Networking Fundamentals for Aspiring Cybersecurity Professionals - Part 2: Network Protocols and Ports

 



Part 2: Understanding Protocols, Ports, and Security Risks

In the world of cybersecurity, networking knowledge is non-negotiable. It's the backbone of how systems communicate, how data flows, and how attackers exploit vulnerabilities. Whether you're aiming to become a SOC analyst, penetration tester, or security engineer, a solid understanding of core networking protocols and services is essential. Let’s explore the foundational components: HTTP, DNS, SMTP, FTP, Telnet, and common port numbers—along with their use cases and associated security concerns.


CyberDefenders | Need Cybersecurity experience?


1. HTTP (HyperText Transfer Protocol)

  • Purpose: Used for transferring web content such as HTML pages between browsers and web servers.

  • Port: 80 (HTTP), 443 (HTTPS – secured)

  • Usage: Every time you browse a website (e.g., http://example.com), your browser initiates an HTTP request to retrieve data from a web server.

  • Security Issues:

    • HTTP transmits data in plaintext, making it vulnerable to man-in-the-middle (MITM) attacks.

    • HTTPS is the secure version, using SSL/TLS encryption to protect data in transit.

2. DNS (Domain Name System)

  • Purpose: Translates human-readable domain names (like google.com) into IP addresses that computers use to locate each other.

  • Port: 53 (UDP/TCP)

  • Usage: When you type a website name, your computer sends a DNS query to resolve the domain to its corresponding IP.

  • Security Issues:

    • DNS Spoofing/Poisoning: Attackers manipulate DNS responses to redirect users to malicious sites.

    • Use DNSSEC (Domain Name System Security Extensions) to help authenticate responses.



3. SMTP (Simple Mail Transfer Protocol)

  • Purpose: Sends and routes outgoing emails between servers.

  • Ports:

    • 25 (default, often blocked due to spam)

    • 587 (used for secure email submission)

    • 465 (deprecated, but still used for SSL)

  • Usage: When you send an email, your client uses SMTP to deliver it to the recipient's mail server.

  • Security Issues:

    • SMTP was not designed with security in mind.

    • Susceptible to email spoofing and spam unless enhanced with SPF, DKIM, and DMARC.

    • Use TLS encryption to protect email in transit.


Talkio | Practice Language with AI


4. FTP (File Transfer Protocol)

  • Purpose: Used to transfer files between computers on a network.

  • Ports:

    • 21 (command)

    • 20 (data, active mode)

  • Usage: Common in web hosting environments and internal file sharing systems.

  • Security Issues:

    • FTP is unencrypted, exposing login credentials and data.

    • Prefer SFTP (SSH File Transfer Protocol) or FTPS (FTP Secure) for encrypted file transfers.


5. Telnet

  • Purpose: Provides command-line access to remote devices.

  • Port: 23

  • Usage: Historically used for remotely managing routers, switches, and servers.

  • Security Issues:

    • Highly insecure – all communication, including passwords, is sent in plaintext.

    • Replaced by SSH (Secure Shell) on port 22, which encrypts the session.


6. Common Networking Ports and Their Uses

ProtocolPortDescription
HTTP80Web browsing (insecure)
HTTPS443Web browsing (secure)
FTP20/21File transfer (insecure)
SFTP22Secure file transfer
Telnet23Remote login (insecure)
SSH22Secure remote login
SMTP25/587Email sending
DNS53Domain name resolution

Understanding port numbers is crucial for firewall rules, vulnerability scans, and intrusion detection.



Temu | Tap here to earn more



Why This Matters in Cybersecurity

Attackers often exploit insecure protocols, misconfigured services, or open ports. For example:

  • An open FTP port with anonymous access can expose sensitive files.

  • A Telnet-enabled router can be hijacked in seconds.

  • Improperly secured SMTP servers can be used to send spam or phishing emails.

As a cybersecurity professional, your job will include identifying these vulnerabilities, hardening configurations, and monitoring traffic for anomalies.


Conclusion

Networking isn’t just for network engineers—it's critical knowledge for anyone in cybersecurity. Start by mastering how protocols work, what ports they use, and their security implications. This foundational understanding will help you interpret logs, analyze traffic, defend networks, and investigate incidents with clarity and confidence.

🛡️ Pro Tip: Practice using tools like Wireshark, Nmap, and Netcat to observe how these protocols behave in real time.

Stay curious, stay secure.


Comments

Post a Comment

Popular posts from this blog

Security Analyst Training - Networking Fundamentals: Part I - OSI Model

Image
  Follow us on Social Media: Tiktok: @wisemoneyai Youtube: @wisermoneyai FB: bit.ly/3BSan4Y Networking Basics: Part I - OSI Model Introduction Understanding how devices communicate over a network is foundational to any career in IT or cybersecurity. One of the core concepts that professionals must master is the OSI (Open Systems Interconnection) Model . This model provides a structured approach to networking by breaking down the communication process into manageable layers. This guide introduces the OSI Model alongside the TCP/IP model, IP addressing, and essential networking commands to equip you with the knowledge needed to analyze and troubleshoot network communications effectively. Learning Objectives Understand the OSI Model and its seven layers Learn the TCP/IP Model Explore IP addresses , subnets, and routing fundamentals Compare TCP vs. UDP , and understand port numbers Learn how to connect to an open TCP port from the command line ⭐️ Get Your ₱2,000 Co...
Read more

Jumpstart to Security Analyst Career

Image
  Introduction Breaking into cybersecurity doesn't have to take years. With focused learning and hands-on practice, aspiring professionals can build the core competencies needed to step into a Security Operations Center (SOC) role in just 30 days. This fast-track roadmap is designed to guide you week-by-week, helping you master the essential tools, techniques, and concepts that SOC analysts use daily—from network protocols and system security to log analysis, threat hunting, and incident response. Whether you're transitioning from IT or starting fresh, this plan provides a structured, intensive path to jumpstart your career in cybersecurity.             Temu: Shop Like a Billionaire Program Details Week 1: Networking Basics: TCP/IP, DNS, HTTP/S Introduction to Networking, Wireshark: Traffic Analysis System Fundamentals: Windows / Linux Security Concepts: MITRE ATT&CK, IOCs, Malware Types Week 2 Splunk Write SPL Queries, Build Dashboards, Set Alert...
Read more

Security Analyst - MITRE ATT&CK Explained

Image
Follow us on Social Media: Tiktok: @wisemoneyai Youtube: @wisermoneyai FB: bit.ly/3BSan4Y Introduction In today’s evolving threat landscape, defending against cyberattacks requires more than just firewalls and antivirus tools—it demands insight into how adversaries operate. The MITRE ATT&CK Matrix offers exactly that: a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It's an essential tool for security professionals seeking to strengthen their defenses by understanding attacker behavior across various stages of the cyber kill chain. Temu: Shop like a Billionaire What is the MITRE ATT&CK Matrix? The MITRE ATT&CK Matrix is a structured framework that categorizes the Tactics, Techniques, and Procedures (TTPs) used by attackers to infiltrate and compromise networks. These categories reflect the different stages of an attack, from initial access to final impact. By breaking down attacks into distinct, observable a...
Read more