Welcome back! This is our third lesson in Computer Security 101, a series of simple lessons to provide you with a basic overview of the terminology and technology used everyday on the Internet. My hope is that if you understand the acronyms and how things work you will be better able to understand when there is a threat and how to protect your system against that threat.
In Lesson 2 we discussed Protocols, TCP/IP, DHCP and NAT. This lesson will build on the TCP/IP protocol by discussing Ports, TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) and then wrap up with a simple discussion of firewalls.
To start off, ports are like channels for communications. When you sit down to watch TV you have to tune your TV to a specific frequency in order to view the Weather Channel. If you want the Disney Channel you need to change to a different frequency. To view CNN you would need to set your TV to yet another frequency.
Similarly, when surfing the Internet there is a certain port that is used when your computer wants to receive HTTP (Hypertext Transfer Protocol used for viewing HTML or web pages) traffic. To download files you might use FTP (File Transfer Protocol) which would be received on a different port. SMTP (Simple Mail Transfer Protocol used for transmitting email messages) communications would be received on a different port.
There are 65536 ports available for use in TCP or UDP. They are divided into three ranges. The Internet Assigned Numbers Authority (IANA) manages the first 1024 ports (0 – 1023). This range is known as the Well Known Port Numbers and includes standard default ports like HTTP (port 80), FTP (port 21) and SMTP (port 25). These port numbers are reserved and should not be used arbitrarily.
The second range is the Registered Port Numbers which contains ports 1024 through 49151. The Registered Port Numbers can be used by ordinary programs and user processes that are executed by the user. The use of specific port numbers is not carved in stone. These ports are generally used transiently when needed.
The third range is the Dynamic or Private Port Numbers which range from 49152 through 65535. These can be used by applications and processes initiated by the user but it is uncommon. There are known Trojan horse and backdoor programs that use this extreme upper range so some security administrators are leery of traffic in this range.
Computer Security 101: Lesson 3