Friday, October 30, 2009

Well-known ports

When studying for the CompTIA Security+ exam (SY0-201), you’ll come across information on ports. These are important to know and it’s also important to understand how they’re used. In this post, I want to cover some of the well-known ports and why they’re relevant when studying Security+.

First, you should understand how ports are used. This blog entry gives an overview.

Ports from 0 to 1023 are known as well-known ports. There are assigned by IANA and can be viewed here:

However, you don’t need to know them all. First, let’s discuss why are they relevant.

When doing basic packet filtering, a firewall can filter based on IP addresses and ports. However, what if you want to allow HTTP traffic (regular Internet traffic)? You can’t create packet filter rule to allow HTTP traffic (at least not directly). Instead, you create a packet filter rule to allow port 80 (the well-known port for HTTP).

What if you want to allow SMTP traffic? You would allow traffic using port 25. What if you want to allow DNS traffic? You allow traffic using port 53.

Routers and firewalls typically use an implicit deny implementation. What this means is that all traffic is blocked (implicitly denied) unless it is explicitly allowed. In other words, the only traffic that is allowed is the traffic that has an associated rule allowing it. Allowed traffic is sometimes referred to as an exception.

How does all this apply to Security+? You may need to know how to block, or how to allow certain traffic identified either by the protocol or by the port. The only way you can answer these types of questions is by knowing the well-known ports.

Here are some:
  • FTP 20, 21
  • SSH 22
  • Telnet 23
  • SMTP 25
  • DNS 53
  • HTTP 80
  • Kerberos 88
  • POP3 110
  • NNTP 119
  • IMAP4 143
  • LDAP 389
  • HTTPS 443
  • LDAP/TLS or LDAP/SSL 636
You can find more information on ports including some sample questions in this book: CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide

Good luck in your studies.