First, you should understand how ports are used. This blog entry gives an overview. http://sy0201.blogspot.com/2009/10/understanding-ports.html
Ports from 0 to 1023 are known as well-known ports. There are assigned by IANA and can be viewed here: http://www.iana.org/assignments/port-numbers.
However, you don’t need to know them all. First, let’s discuss why are they relevant.
When doing basic packet filtering, a firewall can filter based on IP addresses and ports. However, what if you want to allow HTTP traffic (regular Internet traffic)? You can’t create packet filter rule to allow HTTP traffic (at least not directly). Instead, you create a packet filter rule to allow port 80 (the well-known port for HTTP).
What if you want to allow SMTP traffic? You would allow traffic using port 25. What if you want to allow DNS traffic? You allow traffic using port 53.
Routers and firewalls typically use an implicit deny implementation. What this means is that all traffic is blocked (implicitly denied) unless it is explicitly allowed. In other words, the only traffic that is allowed is the traffic that has an associated rule allowing it. Allowed traffic is sometimes referred to as an exception.
How does all this apply to Security+? You may need to know how to block, or how to allow certain traffic identified either by the protocol or by the port. The only way you can answer these types of questions is by knowing the well-known ports.
Here are some:
- FTP 20, 21
- SSH 22
- Telnet 23
- SMTP 25
- DNS 53
- HTTP 80
- Kerberos 88
- POP3 110
- NNTP 119
- IMAP4 143
- LDAP 389
- HTTPS 443
- LDAP/TLS or LDAP/SSL 636
Good luck in your studies.
Darril
