paint-brush
Insight Into TCP/UDP, Network Vulnerabilities and Defense Approachesby@gtmars
3,208 reads
3,208 reads

Insight Into TCP/UDP, Network Vulnerabilities and Defense Approaches

by VicSeptember 19th, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

This article provides the network vulnerabilities and defense approaches, with a focus on all the TCP and UDP ports, Port vulnerability, and learn more about Windows, Linux server operation guide.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Insight Into TCP/UDP, Network Vulnerabilities and Defense Approaches
 Vic HackerNoon profile picture

This article provides the network vulnerabilities and defense approaches, with a focus on all the TCP and UDP ports, Port vulnerability, and learn more about Windows, Linux server operation guide.

★ Every organizational network has security Weaknesses in its system and it will be explored by the intruders using tools and techniques.

★ After a discussion of the risks that are associated with TCP/UDP ports, we will present a defense of the network in this article everything from preventing access to the port to protecting the network after it has breached a port. To provide a stable networking environment and deter certain classes of security breaches on your cloud servers/campus network/Office network. Please. Follow the guide to implement a standard firewall system on your servers.

★ Vulnerability Protection provides advanced server security for your cloud/physical servers/PCs. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching on uncertainty.

★ These broad sets of measures will help you maintain the Linux server and helps you to simplify the overall security operations hustle-free.

★ In the computer world, we use a network port as a communication line between two endpoints. At the software level, within an operating system, a port is a logical construct point that singles out a specific process or a network service. We identify ports for each protocol and address combination by using 16-bit unsigned numbers, commonly known as the port number. The most popular protocols that we use in routine life are TCP and UDP.

★ We identify a network port number with an IP address of a host and the protocol used for the communication. It completes the destination or origination network address of a message. IANA reserved specific port numbers to identify specific services so that a reaching packet could be forwarded to a running service. This process is well-known as binding and enables the process to send and receive data via the network correctly to the origin and destination.

Internet Assigned Numbers Authority (IANA) functions:

(i) Domain Names

Management of the DNS Root Zone (assignments of ccTLDs and gTLDs) along with other functions such as the .int and .arpa zones.

(ii) Number Resources

Coordination of the global IP and AS number spaces, such as allocations made to Regional Internet Registries.

(iii) Protocol Assignments

The central repository for protocol name and number registries used in many Internet protocols.

★The IANA is responsible for the global coordination of Internet protocol resources, such as the DNS Root, IP addressing, and the registration of commonly used port numbers for well-known Internet services. It divides the port numbers into three areas:

  1. Well-Known Ports: 0 through 1023 
  2. Registered Ports: 1024 through 49151 
  3. Dynamic (Private Ports): 49152 through 65535

★ Well-Known and Registered we should not use ports without IANA registration. To register for a port and services. Please, refer to this weblink for more information.

★ This Service Name and Transport Protocol Port Number Registry form are used to register user-specific port numbers and service names in the IANA council. To get to know more about the detailed instructions on how to fill out the applications of this form, please read the procedures document (RFC 6335).

— — — — — — MASTER CHART OF TCP/UDP PORTS — — — —

★I have designed a master chart of TCP/UDP ports with several categorizations to identify the ports effectively and efficiently.

Well Know Port Numbers and its vulnerabilities

File Transfer Ports: The ports in this table are used with protocols that transfer files.

Email Ports: The ports in this table are used with email related protocols.

Remote Access Ports: The ports in this table are associated with protocols used to connect to remote computers for various purposes.

Miscellaneous Ports: The ports in this table don’t fit neatly in any of the other categories but are still relevant.

Firewall Operation Guide

Follow the guide to implement a standard firewall system on your servers.

How to Close Unused Open Ports: TCP and UDP Ports :

Open ports allow hackers to:

Close unused service: Unused services tend to be left with default configurations, which are not always secure, or maybe using default passwords.which leads to an attack.

Exploit old versions: Unused services tend to be forgotten, which means that they not get updated. Old versions of software tend to be full of known vulnerabilities.

Gain Access: Some services give an attacker easy access to certain information, they can perform N number of techniques on the operating system.

How to identify the processes the process which keep ports open ?

Windows OS : 7/8/10

For Windows operating systems, you can use netstat command, which is included with the OS by default.

  1. open command prompt.
  2. Run the command: netstat -ano. This will list all the network connections running,listening,established connections on the machine. The last column indicates the process id of the process for the specific network connection.
  3. To filter this down using the ‘find’ command.
  4. For Instance:if you only want to list the network connections on port 5555, use: type: netstat -ano | find “:5555”

Now, that you have identified the process and service that is responding to requests on the specific port or any unsed ports, you would need to confirm that the service is not required or in usage. If you proceed to either configuring the application to stop listening, or stop the service from Windows Services, and marking the service as disabled.

The given below screenshot indicates the information for the example.

Linux OS: Red Hat Linux, CentOS, Fedora, openSUSE, Mandrake Linux etc..,

  1. open the Terminal.
  2. Run the command:
    netstat -tulpn
    . This will list all the network connections running,listening,established connections on the machine. The last column indicates the process id of the process for the specific network connection.
  3. To filter this down using the ‘find’ command.

For Instance: if you only want to list the network connections on port 3306, use: type:

netstat -tulpn | grep :“3306”

Note: Depending upon the familiarity, you can use any of these commands (top, ps, pidof, pgrep) for this purpose.

Now, that you have identified the process and service that is responding to requests on the specific port or any unsed ports, you would need to confirm that the service is not required or in usage. If you proceed to either configuring the application to stop listening, or stop the service from Linux Services, and marking the service as disabled.

The given below screenshot indicates the information for the example.

In order to stop daemons in Debian-flavoured Linux distributions, use the following commands to stop any daemons on the server.

Ubuntu:

service mysqld stop

or

/etc/init.d/mysqld stop

Or

To kill the particular process by using the fork command. Find (and kill) all processes listening on a port. Killing by the process ID is useful when you want to kill only a specific process. On the other hand, killing by the process name is useful when you want to kill all running instances of a particular program. To get to know more about the kill singal process information.Please, refer http://manpages.ubuntu.com/manpages/xenial/man2/kill.2.html

pkill - INT process-name
sudo kill -9 PID

Centos: You stop a service with the systemctl stop command.

systemctl stop httpd

You can also kill a particular process that has been running for a certain period of time on the server with the command -o and -y flags. So, if you want to kill a process that has been running for more than 30 minutes and less than 30 minutes.

more than 30 minutes: Killall -o 30m <process-name>

Eg: killall -o 30m mysql

less than 30 minutes: Killall -y 30m <process-name>

Eg: killall -y 30m mysql

Abbreviations: Time period

  • s-seconds
  • m-minutes
  • h-hours
  • d-days
  • w-weeks
  • M-months
  • y-years

— — — — — — — — Firewall Operations: Centos 6/7 — — — — — — —

Firewall Operations: List services

1. List current services:

You can check the current running services by specifying the “ — list-services” option in the command.

firewall-cmd --list-services  --zone = publicdhcpv6 -client https

Firewall Operations: Add services

2. Add service:

To add a service by specifying the “ — add-service” option.

firewall-cmd --add-service = https --zone = public --permanent

3.Delete Service:

firewall-cmd --add-service = https --zone = public --permanent

Firewall Operations: List Ports

1. List ports:

You can check the current running ports by specifying the “ — list-ports” option in the command.

firewall-cmd --list-ports  --zone = public

Firewall Operations: ADD port Number

2. Add Port Number:

firewall-cmd --add-port = 5555 / tcp --zone = public

Firewall Operations: ADD port Numbers

3.Delete Port Number:

firewall-cmd --remove-port = 5555 / tcp --zone = public

or

firewall-cmd --zone=public --permanent --remove-port=5555/tcp
firewall-cmd --reload

— — — — — — — — -Firewall Operations: Ubuntu — — — — — — —

1. Firewall Operations: List services

Sudo ufw status

Firewall Operations: Add services

2. Add service:

To add a service by specifying the “ — add-service” option.

sudo ufw allow http

Firewall Operations: ADD port Number

sudo ufw allow 80/tcp

There are two different ways to delete UFW rules, by rule number and another one by specifying the actual rule code.

Method one:

sudo ufw status numbered

To delete a particular rule number, specific the rule number that allows connections port to use 45009, that is #119. Use the following command to delete the port/service together.

sudo ufw delete 119

Method Two: To delete a rule by specifying the actual rule code.

sudo ufw delete allow 45009

Disable Firewall:

If for any reason you want to stop UFW and deactivate all the rules you can use:

sudo ufw disable

Enable Firewall:

sudo ufw enable

Reset Firewall: (Back to default settings)

Be aware, Resetting UFW will disable UFW, and also delete all active rules.

sudo ufw reset

Quote of the day:

Into every life a little rain must fall” — English Proverb

Explanation:

English Proverb We all wish for only the good days, but to appreciate the good day, we also need more difficult ones. The bad times teach us lessons, help us grow, and as stated gives us an appreciation for the good times. Always remember that the rain does stop and the sun does shine again.

Thanks for reading!

Have a pleasant day!

Also published at https://medium.com/@gtmars/types-of-tcp-udp-protocol-services-protocol-master-chart-and-windows-linux-ubuntu-centos-server-429b6597a1fa