such as 20, 21, 22, 23, 25, 80, or 443.
The reason is that they use these ports to allow or block traffic. For example,
an administrator can close port 25 to block all SMTP traffic into a network.
The router then ignores traffic on port 25 instead of forwarding it. Similarly,
an administrator can close port 1433 to block database traffic to a Microsoft
SQL server. On the other hand, the administrator can open port 25 to allow SMTP
traffic.
Although ports are second nature
to router and firewall administrators, they might not be so familiar to you.
COMBINING
THE IP ADDRESS AND THE PORT
At any moment, a computer could
be receiving dozens of packets. Each of these packets includes a destination IP
address and a destination port. TCP/IP uses the IP address to get the packet to
the computer. The computer then uses the port number to get the packet to the
correct service, protocol, or application that can process it.
For example, if the packet has a
destination port of 80 (the well-known port for HTTP), the system passes the
packet to the process handling HTTP.
It wouldn’t do much good to pass
an SMTP email packet to the HTTP service or send an HTTP request packet to the
SMTP service.
IP Address Used to Locate Hosts Imagine
that the IP address of GetCertifiedGetAhead.com is 72.52.206.134, and the
address assigned to your computer from your ISP is 70.150.56.80. TCP/IP uses
these IP addresses to get the packets from your computer to the web server and
the web server’s answer back to your computer.
There’s a lot more that occurs
under the hood with TCP/IP (such as DNS, NAT, and ARP), but the main point is
that the server’s IP address is used to get the requesting packet from your
computer to the server. The server gets the response packets back to your
computer using your IP address (or the IP address of your NAT server).
ASSIGNMENT
Define firewall:
A firewall is a network
device, either hardware or software-based, which monitors all incoming and
outgoing traffic and based on a defined set of security rules it accepts,
rejects or drop that traffic.
List the type of
Firewall and explain them
1.
Host-based Firewalls: is installed on
each network node which controls each incoming and outgoing packet
2.
Network-based firewalls: Network
firewall function on network level. In other words, these filter all incoming
and outgoing traffic across the network