Insight Into TCP/UDP, Network Vulnerabilities and Defense Approaches

This article provides the network vulnerabilities and defense approaches, with a focus on all the TCP and UDP ports, Port vulnerability, and learn more about Windows, Linux server operation guide. ★ Every organizational network has security Weaknesses in its system and it will be explored by the intruders using tools and techniques. ★ After a discussion of the risks that are associated with TCP/UDP ports, we will present a defense of the network in this article everything from preventing access to the port to protecting the network after it has breached a port. To provide a stable networking environment and deter certain classes of security breaches on your cloud servers/campus network/Office network. Please. Follow the guide to implement a standard firewall system on your servers. ★ Vulnerability Protection provides advanced server security for your cloud/physical servers/PCs. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching on uncertainty. ★ These broad sets of measures will help you maintain the Linux server and helps you to simplify the overall security operations hustle-free. ★ In the computer world, we use a network port as a communication line between two endpoints. At the software level, within an operating system, a port is a logical construct point that singles out a specific process or a network service. We identify ports for each protocol and address combination by using 16-bit unsigned numbers, commonly known as the port number. The most popular protocols that we use in routine life are TCP and UDP. ★ We identify a network port number with an IP address of a host and the protocol used for the communication. This process is well-known as binding and enables the process to send and receive data via the network correctly to the origin and destination. It completes the destination or origination network address of a message. IANA reserved specific port numbers to identify specific services so that a reaching packet could be forwarded to a running service. Internet Assigned Numbers Authority (IANA) functions: (i) Domain Names Management of the DNS Root Zone (assignments of ccTLDs and gTLDs) along with other functions such as the .int and .arpa zones. Root Zone Management Database of Top Level Domains .int Registry .arpa Registry IDN Practices Repository (ii) Number Resources Coordination of the global IP and AS number spaces, such as allocations made to Regional Internet Registries. IP Addresses & AS Numbers Network abuse information (iii) Protocol Assignments The central repository for protocol name and number registries used in many Internet protocols. Protocol Registries Apply for an assignment Time Zone Database ★The IANA is responsible for the global coordination of Internet protocol resources, such as the DNS Root, IP addressing, and the registration of commonly used port numbers for well-known Internet services. It divides the port numbers into three areas: Well-Known Ports: 0 through 1023 Registered Ports: 1024 through 49151 Dynamic (Private Ports): 49152 through 65535 ★ Well-Known and Registered we should not use ports without IANA registration. To register for a port and services. Please, refer to this weblink for more information. ★ This are used to register user-specific port numbers and service names in the IANA council. To get to know more about the detailed instructions on how to fill out the applications of this form, please read the procedures document . Service Name and Transport Protocol Port Number Registry form (RFC 6335) — — — — — — MASTER CHART OF TCP/UDP PORTS — — — — ★I have designed a master chart of TCP/UDP ports with several categorizations to identify the ports effectively and efficiently. Well Know Port Numbers and its vulnerabilities The ports in this table are used with protocols that transfer files. File Transfer Ports: The ports in this table are used with email related protocols. Email Ports: The ports in this table are associated with protocols used to connect to remote computers for various purposes. Remote Access Ports: The ports in this table don’t fit neatly in any of the other categories but are still relevant. Miscellaneous Ports: Firewall Operation Guide Follow the guide to implement a standard firewall system on your servers. How to Close Unused Open Ports: TCP and UDP Ports : Open ports allow hackers to: ✓ Unused services tend to be left with default configurations, which are not always secure, or maybe using default passwords.which leads to an attack. Close unused service: ✓ : Unused services tend to be forgotten, which means that they not get updated. Old versions of software tend to be full of known vulnerabilities. Exploit old versions ✓ Some services give an attacker easy access to certain information, they can perform N number of techniques on the operating system. Gain Access: How to identify the processes the process which keep ports open ? ✓ Windows OS : 7/8/10 For Windows operating systems, you can use netstat command, which is included with the OS by default. open command prompt. Run the command: netstat -ano. This will list all the network connections running,listening,established connections on the machine. The last column indicates the process id of the process for the specific network connection. To filter this down using the ‘find’ command. For Instance:if you only want to list the network connections on port 5555, use: type: netstat -ano | find “:5555” Now, that you have identified the process and service that is responding to requests on the specific port or any unsed ports, you would need to confirm that the service is not required or in usage. If you proceed to either configuring the application to stop listening, or stop the service from Windows Services, and marking the service as disabled. The given below screenshot indicates the information for the example. ✓ Linux OS: Red Hat Linux, CentOS, Fedora, openSUSE, Mandrake Linux etc.., open the Terminal. Run the command: . This will list all the network connections running,listening,established connections on the machine. The last column indicates the process id of the process for the specific network connection. netstat -tulpn To filter this down using the ‘find’ command. For Instance: if you only want to list the network connections on port , use: 3306 type: netstat -tulpn | grep :“3306” Depending upon the familiarity, you can use any of these commands (top, ps, pidof, pgrep) for this purpose. Note: Now, that you have identified the process and service that is responding to requests on the specific port or any unsed ports, you would need to confirm that the service is not required or in usage. If you proceed to either configuring the application to stop listening, or stop the service from Linux Services, and marking the service as disabled. The given below screenshot indicates the information for the example. In order to stop daemons in Debian-flavoured Linux distributions, use the following commands to stop any daemons on the server. Ubuntu: service mysqld stop or /etc/init.d/mysqld stop Or To kill the particular process by using the fork command. Find (and ) all listening on a . Killing by the process ID is useful when you want to kill only a specific process. On the other hand, killing by the process name is useful when you want to kill all running instances of a particular program. To get to know more about the kill singal process information.Please, refer kill processes port http://manpages.ubuntu.com/manpages/xenial/man2/kill.2.html pkill - INT process-name sudo kill - 9 PID ✓ You stop a service with the command. Centos: systemctl stop systemctl stop httpd You can also kill a particular process that has been running for a certain period of time on the server with the command -o and -y flags. So, if you want to kill a process that has been running for more than 30 minutes and less than 30 minutes. Eg: killall -o 30m mysql Eg: killall -y 30m mysql more than 30 minutes: Killall -o 30m less than 30 minutes: Killall -y 30m Abbreviations: Time period s-seconds m-minutes h-hours d-days w-weeks M-months y-years — — — — — — — — Firewall Operations: Centos 6/7 — — — — — — — Firewall Operations: List services 1. List current services: You can check the current running services by specifying the “ — list-services” option in the command. firewall-cmd --list-services --zone = publicdhcpv6 -client https Firewall Operations: Add services 2. Add service: To add a service by specifying the “ — add-service” option. firewall-cmd --add-service = https --zone = public --permanent 3.Delete Service: firewall-cmd --add-service = https --zone = public --permanent Firewall Operations: List Ports 1. List ports: You can check the current running ports by specifying the “ — list-ports” option in the command. firewall-cmd --list-ports --zone = public Firewall Operations: ADD port Number 2. Add Port Number: firewall-cmd --add-port = 5555 / tcp --zone = public Firewall Operations: ADD port Numbers 3.Delete Port Number: firewall-cmd --remove-port = 5555 / tcp --zone = public or firewall-cmd --reload firewall-cmd --zone=public --permanent --remove-port= 5555 /tcp — — — — — — — — - Firewall Operations: Ubuntu — — — — — — — 1. Firewall Operations: List services Sudo ufw status Firewall Operations: Add services 2. Add service: To add a service by specifying the “ — add-service” option. sudo ufw allow http Firewall Operations: ADD port Number sudo ufw allow 80 /tcp There are to delete UFW rules, by rule number and another one by specifying the actual rule code. two different ways Method one: sudo ufw status numbered To delete a particular rule number, specific the rule number that allows connections port to use 45009, that is #119. Use the following command to delete the port/service together. sudo ufw delete 119 To delete a rule by specifying the actual rule code. Method Two: sudo ufw delete allow 45009 Disable Firewall: If for any reason you want to stop UFW and deactivate all the rules you can use: sudo ufw disable Enable Firewall: sudo ufw enable (Back to default settings) Reset Firewall: Be aware, Resetting UFW will disable UFW, and also delete all active rules. sudo ufw reset Quote of the day: “ English Proverb Into every life a little rain must fall” — Explanation: English Proverb appreciation We all wish for only the good days, but to appreciate the good day , we also need more difficult ones. The bad times teach us lessons, help us grow, and as stated gives us an for the good times. Always remember that the rain does stop and the sun does shine again. Thanks for reading! Have a pleasant day! Also published at https://medium.com/@gtmars/types-of-tcp-udp-protocol-services-protocol-master-chart-and-windows-linux-ubuntu-centos-server-429b6597a1fa