WEBVTT

00:01.429 --> 00:05.085
>> Just a few more protocols,
important numbers.

00:05.085 --> 00:07.650
The next protocol
we have is LDAP,

00:07.650 --> 00:10.290
Lightweight Directory
Access Protocol.

00:10.290 --> 00:12.600
This is the database
format or structure

00:12.600 --> 00:13.770
>> for active directory

00:13.770 --> 00:16.694
>> and any sort of directory
services that we use.

00:16.694 --> 00:18.550
>> When you see LDAP,

00:18.550 --> 00:20.524
I want you to think
domain controller,

00:20.524 --> 00:22.190
if you're a Windows person,

00:22.190 --> 00:25.945
or a more general term,
authentication server.

00:25.945 --> 00:27.860
LDAP is the protocol

00:27.860 --> 00:30.200
>> that allows the
structuring of organizations

00:30.200 --> 00:33.529
>> and you can see that it's
a hierarchical structure.

00:33.529 --> 00:36.705
>> At the top, we have a
root, children and leaps.

00:36.705 --> 00:38.375
In windows at the top,

00:38.375 --> 00:40.370
you have the root,
down to domains,

00:40.370 --> 00:42.035
down to organizational units,

00:42.035 --> 00:44.210
then down to groups and users.

00:44.210 --> 00:46.670
But at any rate, it's
a structuring of R

00:46.670 --> 00:47.720
>> and network environment

00:47.720 --> 00:50.210
>> that makes it very easy
to access information

00:50.210 --> 00:51.950
>> and to retrieve information

00:51.950 --> 00:54.114
>> and to organize our network.

00:54.114 --> 01:01.680
>> LDAP uses port 389 or a
secure LDAP uses port 636.

01:02.370 --> 01:06.670
Mentioned a few minutes
ago that HTTP is insecure.

01:06.670 --> 01:07.600
What do we do?

01:07.600 --> 01:11.559
>> We can use SSL and
TLS to provide security.

01:11.559 --> 01:15.260
>> SSL and TLS uses port 443.

01:15.260 --> 01:17.235
These are not the same protocol.

01:17.235 --> 01:19.890
SSL and TLS are two
different protocols

01:19.890 --> 01:22.330
>> but they do both use 443

01:22.330 --> 01:26.420
>> and a lot of ways they
operate in a similar fashion.

01:27.919 --> 01:30.310
>> RADIUS stands for Remote

01:30.310 --> 01:33.395
Authentication Dial-In
User Services.

01:33.395 --> 01:34.780
We actually talked about

01:34.780 --> 01:37.430
this same idea back
with TACACS Plus.

01:37.430 --> 01:40.630
What RADIUS does is allow
a centralized location to

01:40.630 --> 01:44.450
configure policies and rules
of remote access clients.

01:44.450 --> 01:47.495
For instance, when we say
remote access clients,

01:47.495 --> 01:49.880
we're talking about clients
that access the network

01:49.880 --> 01:52.795
without being physically
plugged into the network.

01:52.795 --> 01:55.050
Wi-Fi clients style up,

01:55.050 --> 01:57.740
which I know we scoff at
dial-up because we don't think

01:57.740 --> 02:00.545
of dusting off our modems
to connect to our networks.

02:00.545 --> 02:03.625
But dial-up still exist in
particular environments.

02:03.625 --> 02:05.510
Plus we have to keep
in mind that not

02:05.510 --> 02:07.985
everywhere has
high-speed access.

02:07.985 --> 02:11.870
Remote access services and
dial-up are still around.

02:11.870 --> 02:14.030
We also think about VPN clients

02:14.030 --> 02:16.474
connecting to VPN servers.

02:16.474 --> 02:19.535
Over on the left where
you see supplicants,

02:19.535 --> 02:22.685
supplicant is the device that
initiates the connection.

02:22.685 --> 02:24.560
It's the remote
device that wants to

02:24.560 --> 02:26.735
connect to the
local area network.

02:26.735 --> 02:28.820
Traditionally, the
supplicants have to

02:28.820 --> 02:31.745
connect to two devices
called authenticators.

02:31.745 --> 02:34.870
My Wi-Fi device connects
to an access point,

02:34.870 --> 02:38.320
my dial-up client connects
to a remote access server,

02:38.320 --> 02:42.145
my VPN client to a VPN
server and traditionally,

02:42.145 --> 02:44.150
what has happened is
the policy decisions

02:44.150 --> 02:47.544
>> were configured and made
on these authenticators.

02:47.544 --> 02:49.640
>> What I mean by that is

02:49.640 --> 02:51.859
>> if I want to set up
very strict requirements

02:51.859 --> 02:55.220
>> for who can access the
network wirelessly, what time,

02:55.220 --> 02:56.314
what type of connection,

02:56.314 --> 02:59.035
what location, or any
set of requirements,

02:59.035 --> 03:01.550
what I would have to do is
go to those access points

03:01.550 --> 03:03.949
>> and configure the
rules, the policies.

03:03.949 --> 03:06.755
>> Same thing if I have
multiple dial-up servers

03:06.755 --> 03:08.555
or remote access servers,

03:08.555 --> 03:10.400
I'd have to configure policy on

03:10.400 --> 03:13.599
>> each of those servers,
same thing with VPN.

03:13.599 --> 03:16.400
>> What I have is a really
distributed environment

03:16.400 --> 03:17.630
where I would have
to walk around

03:17.630 --> 03:21.760
from access point to access
point and configure policy.

03:21.760 --> 03:25.220
Or instead, I can configure
those devices with

03:25.220 --> 03:28.220
authenticators to forward
the authentication requests

03:28.220 --> 03:29.615
to a RADIUS server.

03:29.615 --> 03:32.840
I would configure policy
just on that RADIUS server,

03:32.840 --> 03:35.590
that's exactly what
TACACS Plus was for.

03:35.590 --> 03:39.080
There's also a protocol that's
similar called diameter.

03:39.080 --> 03:40.895
Diameter never really took off,

03:40.895 --> 03:42.860
but it's purpose was
to replace RADIUS

03:42.860 --> 03:45.695
as diameter as twice the RADIUS.

03:45.695 --> 03:48.620
RADIUS is all about
central authentication for

03:48.620 --> 03:53.165
remote access services and
it uses port 1812 and 1813,

03:53.165 --> 03:56.730
and it works very
comparably to TACACS Plus.

03:56.920 --> 04:00.895
Remote Desktop Protocol, RDP.

04:00.895 --> 04:02.900
This is a very
dangerous protocol

04:02.900 --> 04:04.580
from a security perspective

04:04.580 --> 04:06.290
because what RDP allows you

04:06.290 --> 04:08.944
>> to do is access
another user's system.

04:08.944 --> 04:10.700
>> You can perform operations

04:10.700 --> 04:13.279
>> just as if you're sitting
in front of that system.

04:13.279 --> 04:15.605
>> In some ways,
that's very helpful.

04:15.605 --> 04:17.090
Because if you need help doing

04:17.090 --> 04:18.620
some administrative type task

04:18.620 --> 04:20.270
and you don't know
how to add a printer,

04:20.270 --> 04:22.595
then I can RDP into your system,

04:22.595 --> 04:24.500
you can watch me add
a printer and that'll

04:24.500 --> 04:26.890
make it easier for
you next time.

04:26.890 --> 04:29.720
But of course, with
any remote access,

04:29.720 --> 04:31.475
you got to be very careful,

04:31.475 --> 04:34.535
cautious, and limited
where we allow RDP.

04:34.535 --> 04:37.280
I can't think of a lot of
reasons that I'm going to allow

04:37.280 --> 04:40.820
unfettered RDP access from
outside the network in,

04:40.820 --> 04:42.665
probably not a good idea.

04:42.665 --> 04:47.070
RDP uses port 3389.

04:47.590 --> 04:50.300
Now, I'm not going to
tell you these are

04:50.300 --> 04:52.730
all the port numbers you
could conceivably see.

04:52.730 --> 04:54.440
But if I were studying for

04:54.440 --> 04:56.060
this exam and for
those of you who are

04:56.060 --> 04:57.470
coming down the line and looking

04:57.470 --> 04:59.525
forward to the
security plus exam,

04:59.525 --> 05:02.110
these are the protocols
that I'd be sure to know.

05:02.110 --> 05:04.685
Have a brief understanding
that this level,

05:04.685 --> 05:06.380
you don't need to be
in depth with any of

05:06.380 --> 05:09.590
these particles but I would
encourage you as we continue,

05:09.590 --> 05:11.135
you'll want to go a bit deeper

05:11.135 --> 05:13.490
and we'll cover those
throughout the class.

05:13.490 --> 05:15.800
Now, in these key takeaways,

05:15.800 --> 05:18.380
there are few protocols
that we have not discussed.

05:18.380 --> 05:20.300
I request that you
focus on the ones we've

05:20.300 --> 05:22.250
covered as far as
understanding them in

05:22.250 --> 05:24.110
more depth but it doesn't hurt

05:24.110 --> 05:27.060
to know one or two
additional protocols.

05:27.470 --> 05:30.290
There's one here for NetBIOS

05:30.290 --> 05:32.360
and Network News
Transfer Protocol.

05:32.360 --> 05:34.430
The best way to
memorize these ports

05:34.430 --> 05:36.170
>> is to get a
deck of flashcards

05:36.170 --> 05:40.074
>> and put HTTP on the front
and on the back port 80.

05:40.074 --> 05:41.730
>> If we take the
time to do that,

05:41.730 --> 05:42.920
then I think you'll find that

05:42.920 --> 05:44.900
>> you can memorize the
ports fairly quickly

05:44.900 --> 05:47.700
>> and it won't be
too challenging.

05:47.919 --> 05:50.930
>> Like I said, these
little wrap-up ports

05:50.930 --> 05:52.099
>> give you a couple more,

05:52.099 --> 05:53.720
>> but I would focus
on the port numbers

05:53.720 --> 05:54.694
>> that I've given you.

05:54.694 --> 05:56.705
>> With this being one
of those lists that

05:56.705 --> 05:59.180
out of everything that I
could possibly throw at you,

05:59.180 --> 06:01.220
one of these port
numbers could pop up,

06:01.220 --> 06:04.980
but please focus on the
ones that I've provided.