0% found this document useful (0 votes)
15 views6 pages

Lesson 11

Uploaded by

Shubham Yadav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
15 views6 pages

Lesson 11

Uploaded by

Shubham Yadav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

HyperText Transfer Protocol (HTTP)

• Function: Enables clients (web browsers) to request resources from an HTTP server.
• Default TCP Port: 80
• Requests: Made using a URL; server responds with data or error message.
• Headers and Payload: Requests and responses are defined in the HTTP header;
payload usually serves HTML pages.
• Stateless Protocol: Server does not preserve information about the client session.
• Forms Mechanism (POST): Enables data submission from client to server.
• Security Risks: Stateless nature and integration with databases/scripts increase
vulnerabilities.

Web Servers and Hosting

• Types of Hosting:
o Dedicated Server: Private server computer; usually unmanaged.
o Virtual Private Server (VPS): VM on a physical server, isolated by
hypervisor.
o Cloud Hosting: Website runs on a cloud over multiple hardware computers.
o Shared Hosting: Private directory on a shared server, performance affected
by other sites.
• Main Platforms: Apache, Microsoft IIS, nginx.

Secure Sockets Layer/Transport Layer Security (SSL/TLS)

• Purpose: Address security issues in HTTP by providing encryption and


authentication.
• Layer: Sits between Application and Transport layers of TCP/IP stack (Session layer
in OSI model).
• HTTPS: HTTP with SSL/TLS, using TCP port 443.
• Digital Certificates: Issued by a CA, containing a public/private encryption key pair.
• Encrypted Tunnel: Ensures communication cannot be read or altered by third
parties.

File Transfer Protocol (FTP)

• Purpose: Remote file access and transfer to/from servers and appliances.
• Default TCP Port: 21 (control port)
• Modes:
o Active Mode: Server initiates data connection to client; uses port 20 for data
transfer.
o Passive Mode: Client initiates data connection to server; server provides a
random high port.
• Firewall Considerations: Active FTP may require stateful inspection firewalls for
compatibility.

Additional Concepts

• HTTP Headers: Define request and response formats.


• HTML: Plain text files with coded tags for web page formatting.
• Cookies: Text files set by servers to preserve session information.
• Web Applications: Extend basic HTTP functionality with scripting and databases.

Trivial File Transfer Protocol (TFTP)

• Protocol Type: Connectionless, runs over UDP port 69.


• Use Case: Suitable for transferring small files; lacks guaranteed delivery.
• Functions: Supports only reading (GET) and writing (PUT) files.
• Common Uses: Downloading configuration files for legacy network appliances.
• Security: No security mechanisms; secure protocols are preferred for critical
functions.

Secure File Transfer Protocol (SFTP)

• Protocol Type: Secure link created using SSH over TCP port 22.
• Function: Encrypts authentication and data transfer.
• Requirements: SSH server supporting SFTP and SFTP client software.

FTP over TLS

• Explicit TLS (FTPES): Uses the AUTH TLS command to upgrade an unsecure
connection on port 21 to a secure one. Data can be encrypted with the PROT
command.
• Implicit TLS (FTPS): Negotiates an SSL/TLS tunnel before FTP commands, using
port 990 for the control connection.
• Configuration: FTPES is preferred due to easier firewall configuration.

File and Print Services

Server Message Block (SMB)

• Protocol: Allows sharing directories/files and printers on a network.


• Legacy Use: Ran on NetBIOS (TCP port 139); modern use typically on TCP port
445.
• Security: Restrict SMB to local networks; block NetBIOS port ranges (137-139) and
port 445 on perimeter firewalls.
• Encryption: SMB version 3 supports message encryption for enhanced security.

Remote Print Protocols

• Port 9100: Transfers raw PDL print job data and PJL configuration/management data.
• Internet Printing Protocol (IPP): Uses TCP port 631, supports status messaging,
and can be secure (IPPS).
• Web Services for Devices (WSD)/AirPrint: Advertises service capabilities and
supports plug-and-play with bidirectional status messaging.
• Printer Sharing: Uses SMB for sharing print jobs and status messaging via a host.

Database Services

Relational Databases
• Structure: Information stored in tables with rows (records) and columns (fields).
• Query Language: Structured Query Language (SQL).
• RDBMS Platforms and Ports:
o Oracle SQL*Net: TCP/1521.
o Microsoft SQL Server: TCP/1433.
o MySQL: TCP/3306 (also used by MariaDB).
o PostgreSQL: TCP/5432.
• Security: RDBMS servers can use TLS transport encryption with certificates.
Servers/clients can require encryption and valid security profiles.

NoSQL Databases

• Structure: Uses various formats such as key-value pairs or wide columns.


• Access: Typically accessed via API over HTTPS.

Messaging, Voice, and Video Services

Simple Mail Transfer Protocol (SMTP)

• Protocol Function: Delivers email from one system to another.


• DNS Use: Uses MX and host (A/AAAA) records to discover recipient SMTP server.
• Message Delivery: Retries delivery on failure and generates non-delivery reports
(NDRs).
• Security:
o STARTTLS: Upgrades an unsecure connection to TLS (explicit TLS).
o SMTPS: Establishes a secure connection before SMTP commands (implicit
TLS).
• Ports:
o Port 25: Message relay between SMTP servers, supports STARTTLS.
o Port 587: Message submission by clients, requires STARTTLS and
authentication.

Mailbox Access Protocols

Post Office Protocol (POP)

• Version: POP3 is the active version.


• Function: Downloads mailbox contents to local PC, typically deletes messages from
server.
• Ports:
o TCP port 110: Unsecure POP3.
o TCP port 995: Secure POP3 (POP3S) with TLS.

Internet Message Access Protocol (IMAP)

• Function: Supports permanent connections, multiple clients, and mailbox


management on the server.
• Ports:
o TCP port 143: Unsecure IMAP.
o TCP port 993: Secure IMAP (IMAPS) with TLS.
Voice and Video Services

Private Branch Exchange (PBX)

• Legacy: Uses PSTN and TDM circuits.


• VoIP PBX: Connects local VoIP endpoints, routes calls to external networks,
supports telephony features.

VoIP Protocols

• Session Initiation Protocol (SIP):


o Function: Session control, user discovery, session management.
o Ports:
▪ UDP/TCP port 5060: Unsecure SIP.
▪ UDP/TCP port 5061: Secure SIP (SIP-TLS).
• Real-Time Transport Protocol (RTP):
o Function: Delivers real-time media data via UDP.
o RTP Control Protocol (RTCP): Monitors connection quality, provides
feedback for QoS adjustments.

VoIP Phones

• Function: Implemented as software or dedicated hardware, segregates SIP and RTP


traffic using VLANs.
• Power: Can use Power over Ethernet (PoE).

Connection Security for VoIP

• SIPS: Uses digital certificates and SSL/TLS for secure connections.

Voice Gateways

• Function: Translate between VoIP and legacy voice equipment/networks.


• Types:
o FXO Gateway: Connects VoIP systems to POTS lines.
o FXS Gateway: Connects POTS handsets and fax machines to VoIP PBX.

LESSON 11: SUMMARY

General Guidelines for Supporting Network Applications

• Web Servers:
o Deployment: Intranets or perimeter networks; use hosted/cloud services for public
websites.
o Security: Configure with valid certificates from trusted CAs for HTTPS over TCP/443.
• File Transfer Protocols:
o Secure FTP:
▪ SFTP: Uses SSH over TCP/22.
▪ FTPS: Uses TLS, can be implicit (TCP/990) or explicit (TCP/21).
• File and Printer Sharing:
o SMB: Use only on trusted local networks.
o Security: Block SMB ports (TCP/UDP/137-139 and TCP/445) at the network
perimeter. Disable legacy SMB versions.
• Database Services:
o Access: Should be accessed by application servers, not directly by client
workstations.
o Security: Use ACLs to block access to database ports:
▪ Oracle SQL*Net: TCP/1521.
▪ MS SQL: TCP/1433.
▪ MySQL/MariaDB: TCP/3306.
▪ PostgreSQL: TCP/5432.
• Email Servers:
o SMTP Servers: Deploy at the network edge to transfer emails over TCP/25.
o Security: Use TCP/587 with TLS for secure message submission by mail clients.
o Mailbox Servers:
▪ POP3: Use secure version (POP3S) over TCP/995.
▪ IMAP: Use secure version (IMAPS) over TCP/993.
• VoIP Services:
o PBX Deployment: Use hybrid or VoIP PBX with voice gateways in local and perimeter
networks.
o Session Control: Configure endpoints to use secure SIP (TCP/5061).
o Data Transfer: Use RTP/RTCP for media data transfer.

Summary of Common Application Ports and Protocols

• HTTP/HTTPS:
o HTTP: TCP/80 (unsecure).
o HTTPS: TCP/443 (secure).
• FTP:
o FTP: TCP/21 (control), TCP/20 (data).
o SFTP: TCP/22 (secure, uses SSH).
o FTPS (implicit): TCP/990.
o FTPS (explicit): TCP/21 with AUTH TLS command.
• SMB:
o SMB Ports: TCP/445, TCP/UDP/137-139.
o Security: Use only on local networks, block at perimeter.
• Database Ports:
o Oracle SQL*Net: TCP/1521.
o MS SQL: TCP/1433.
o MySQL/MariaDB: TCP/3306.
o PostgreSQL: TCP/5432.
o Security: Enable TLS, use ACLs to restrict access.
• Email Ports:
o SMTP: TCP/25 (message relay).
o SMTP (submission): TCP/587 with STARTTLS.
o POP3: TCP/110 (unsecure), TCP/995 (secure).
o IMAP: TCP/143 (unsecure), TCP/993 (secure).
• VoIP:
o SIP: TCP/5060 (unsecure), TCP/5061 (secure SIP-TLS).
o RTP/RTCP: Used for real-time media data transfer.
Key Points on Security and Encryption

• Web Servers: Always use HTTPS with valid certificates for secure web communications.
• FTP: Prefer SFTP (over SSH) or FTPS (over TLS) for secure file transfers.
• Email: Use secure ports and TLS for SMTP, POP3, and IMAP to protect email
communications.
• SMB: Restrict use to local networks and disable legacy versions for security.
• Databases: Use TLS for secure database connections, and restrict access with ACLs.
• VoIP: Use secure SIP (SIP-TLS) and ensure RTP/RTCP for data transfer to maintain call quality
and security.

You might also like