The HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) ports are used to transfer data from a web server to a browser. By default, HTTP connection uses TCP port 80 and HTTPS connection uses TCP port 443. Show
HTTP connections are unencrypted whereas HTTPS connections are encrypted and use Secure Socket Layer (SSL) protocol. Telnet application is generally used to verify connectivity to remote services that are based on TCP. However, the
information exchanged in a telnet session between a client and server is unencrypted. Non-secure HTTP port connections can be tested by using Telnet. Example: Trying... Once connected, telnet connection appears hung as web server waits for HTTP protocol GET/POST request. Enter following lines quickly before the server times out: GET / HTTP/1.1 <Hit enter twice to send the request> Server responds with HTTP status, response headers, data, and the connection is then ended: HTTP/1.1 301 Moved Permanently For HTTPS port connection, telnet doesn't work, since a secure SSL connection needs to be set up before HTTP commands can be used. The “openssl” toolkit “s_client” option can be used to test HTTPS connection. It connects to remote hosts by using SSL/TLS. # openssl s_client -connect <hostname>:443 Example: Once connected, SSL certificate details are output before the HTTP request can be entered. Certificate
chain Start Time: 1624938529 From this point on, rest of session is similar to telnet session, but, it is tunneled through a secure connection. Just like in telnet session, enter the HTTP request quickly before server times out and hit enter twice to send the request to the server: GET / HTTP/1.1 Server responds with HTTP status, response headers, data, and the connection is then ended: HTTP/1.1 301 Moved Permanently redirectclosed A port scan is a method for determining which ports on a network are open. As ports on a computer are the place where information is sent and received, port scanning is analogous to knocking on doors to see if someone is home. Running a port scan on a network or server reveals which ports are open and listening (receiving information), as well as revealing the presence of security devices such as firewalls that are present between the sender and the target. This technique is known as fingerprinting. It is also valuable for testing network security and the strength of the system’s firewall. Due to this functionality, it is also a popular reconnaissance tool for attackers seeking a weak point of access to break into a computer. Ports vary in their services offered. They are numbered from 0 to 65535, but certain ranges are more frequently used. Ports 0 to 1023 are identified as the “well-known ports” or standard ports and have been assigned services by the Internet Assigned Numbers Authority (IANA). Some of the most prominent ports and their assigned services include:
There are standard services offered on ports after 1023 as well, and ports that, if open, indicate an infected system due to its popularity with some far-reaching Trojans and viruses. A port scan sends a carefully prepared packet to each destination port number. The basic techniques that port scanning software is capable of include:
Scans that are developed for the sender to go undetected by a receiving system’s log are known as stealth scans and are of particular interest to attackers. Despite its popularity in this area, port scanning is a valuable tool for fingerprinting a network and for a penetration tester to assess the strength of network security. What port is typically used to accept administrative connections using the SSH?SSH uses port 22 by default, but you can change this to a different port. To initiate an SSH connection to a remote system, you need the Internet Protocol (IP) address or hostname of the remote server and a valid username. You can connect using a password or a private and public key pair.
Which one of the following tools would be used for network discovery scans?Nmap is a network discovery scanning tool that reports the open ports on a remote system and the firewall status of those ports.
What two techniques are commonly used by port and vulnerability scanners to perform?Port scanning is commonly done during discovery to assess what services the target provides, and nmap is one of the most popular tools used for this purpose. Nessus and Nikto might be used during the vulnerability scanning phase.
Which of the following is not normally included in a security assessment?Security assessments include many types of tests designed to identify vulnerabilities, and the assessment report normally includes recommendations for mitigation. The assessment does not, however, include actual mitigation of those vulnerabilities. You just studied 25 terms!
|