Network security engineers work to secure an organization’s network by protecting the data and systems that reside on it. They use a variety of methods, including firewalls, intrusion detection and prevention systems, and encryption software. Network security engineers also keep an eye out for potential threats, and if they see something they believe is a threat, they take steps to prevent it from happening.
How network engineers use network ports?
You can use your computer’s physical ports to communicate with peripherals such as keyboards and mice, and to connect to Internet devices using Ethernet cables. Within the computer network, ports serve a similar purpose.
When the computer system tries to connect to another computer, the port acts as a communication endpoint. It is also possible for different services running on the same computer to expose different ports and communicate with each other through those ports.
Simply put, when a software application or service needs to communicate with another user, the port is exposed. The port is identified by a positive 16-bit unsigned integer in the range 0-65535. Other services use this port number to communicate with the service or app.
Port numbers can be divided into three ranges: known ports, registered ports, dynamic ports or private ports. Known ports (also known as system ports) are numbered from 0 to 1023. For example, to connect to host example.com via SSH, use the following command:
ssh firstname.lastname@example.org -v
In this example, -v stands for verbose, and you should see output similar to this:
debug1: Connecting to example.com [<IP Addr>] port 22
As shown, SSH will try to connect to example.com on port number 22. You can specify a different port number using the -p option. Otherwise, SSH defaults to 22.
The Internet Assigned Numbers Authority (IANA) assigns port numbers to commonly used services such as SSH, FTP, HTTP, and HTTPS. The most common ones are:
|20||File Transfer Protocol (FTP) Data Transfer|
|21||File Transfer Protocol (FTP) Command Control|
|22||Secure Shell (SSH)|
|23||Telnet – Remote login service, unencrypted text messages|
|25||Simple Mail Transfer Protocol (SMTP) E-mail Routing|
|53||Domain Name System (DNS) service|
|80||Hypertext Transfer Protocol (HTTP) used in World Wide Web|
|110||Post Office Protocol (POP3) used by e-mail clients to retrieve e-mail from a server|
|119||Network News Transfer Protocol (NNTP)|
|123||Network Time Protocol (NTP)|
|143||Internet Message Access Protocol (IMAP) Management of Digital Mail|
|161||Simple Network Management Protocol (SNMP)|
|194||Internet Relay Chat (IRC)|
|443||HTTP Secure (HTTPS) HTTP over TLS/SSL|
Network security engineers: Identifying vulnerabilities
There are two goals when performing a port scan.
1) to confirm the existence of the target system
2) to get a list of communication channels (ports) that accept connections
Later, I’ll try to find an application on the communication channel, but for now, let’s list the open ports. This section uses several different tools, but not all of the listed tools are available for port scanning and listing.
The Back Track hard drive has many tools you can use to perform port scans and system enumeration. In addition, www.sectools.org/app-scanners.html also lists the most popular hacking tools related to port scanning.
Tools & Traps…
Remember, the network security operation engineers responsible for maintaining and securing your Pen Test target should design their network and harden their systems in such a way to make this phase of the penetration test. It is very difficult for us to perform; we need to try as many different tests as possible to trick information out of the network.
Against a really talented network engineer, we won’t get everything, but we might get enough. Although we won’t delve too deeply into the concepts of ports and communication protocols, it is important to understand not only the protocol structures, but also how the tools use (or misuse) the protocols to communicate with the target.
We discuss different scanning techniques and protocols to determine if a system is available, and how the system is communicating. Our work during the Information Gathering phase may have provided us with some idea of systems, applications, and OSes within the target network; however, we need to delve deeper.
The first step in this phase is often to scan the network to identify all available systems. In this chapter, instead of exploring the entire network, we will immediately proceed to scan for a specific target. Ultimately, passive scanning techniques are used to identify all systems on the network, but the real purpose of this chapter is to identify potential vulnerabilities.
How a network engineer uses ports to diagnose and solve network problems
Ports are a key part of the network infrastructure. As a network engineer, you use ports to diagnose and solve network problems. Ports can be used to verify connectivity, identify problems, and optimize your network. Here are some tips for using ports:
- Use port numbers wisely. Port numbers are important, but make sure you use them correctly. Port numbers start with 0 and increase by 1 for each additional port on your computer. For example, the default port number for internet traffic is 80. To troubleshoot internet problems, you might need to use ports 443 (SSL) or 8080 (HTTP).
- Use common port numbers for standard tasks. Standard ports are often used for common tasks like browsing the web or sending email.
How networking technology reflects your organization
Networking technology reflects your organization in a number of ways. For one, ports are often used to diagnose network issues. Network engineers use ports to see what traffic is flowing and where it’s going, which can help them identify and fix problems.
In addition, networking technology also affects how information is shared within an organization. For example, if an organization uses Ethernet networks, then employees will likely need adapters to connect to the network. If an organization uses wireless networks, then employees might not need any adapters at all.
In conclusion, as a network engineer it is important to be aware of the latest networking technology so that you can identify vulnerabilities. By taking the time to learn about new networking technologies, you can help keep your network safe and secure.