The Application Layer is the most visible layer because it interacts with software applications that need access to network services and resources. When an application wants to request (consume) a service, such as a webpage, it sends a network message to a specific server. However, modern servers commonly provide lots of services, so how does the server know what a remote process wants? In addition to sending a request to a server, a service requester (i.e., a client) also provides a port number with the request. A port is just a number that tells the server what type of service the client is requesting. On the server, many programs run as services, which are programs that monitor a specific port for requests. When a server receives a request for a service at a specific port, the Application Layer passes the request to the service listening on the specified port. An instance of a service listening for traffic on a specific port is called a socket.
Each service uses a port number to help direct traffic. There are 65,536 ports, which are divided into well-known ports (0–1023), registered ports (1024–49151), and dynamic ports (49152–65535). Although there are hundreds of ports and corresponding applications, in practice, fewer than 100 are in common use. Of these, only a handful will be encountered on a regular basis. The most common of these are shown in TABLE 6-3.
PORT | SERVICE | PROTOCOL |
---|---|---|
20/21 | File Transfer Protocol (FTP) data/FTP command | TCP |
22 | SSH/Secure File Transfer Protocol (SFTP) | TCP |
23 | Telnet | TCP |
25 | Simple Mail Transfer Protocol (SMTP) | TCP |
53 | Domain Name Service (DNS) | TCP/UDP |
67/68 | Dynamic Host Configuration Protocol (DHCP) | UDP |
69 | Trivial File Transfer Protocol (TFTP) | UDP |
79 | Finger protocol (user information) | TCP |
80 | Hypertext Transfer Protocol (HTTP) | TCP |
88 | Kerberos | UDP |
110 | Post Office Protocol version 3 (POP3) | TCP |
111 | Sun Microsystems Remote Procedure Call (SUNRPC) | TCP/UDP |
123 | Network Time Protocol (NTP) | UDP |
135 | Microsoft Remote Procedure Call (MS RPC) | TCP/UDP |
139 | NetBIOS Session | TCP/UDP |
143 | Internet Message Access Protocol (IMAP) | TCP |
156 | Structured Query Language (SQL) service | TCP/UDP |
161 | Simple Network Management Protocol (SNMP) | UDP |
162 | SNMP Trap | UDP |
179 | Border Gateway Protocol (BGP) | TCP/UDP |
389 | Lightweight Directory Access Protocol (LDAP) | TCP |
443 | Hypertext Transfer Protocol Secure (HTTPS) | TCP |
445 | Server Message Block (SMB) over IP | TCP/UDP |
You should practice the deny-all principle and enable just those ports that are needed instead of memorizing each port and deciding whether or not to block it. Simply put, you should block everything and allow only what is needed. If a port is not being used, and deny-all is the practice, it will already be closed.
Because the most popular protocol suite, Transmission Control Protocol/Internet Protocol (TCP/IP), was designed when more trust was given to networks, all applications are not created equally. Although some, such as SSH, are designed to be secure, you might encounter the less secure options in practice. The following list discusses the operation and security issues of some of the common applications:
Every firewall is different with respect to configuration, but by default most firewalls have most, if not all, their default ports and services disabled. It is up to each organization to determine what must be enabled to make the network usable and to enable just those features necessary to function. The first step in configuring network devices for any organization is to understand what network services that organization needs to operate. Then, provide access for only those services.
3.144.91.47