Lesson 11
Lesson 11
• Function: Enables clients (web browsers) to request resources from an HTTP server.
• Default TCP Port: 80
• Requests: Made using a URL; server responds with data or error message.
• Headers and Payload: Requests and responses are defined in the HTTP header;
payload usually serves HTML pages.
• Stateless Protocol: Server does not preserve information about the client session.
• Forms Mechanism (POST): Enables data submission from client to server.
• Security Risks: Stateless nature and integration with databases/scripts increase
vulnerabilities.
• Types of Hosting:
o Dedicated Server: Private server computer; usually unmanaged.
o Virtual Private Server (VPS): VM on a physical server, isolated by
hypervisor.
o Cloud Hosting: Website runs on a cloud over multiple hardware computers.
o Shared Hosting: Private directory on a shared server, performance affected
by other sites.
• Main Platforms: Apache, Microsoft IIS, nginx.
• Purpose: Remote file access and transfer to/from servers and appliances.
• Default TCP Port: 21 (control port)
• Modes:
o Active Mode: Server initiates data connection to client; uses port 20 for data
transfer.
o Passive Mode: Client initiates data connection to server; server provides a
random high port.
• Firewall Considerations: Active FTP may require stateful inspection firewalls for
compatibility.
Additional Concepts
• Protocol Type: Secure link created using SSH over TCP port 22.
• Function: Encrypts authentication and data transfer.
• Requirements: SSH server supporting SFTP and SFTP client software.
• Explicit TLS (FTPES): Uses the AUTH TLS command to upgrade an unsecure
connection on port 21 to a secure one. Data can be encrypted with the PROT
command.
• Implicit TLS (FTPS): Negotiates an SSL/TLS tunnel before FTP commands, using
port 990 for the control connection.
• Configuration: FTPES is preferred due to easier firewall configuration.
• Port 9100: Transfers raw PDL print job data and PJL configuration/management data.
• Internet Printing Protocol (IPP): Uses TCP port 631, supports status messaging,
and can be secure (IPPS).
• Web Services for Devices (WSD)/AirPrint: Advertises service capabilities and
supports plug-and-play with bidirectional status messaging.
• Printer Sharing: Uses SMB for sharing print jobs and status messaging via a host.
Database Services
Relational Databases
• Structure: Information stored in tables with rows (records) and columns (fields).
• Query Language: Structured Query Language (SQL).
• RDBMS Platforms and Ports:
o Oracle SQL*Net: TCP/1521.
o Microsoft SQL Server: TCP/1433.
o MySQL: TCP/3306 (also used by MariaDB).
o PostgreSQL: TCP/5432.
• Security: RDBMS servers can use TLS transport encryption with certificates.
Servers/clients can require encryption and valid security profiles.
NoSQL Databases
VoIP Protocols
VoIP Phones
Voice Gateways
• Web Servers:
o Deployment: Intranets or perimeter networks; use hosted/cloud services for public
websites.
o Security: Configure with valid certificates from trusted CAs for HTTPS over TCP/443.
• File Transfer Protocols:
o Secure FTP:
▪ SFTP: Uses SSH over TCP/22.
▪ FTPS: Uses TLS, can be implicit (TCP/990) or explicit (TCP/21).
• File and Printer Sharing:
o SMB: Use only on trusted local networks.
o Security: Block SMB ports (TCP/UDP/137-139 and TCP/445) at the network
perimeter. Disable legacy SMB versions.
• Database Services:
o Access: Should be accessed by application servers, not directly by client
workstations.
o Security: Use ACLs to block access to database ports:
▪ Oracle SQL*Net: TCP/1521.
▪ MS SQL: TCP/1433.
▪ MySQL/MariaDB: TCP/3306.
▪ PostgreSQL: TCP/5432.
• Email Servers:
o SMTP Servers: Deploy at the network edge to transfer emails over TCP/25.
o Security: Use TCP/587 with TLS for secure message submission by mail clients.
o Mailbox Servers:
▪ POP3: Use secure version (POP3S) over TCP/995.
▪ IMAP: Use secure version (IMAPS) over TCP/993.
• VoIP Services:
o PBX Deployment: Use hybrid or VoIP PBX with voice gateways in local and perimeter
networks.
o Session Control: Configure endpoints to use secure SIP (TCP/5061).
o Data Transfer: Use RTP/RTCP for media data transfer.
• HTTP/HTTPS:
o HTTP: TCP/80 (unsecure).
o HTTPS: TCP/443 (secure).
• FTP:
o FTP: TCP/21 (control), TCP/20 (data).
o SFTP: TCP/22 (secure, uses SSH).
o FTPS (implicit): TCP/990.
o FTPS (explicit): TCP/21 with AUTH TLS command.
• SMB:
o SMB Ports: TCP/445, TCP/UDP/137-139.
o Security: Use only on local networks, block at perimeter.
• Database Ports:
o Oracle SQL*Net: TCP/1521.
o MS SQL: TCP/1433.
o MySQL/MariaDB: TCP/3306.
o PostgreSQL: TCP/5432.
o Security: Enable TLS, use ACLs to restrict access.
• Email Ports:
o SMTP: TCP/25 (message relay).
o SMTP (submission): TCP/587 with STARTTLS.
o POP3: TCP/110 (unsecure), TCP/995 (secure).
o IMAP: TCP/143 (unsecure), TCP/993 (secure).
• VoIP:
o SIP: TCP/5060 (unsecure), TCP/5061 (secure SIP-TLS).
o RTP/RTCP: Used for real-time media data transfer.
Key Points on Security and Encryption
• Web Servers: Always use HTTPS with valid certificates for secure web communications.
• FTP: Prefer SFTP (over SSH) or FTPS (over TLS) for secure file transfers.
• Email: Use secure ports and TLS for SMTP, POP3, and IMAP to protect email
communications.
• SMB: Restrict use to local networks and disable legacy versions for security.
• Databases: Use TLS for secure database connections, and restrict access with ACLs.
• VoIP: Use secure SIP (SIP-TLS) and ensure RTP/RTCP for data transfer to maintain call quality
and security.