In today's lesson, I'll talk about ports and protocols. By the end of this lesson, I'll discuss and you'll be able to discuss, what ports and protocols are used within information security and understand the differences between secured and unsecured technology. The Internet is full of communication protocols, even the protocols that we use to each other, communication in general. If I'm talking with one language, English, right now, you're understanding how I'm communicating because you recognize that communication. Additionally, other people trying to communicate in other languages, have to be talking that same language in order to understand what they're saying. So, in the realm of computers and computer security, we have to understand what protocols, what languages are being used, so, we can say, yes, this is actually secure communication or insecure communication and how do we interpret that information. Typical communication methods: we have internet traffic, we have email, and we have file transfers. These are our big three communication methods that we all are familiar with and that we use on a daily basis. Sure there are a lot of other communication protocols but, if you're an executive, you understand that I'm going to be using internet traffic, I have email traffic, and I have to transfer files back and forth to other people. So, what does or what do I need to be concerned with when talking about information security in the realm of ports and protocols? Each protocol, whether it's based for internet traffic, email or file transfers have secure and unsecure methods. Communication should always be secure. There's two reasons for that. Number one, it needs to remain secure so that nobody eavesdrops on it. And number two, it needs to remain secure, so that the other person understands what you're talking about in a secure sense and that information has not been modified. We can't get in the middle of a communication channel if it's encrypted and expect us to change the method. This goes back to integrity, if you remember a couple lessons back; where, if information is not accurate, then we have a loss of integrity. So, we need to be using secure communications and understand these protocols in order to have integrity in the way we communicate. Let's talk about internet communications. I'm talking about a very high level here, of how the internet as a whole communicates. Remember I just said that this does not take into account all protocols but these are the most common. So, HTTP, HTTP stands for Hyper Text Transfer Protocol. It's used for transferring information between two computers, two systems, two applications. This could be your chat client, to the chat server, to the other communication, to the other client that you're communicating with. There's a whole realm of applications that use HTTP to communicate information back and forth to other systems and other people. So, the typical communication port is over port 80. However, you can really use any port that you want so long as it's not being used for something else. You may have seen port 8080; if it's a Tomcat server it usually runs on something like that. Or you could just use, well, I'm trying to think off the top of my head in the video. What other communication channels use HTTP or what other software? There's all kinds. What about, is it secure or unsecure? Well, HTTP is unsecured. Meaning, that it can be read if somebody intercepts it. And when I'm talking about unsecured communications, I'll talked about this throughout the lesson, is that, if we have a man-in-the-middle attack, information can be intercepted. Let me explain the man-in-the-middle attack real quick. So, man-in-the-middle attack, is where I get in between the communication channel. So, between a client and a server, if I'm somehow able to get in between that communication channel, I can either bypass the other client and say anything I want to them, or I can garble information, or I can cut off access. Really I can do whatever I want. But the important thing in understanding the communication channels and the communication protocols, is that we want to use secure communication channels, so that there's no way that I can get in the middle of that communication and be able to read it or modify it. The secure communication method for internet communications is HTTPS and this is Hyper Text Transfer Protocol and that's the secure version of it. It's used for transferring information between two computers. It's typically implemented on web servers and web applications but in a secure method. The communication port is over 443, meaning, it's secure. So it can't be read if it's intercepted, it's encrypted at both ends. Both sides can talk to each other through the encrypted communication channel. This is secured with either SSL or TLS. Those are the two protocols that communicate between different processes or applications. It's very simple to implement with certificates. What about email communication? MIME is the protocol that you'll typically see for email. And this stands for Multipurpose Internet Mail Extension. It's used for around 99 percent of all email communication sent via SMTP or Simple Mail Transfer Protocol; which a majority of the internet, that's how we send communications out on. It is implemented in email communication. And it is the standard that defines how email is formatted to servers who are receiving the email and how they read the email. It defines the to, the from, the subject, all the fields in order to be able to interpret how that email is formatted. The typical communication port is going to be SMTP port 25 and IMAP which is port 143. SMTP is an unsecured protocol which means that it can be read if it's been intercepted. The MIME protocol and the MIME standard is really a standard for email communication when sending an email. If you're communicating, think about the emails that you're sending. Are they actually secure? Do you want your email to be secure? Email itself is inherently insecure, and again, 99 percent of all email communication goes over SMTP. It goes over an insecure protocol, to one side or another, because it is hard to set up encryption. And let's talk about that, the secure protocol. The secure protocol of MIME is called SMIME. It stands for Secure Multipurpose Internet Mail Extension. It's used for transferring information between two computers over email or two entities over email. It is implemented in end to end encrypted email exchange. Both clients have to implement the communication protocol in order for it to work. Typical communication port is SMTP is port 465. And IMAP, the secure port of that is 993. Secure messages over SMIME mean that the contents is going to be encrypted. So the benefit of using SMIME is that the contents, everything in that mail message is going to be encrypted, both in transit and at rest. It is a very great protocol to use if everybody has it set up. The problem is, you do have to set it up on both ends. Both parties have to set it up and webmail has a very hard time processing it because it is client to client based encryption. So each client has to have a certificate to encrypt and decrypt it. Let's talk about file transfer. FTP stands for File Transfer Protocol. It's used for transferring files from one system to another. It's implemented in servers that have FTP software and runs on port 21. It is an unsecure technology meaning that it can be read if intercepted. So this means anything that I send over it. So, if I'm connecting via FTP, I probably have a username and password. If I'm using FTP, unsecured over port 21, the person that is intercepting the traffic gets my username, gets my password, gets any files that I have and can read any type of communication. It is very easy to read information if you can get in the middle of it. The secure version of File Transfer Protocol comes in two different versions; it comes in SFTP and FTPS. They're implemented two different ways. They're both used for File Transfer Protocol. But you have to have software, different software depending on which one you're using. So for SFTP, that runs over a Secure Shell or SSH, this runs over port 22. FTPS is implemented with SSL or TLS and uses certificates to encrypt their communication channel and that runs over, generally, port 990 or 989. But they both are going to be secure ways of transferring files. FTP has been used all over the place for years and years but not many people really sit down to consider the implications of grabbing an unsecured communication channel when transferring files. So if you're implementing SFTP, which runs over port 22 SSH version, it's very easy to set up a Linux server to transfer files back and forth. However, for Windows based systems, we might use a different protocol like FTPS which uses those certificates. Network server communications is one of the very small portions of internet communications that I want to talk about. Telnet, for example, is how we communicate between servers and network equipment. Port 23 is what Telnet runs on, typically. Now, any of these protocols, you can use a different port. But, if you're going to take a certification exam, they're going to ask you what is the typical port, these protocols, these communication protocols run on. Telnet runs over port 23 and it isn't secure. It is unsecure, meaning that anybody can intercept it and it can be read if you get it. What if you are running Telnet and you have the same username and password for every switch? Or you're networking equipment from building to building, to campus to campus, to whatever. If one communication channel's leaked, you now have the username and password to get into all of your network. So it's important to not use Telnet in cases where that communication channel could be intercepted. The secure version of Telnet comes in a whole different protocol itself which is SSH. SSH stands for Secure Shell and it's used in Linux servers and other networking equipment to secure the communications channel. If we're looking at the Linux implementation of SSH, we're able to do a lot more with it. We can view a GUI through it. We can create tunnels from one side to another implementing VPN, for example. File Transfer Protocol also runs off of SSH that's called SCP or secure copy. VPN, Virtual Private Networking, is one of those protocols that you need to understand. It is a secure communication channel. There's a lot of different flavors of VPN. But we want to use something whenever we need to communicate with another entity securely. Typical communication ports or protocols are going to be IPSec, PPTP, and IKE. They are secure communication channels and VPN should really always be used when you do not trust a network that you're connected to. So, a coffee shop for example, coffee shop is a great way to get on the internet. However, it might be insecure. You might have an attacker, stealing information over that coffee shop network. So use a VPN so that it's secure and all communication channels are encrypted over that protocol. Other important protocols: we have DNS that runs over port 53; IKE or ISAKMP is port 500; RDP, which is a Windows technology and that shows desktop, remote desktop, that runs over 3389; DHCP, which is a Dynamic Host Connection Protocol, that runs over port 67 and 68; Kerberos, which is an authentication protocol, that runs over port 88; LDAP runs over port 389 and that stands for Lightweight Directory Authentication Protocol, the secure version of that runs over port 636; Syslog, which communicates login information, usually runs over a UDP 514; GRE tunnels, which are also used for the peahens, that runs over seven port 1723; and PPTP runs over port 27.
