HyperText Transfer Protocol (HTTP)

• Function: Enables clients (web browsers) to request resources from an HTTP server.
• Default TCP Port: 80
• Requests: Made using a URL; server responds with data or error message.
• Headers and Payload: Requests and responses are defined in the HTTP header;
payload usually serves HTML pages.
• Stateless Protocol: Server does not preserve information about the client session.
• Forms Mechanism (POST): Enables data submission from client to server.
• Security Risks: Stateless nature and integration with databases/scripts increase
vulnerabilities.

Web Servers and Hosting

• Types of Hosting:
o Dedicated Server: Private server computer; usually unmanaged.
o Virtual Private Server (VPS): VM on a physical server, isolated by
hypervisor.
o Cloud Hosting: Website runs on a cloud over multiple hardware computers.
o Shared Hosting: Private directory on a shared server, performance affected
by other sites.
• Main Platforms: Apache, Microsoft IIS, nginx.

Secure Sockets Layer/Transport Layer Security (SSL/TLS)

• Purpose: Address security issues in HTTP by providing encryption and

authentication.
• Layer: Sits between Application and Transport layers of TCP/IP stack (Session layer
in OSI model).
• HTTPS: HTTP with SSL/TLS, using TCP port 443.
• Digital Certificates: Issued by a CA, containing a public/private encryption key pair.
• Encrypted Tunnel: Ensures communication cannot be read or altered by third
parties.

File Transfer Protocol (FTP)

• Purpose: Remote file access and transfer to/from servers and appliances.
• Default TCP Port: 21 (control port)
• Modes:
o Active Mode: Server initiates data connection to client; uses port 20 for data
transfer.
o Passive Mode: Client initiates data connection to server; server provides a
random high port.
• Firewall Considerations: Active FTP may require stateful inspection firewalls for
compatibility.

Additional Concepts

• HTTP Headers: Define request and response formats.

• HTML: Plain text files with coded tags for web page formatting.
 • Cookies: Text files set by servers to preserve session information.
• Web Applications: Extend basic HTTP functionality with scripting and databases.

Trivial File Transfer Protocol (TFTP)

• Protocol Type: Connectionless, runs over UDP port 69.

• Use Case: Suitable for transferring small files; lacks guaranteed delivery.
• Functions: Supports only reading (GET) and writing (PUT) files.
• Common Uses: Downloading configuration files for legacy network appliances.
• Security: No security mechanisms; secure protocols are preferred for critical
functions.

Secure File Transfer Protocol (SFTP)

• Protocol Type: Secure link created using SSH over TCP port 22.
• Function: Encrypts authentication and data transfer.
• Requirements: SSH server supporting SFTP and SFTP client software.

FTP over TLS

• Explicit TLS (FTPES): Uses the AUTH TLS command to upgrade an unsecure
connection on port 21 to a secure one. Data can be encrypted with the PROT
command.
• Implicit TLS (FTPS): Negotiates an SSL/TLS tunnel before FTP commands, using
port 990 for the control connection.
• Configuration: FTPES is preferred due to easier firewall configuration.

File and Print Services

Server Message Block (SMB)

• Protocol: Allows sharing directories/files and printers on a network.

• Legacy Use: Ran on NetBIOS (TCP port 139); modern use typically on TCP port
445.
• Security: Restrict SMB to local networks; block NetBIOS port ranges (137-139) and
port 445 on perimeter firewalls.
• Encryption: SMB version 3 supports message encryption for enhanced security.

Remote Print Protocols

• Port 9100: Transfers raw PDL print job data and PJL configuration/management data.
• Internet Printing Protocol (IPP): Uses TCP port 631, supports status messaging,
and can be secure (IPPS).
• Web Services for Devices (WSD)/AirPrint: Advertises service capabilities and
supports plug-and-play with bidirectional status messaging.
• Printer Sharing: Uses SMB for sharing print jobs and status messaging via a host.

Database Services

Relational Databases
 • Structure: Information stored in tables with rows (records) and columns (fields).
• Query Language: Structured Query Language (SQL).
• RDBMS Platforms and Ports:
o Oracle SQL*Net: TCP/1521.
o Microsoft SQL Server: TCP/1433.
o MySQL: TCP/3306 (also used by MariaDB).
o PostgreSQL: TCP/5432.
• Security: RDBMS servers can use TLS transport encryption with certificates.
Servers/clients can require encryption and valid security profiles.

NoSQL Databases

• Structure: Uses various formats such as key-value pairs or wide columns.

• Access: Typically accessed via API over HTTPS.

Messaging, Voice, and Video Services

Simple Mail Transfer Protocol (SMTP)

• Protocol Function: Delivers email from one system to another.

• DNS Use: Uses MX and host (A/AAAA) records to discover recipient SMTP server.
• Message Delivery: Retries delivery on failure and generates non-delivery reports
(NDRs).
• Security:
o STARTTLS: Upgrades an unsecure connection to TLS (explicit TLS).
o SMTPS: Establishes a secure connection before SMTP commands (implicit
TLS).
• Ports:
o Port 25: Message relay between SMTP servers, supports STARTTLS.
o Port 587: Message submission by clients, requires STARTTLS and
authentication.

Mailbox Access Protocols

Post Office Protocol (POP)

• Version: POP3 is the active version.

• Function: Downloads mailbox contents to local PC, typically deletes messages from
server.
• Ports:
o TCP port 110: Unsecure POP3.
o TCP port 995: Secure POP3 (POP3S) with TLS.

Internet Message Access Protocol (IMAP)

• Function: Supports permanent connections, multiple clients, and mailbox

management on the server.
• Ports:
o TCP port 143: Unsecure IMAP.
o TCP port 993: Secure IMAP (IMAPS) with TLS.
Voice and Video Services

Private Branch Exchange (PBX)

• Legacy: Uses PSTN and TDM circuits.

• VoIP PBX: Connects local VoIP endpoints, routes calls to external networks,
supports telephony features.

VoIP Protocols

• Session Initiation Protocol (SIP):

o Function: Session control, user discovery, session management.
o Ports:
▪ UDP/TCP port 5060: Unsecure SIP.
▪ UDP/TCP port 5061: Secure SIP (SIP-TLS).
• Real-Time Transport Protocol (RTP):
o Function: Delivers real-time media data via UDP.
o RTP Control Protocol (RTCP): Monitors connection quality, provides
feedback for QoS adjustments.

VoIP Phones

• Function: Implemented as software or dedicated hardware, segregates SIP and RTP

traffic using VLANs.
• Power: Can use Power over Ethernet (PoE).

Connection Security for VoIP

• SIPS: Uses digital certificates and SSL/TLS for secure connections.

Voice Gateways

• Function: Translate between VoIP and legacy voice equipment/networks.

• Types:
o FXO Gateway: Connects VoIP systems to POTS lines.
o FXS Gateway: Connects POTS handsets and fax machines to VoIP PBX.

LESSON 11: SUMMARY

General Guidelines for Supporting Network Applications

• Web Servers:
o Deployment: Intranets or perimeter networks; use hosted/cloud services for public
websites.
o Security: Configure with valid certificates from trusted CAs for HTTPS over TCP/443.
• File Transfer Protocols:
o Secure FTP:
▪ SFTP: Uses SSH over TCP/22.
▪ FTPS: Uses TLS, can be implicit (TCP/990) or explicit (TCP/21).
• File and Printer Sharing:
 o SMB: Use only on trusted local networks.
o Security: Block SMB ports (TCP/UDP/137-139 and TCP/445) at the network
perimeter. Disable legacy SMB versions.
• Database Services:
o Access: Should be accessed by application servers, not directly by client
workstations.
o Security: Use ACLs to block access to database ports:
▪ Oracle SQL*Net: TCP/1521.
▪ MS SQL: TCP/1433.
▪ MySQL/MariaDB: TCP/3306.
▪ PostgreSQL: TCP/5432.
• Email Servers:
o SMTP Servers: Deploy at the network edge to transfer emails over TCP/25.
o Security: Use TCP/587 with TLS for secure message submission by mail clients.
o Mailbox Servers:
▪ POP3: Use secure version (POP3S) over TCP/995.
▪ IMAP: Use secure version (IMAPS) over TCP/993.
• VoIP Services:
o PBX Deployment: Use hybrid or VoIP PBX with voice gateways in local and perimeter
networks.
o Session Control: Configure endpoints to use secure SIP (TCP/5061).
o Data Transfer: Use RTP/RTCP for media data transfer.

Summary of Common Application Ports and Protocols

• HTTP/HTTPS:
o HTTP: TCP/80 (unsecure).
o HTTPS: TCP/443 (secure).
• FTP:
o FTP: TCP/21 (control), TCP/20 (data).
o SFTP: TCP/22 (secure, uses SSH).
o FTPS (implicit): TCP/990.
o FTPS (explicit): TCP/21 with AUTH TLS command.
• SMB:
o SMB Ports: TCP/445, TCP/UDP/137-139.
o Security: Use only on local networks, block at perimeter.
• Database Ports:
o Oracle SQL*Net: TCP/1521.
o MS SQL: TCP/1433.
o MySQL/MariaDB: TCP/3306.
o PostgreSQL: TCP/5432.
o Security: Enable TLS, use ACLs to restrict access.
• Email Ports:
o SMTP: TCP/25 (message relay).
o SMTP (submission): TCP/587 with STARTTLS.
o POP3: TCP/110 (unsecure), TCP/995 (secure).
o IMAP: TCP/143 (unsecure), TCP/993 (secure).
• VoIP:
o SIP: TCP/5060 (unsecure), TCP/5061 (secure SIP-TLS).
o RTP/RTCP: Used for real-time media data transfer.
Key Points on Security and Encryption

• Web Servers: Always use HTTPS with valid certificates for secure web communications.
• FTP: Prefer SFTP (over SSH) or FTPS (over TLS) for secure file transfers.
• Email: Use secure ports and TLS for SMTP, POP3, and IMAP to protect email
communications.
• SMB: Restrict use to local networks and disable legacy versions for security.
• Databases: Use TLS for secure database connections, and restrict access with ACLs.
• VoIP: Use secure SIP (SIP-TLS) and ensure RTP/RTCP for data transfer to maintain call quality
and security.