TCP

FTP Data
FTP Control
SSH, SCP SFTP
Telnet
SMTP
WINS Replication
TACACS
DNS client to server lookup
SQL TCP client name lookup
DHCP client
DHCP server
TFTP
HTTP, Internet Information Services (IIS)
Kerberos krb5
MTA - X.400 over TCP/IP or X400
POP3
POP3 Post Office Protocol version 3
NNTP
NNTP Network News Transfer Protocol
Client Server Communication
DCOM (SCM uses udp/tcp to dynamically assign ports
for DCOM)
DHCP Manager
Exchange Administrator
RPC
RPC user manager, service manager, port mapper
SQL session mapper
WINS Manager
WINS Registration
DNS Administration
File shares session
NetBIOS
NetBT service sessions
NetBT service sessions
Printer sharing session
SQL session
IMAP
IMAP Internet message access protocol version 4
SNMP Trap
LDAP

UDP

20
21
22
23
25

25
49
53
53
67
68
69
80
88
102
110
110
119
119
135
135
135
135
135
135
135
135
137
139
139
139
139
139
139
139
143
143
162
389

49
53

88

137,138

162
389

NetMeeting Internet Locator Server ILS

FTPS File Transport Protocol Secure (uses SSL)
HTTP-Secure Sockets Layer (SSL)
SSL VPN Secure Sockets Layer virtual private network
Kerberos kpasswd (v5)
UNIX Printing
NetMeeting User Location Service (ULS)
IRC
Kerberos klogin
Kerberos kshell
Macintosh, File Services (AFP/IP)
Content Replication Service
NNTP (SSL)
Membership DPA
Membership MSN
LDAP (SSL)
IMAP (SSL)
POP3 (SSL)
ISPMOD (SBS 2nd tier DNS registration wizard)
SQL session
RPC client fixed port session queries
NetMeeting T.120
NetMeeting H.323 call setup
PPTP Point-to-Point Tunneling Protocol
PPTP control
NetMeeting Audio Call Control
Microsoft Message Queue Server
RADIUS
Kerberos de-multiplexer
RPC client using a fixed port session replication
RDP Remote Desktop Protocol
Terminal Server
Microsoft Chat server to server
Microsoft Chat client to server
Cybercash Credit Gateway
Radius accounting (Routing and Remote Access)
Radius authentication (Routing and Remote Access)
SNMP Simple Network Management Protocol
SQL Named Pipes encryption over other protocols name
lookup
SQL RPC encryption over other protocols name lookup

389
443
443
443
464
515
522
531
543
544
548
560
563
568
569
636
993
995
1234
1433
1500
1503
1720
1723
1723
1731
1801
1812
2053
2500
3389
3389
6665
6667
8000

464

636

1723

1801
1812

3389

1646 or 1813
1645 or 1812
161
137
137

Syslog
WINS NetBios over TCP/IP name service
WINS Proxy
Browsing requests of NetBIOS over TCP/IP
Client/Server Communication
File shares name lookup
ICMP
IKE (For more information, see Table C.4)
ISAKMP (VPN) Internet Security Association and Key
Management Protocol (virtual private network)
L2TP
L2TP Layer 2 Tunneling Protocol
NetBT datagrams
NetBT name lookups
NetLogon
Network Load Balancing
Printer sharing name lookup

514
137
137
137
137
7
500
500
1701
1701
138
137
138
2504
137

DoS
DDos
SYN Flood
Ping Flood/scan

Denial of Service
Distributed DoS
Syn = first packet sent to a server

ARP Poisoning

an attack that convinces the network that the attacker's MAC address is the one a

Overload a server.Overwhelm Sessions on a server

the network that the attacker's MAC address is the one associated with an allowed address so that traffic is wron

Can be counter with Flood Guards

allowed address so that traffic is wrongly sent to the attacker's machine

EAP
Radius
NAC
PNAC
802.1d
Cluster
802.1x
WIDS
MAC
MAC
TKIP
WEP
WPA
CCMP
ARP
RBAC
Rule-BAC

BCP
AUP
Border Gateway Protocol (BGP)
BIA
Business continuity planning (BCP)
Certificate authority (CA)
Common Access Card (CAC)
Common Criteria (CC)

Extensible Authenticaion Protocol

Remote Authentication Dial in User service
Network Access Contol
Port Based Network AccessControl
Loop Protection, Spanning tree protocol
Multiple Physical Servers
Unified Threat Management. Web Secuirty Gateway
PNAC. Disable/enable physical ports(not TCP/UDP), check for MAC Spoofing. Supplicant --> Authentic
Wireless Intrusion Detection System
Media Access Controll. MAC address
Message Authentication Code
Temporal Key Intergrity Protocol

Counter Mode Cipher Block Chaining Messauge Authentication code Protocol

Address resolution Protocol
Role based access control
Rule base Access control
See business continuity planning (BCP).
See acceptable use policy (AUP).
An ISP protocol that allows routers to share information about routes with each other.

Business impact analysis (BIA)

A process of implementing policies, controls, and procedures to counteract effects of losses, outages, or failur
An issuer of digital certificates (which are then used for digital signatures or key pairs).
A standard identification card used by the Department of Defense (DoD) and other employers. It is used for a
A document of specifications detailing security evaluation methods for IT products and systems.

Dynamically reroute traffic by reconfiguring root port Destination Port and blocked ports.

Think of Access control list on a firewall.

ocked ports.

The process of evaluating all critical systems in an organization to define impact and recovery plans.

e impact and recovery plans.

`
IDEA
RC4
BlowFish
Two Fish
DES

Type
Symmetric Encryption
Symmetric Encryption
Symmetric Encryption
Symmetric Encryption
Symmetric Encryption

Algorithm
Stream Cipher
Block cipher

3DES

Symmetric Encryption

Block cipher

AES

Symmetric Encryption

Rijndael Block cipher

RC5

Symmetric Encryption

RSA Block mode cipher

RSA

Asymmetric Encryption

Key transport

Diffie-Hellman

Asymmetric Encryption

Key exchange

El Gamal

Asymmetric Encryption

Key exchange

MD5

Hash (Digest)

Rivest MD5 Block Hash

MD6

Hash

Merkle Tree structure

SHA-1

Hash

Rivest SHA Hash

SHA-2 (SHA256)

Hash

SHA-2 (SHA512)

Hash

SHA-3

Hash

Keccak

HMAC
RIPE-MD
HMAC-MD5
HMAC-SHA1

Hash
Hash
Hash
Hash

Keyed Digest

Block cipher

Size

Strength

Replaced By

64 bit
64 bit (56 + 8 parity)

Very weak

3DES

192 bit (168 bit + 24 parity)

Moderate

AES

Variable (128, 192, 256)

Strong

N/A

Variable (up to 2048)

Very Strong

N/A

512

Strong

N/A

N/A

Moderate

El Gamal

N/A

Very Strong

N/A

512 bit block processing/ 128 bit digest

weak, suffers
MD6, et. Al.
colisions

0 to 512 bit variable digest

512-bit processing/160 bit digest

weak

256 bit digest

Very Strong

512 bit digest

Very Strong

arbitrary digest size

Very Strong

Variable
160 bit

Very Strong

SHA-2, SHA-3

N/A

Use
Streamed data, e.g. video
Faster than AES - source: Darril Gibson
no longer used
used in older applications, phased out
used practically everywhere

file integrity

in development

file integrity, SSL (being phased out)

SSL, LUKS, VeraCrypt
SSL, LUKS, VeraCrypt

WHERE THINGS SIT IN OSI MODEL

Switch
Router
Firewall

Layer 2
Layer 3
Layer 3 ~ Layer 7