Page 378 - StudyBook.pdf
P. 378
362 Chapter 6 • Infrastructure Security: Devices and Media
by connecting to a specific port on a remote computer. By denying access to these
external ports in the firewall configuration, Security+ technicians can prevent these
malicious programs from compromising their internal network.
The Security+ exam extensively covers ports and how they should come into
play in a firewall configuration.The first thing to know is that out of 65,535 ports,
ports 0 through 1023 are considered well-known ports.These ports are used for spe-
cific network services and should be considered the only ports allowed to transmit
traffic through a firewall. Ports outside the range of 0 through 1023 are either regis-
tered ports or dynamic/private ports.
■ User ports range from 1024 through 49,151
■ Dynamic/private ports range from 49,152 through 65,535
If there are no specialty applications communicating with a network, any con-
nection attempt to a port outside the well-known ports range should be considered
suspect.While there are some network applications that work outside of this range
that may need to go through a firewall, they should be considered the exception
and not the rule.With this in mind, ports 0 through 1023 still should not be
enabled. Many of these ports also offer vulnerabilities; therefore, it is best to con-
tinue with the best practice of denying by default and only opening the ports nec-
essary for specific needs.
For a complete list of assigned ports, visit the Internet Assigned Numbers
Authority (IANA) at www.iana.net.The direct link to their list of ports is at
www.iana.org/assignments/port-numbers.The IANA is the centralized organiza-
tion responsible for assigning IP addresses and ports.They are also the authoritative
source for which ports applications are authorized to use for the services the appli-
cations are providing.
www.syngress.com
