WEBVTT

00:02.509 --> 00:05.700
>> Let's take a look at some
of these protocols that

00:05.700 --> 00:08.625
are a part of the TCP/IP suite.

00:08.625 --> 00:10.740
The first one we'll
take a look at is

00:10.740 --> 00:13.485
FTP, File Transfer Protocol.

00:13.485 --> 00:16.215
This is for uploading
and downloading files.

00:16.215 --> 00:17.640
A few things mentioned,

00:17.640 --> 00:19.965
first there's a reference
to the port numbers,

00:19.965 --> 00:21.210
port 20 and 21.

00:21.210 --> 00:22.740
We have to know those.

00:22.740 --> 00:25.980
I also mentioned a
specific fact about FTP.

00:25.980 --> 00:28.650
It's not secure.
Credentials traverse

00:28.650 --> 00:29.970
the network in plain text.

00:29.970 --> 00:31.380
So that's always going to be

00:31.380 --> 00:33.720
a problem when you think
about network security.

00:33.720 --> 00:35.310
We don't ever want passwords

00:35.310 --> 00:36.750
on the network in plain sight.

00:36.750 --> 00:39.690
We really need to focus
on securing the FTP,

00:39.690 --> 00:41.950
which is coming up on the slide.

00:42.100 --> 00:44.750
One of the tools
that we can use to

00:44.750 --> 00:48.305
secure FTP is a
protocol called SSH.

00:48.305 --> 00:50.675
SSH is Secure Shell.

00:50.675 --> 00:52.880
Secure Shell is
going to provide us

00:52.880 --> 00:55.495
security over an
unsecured network.

00:55.495 --> 00:59.060
Secure Shell uses TCP port 22,

00:59.060 --> 01:00.920
and this was designed
to replace some of

01:00.920 --> 01:02.750
the remote administration
protocols,

01:02.750 --> 01:04.730
like Telnet and FTP,

01:04.730 --> 01:06.320
or if you work with Unix,

01:06.320 --> 01:09.205
their utility is called
the R utilities.

01:09.205 --> 01:11.420
All of those have
traditionally sent

01:11.420 --> 01:14.090
passwords across the
network in plain text.

01:14.090 --> 01:17.525
By using SSH instead
of plain FTP,

01:17.525 --> 01:19.955
you get a more
secure connection.

01:19.955 --> 01:23.685
If you're replacing
FTP with secure FTP,

01:23.685 --> 01:25.960
then that now uses port 22,

01:25.960 --> 01:27.920
also because SSH is really

01:27.920 --> 01:29.360
the protocol that's providing

01:29.360 --> 01:32.179
the transport and the security.

01:32.179 --> 01:36.305
I will also mention that
another protocol SCP,

01:36.305 --> 01:38.210
Secure Copy Protocol,

01:38.210 --> 01:41.555
uses SSH also port 22.

01:41.555 --> 01:43.340
They love to ask questions about

01:43.340 --> 01:44.840
this on the exam because it's

01:44.840 --> 01:47.870
not just SSH that uses port 22,

01:47.870 --> 01:50.630
it's SCP and S/FTP,

01:50.630 --> 01:53.315
which can be something
that's tricky to remember.

01:53.315 --> 01:55.560
Make sure you know these.

01:56.990 --> 01:59.510
Just spoke about Telnet and said

01:59.510 --> 02:01.160
that Telnet is also
another one of

02:01.160 --> 02:02.750
those protocols that transmits

02:02.750 --> 02:05.255
data across the wire
and plain text.

02:05.255 --> 02:07.130
We don't like that.

02:07.130 --> 02:11.800
Telnet instead of telnetting
into a system, we SSH.

02:11.800 --> 02:15.970
Telnet uses TCP port 23.

02:16.550 --> 02:21.440
SMTP, Simple Mail
Transfer Protocol.

02:21.440 --> 02:24.305
You have several
different mail protocols.

02:24.305 --> 02:26.660
What SMTP is for is sending

02:26.660 --> 02:29.230
mail from mail server
to mail server.

02:29.230 --> 02:30.750
When you're talking
about sending

02:30.750 --> 02:32.240
mail from your system up

02:32.240 --> 02:35.395
or from side-to-side,
that's SMTP.

02:35.395 --> 02:37.610
We've got other
protocols that download

02:37.610 --> 02:39.860
our mail for us or allow
us to view our mail,

02:39.860 --> 02:43.310
but when we're talking
about sending, SMTP.

02:43.310 --> 02:45.440
A friend of mine
says to think of it

02:45.440 --> 02:47.590
as send mail to people,

02:47.590 --> 02:49.400
and that's exactly right.

02:49.400 --> 02:51.110
SMTP though really stands for

02:51.110 --> 02:55.290
Simple Mail Transfer
Protocol, port 25.

02:56.660 --> 02:59.360
Another protocol
that we can look at

02:59.360 --> 03:01.340
is really a protocol
and a service.

03:01.340 --> 03:03.470
It's called TACACS Plus.

03:03.470 --> 03:06.035
TACACS Plus is port 49,

03:06.035 --> 03:09.010
and this is a remote
authentication server.

03:09.010 --> 03:11.090
When clients are
trying to access

03:11.090 --> 03:13.265
your network from
a remote location,

03:13.265 --> 03:15.710
maybe they're
connecting in a VPN,

03:15.710 --> 03:17.285
a wireless access point,

03:17.285 --> 03:19.860
even the back in the day
when we used to dial up,

03:19.860 --> 03:21.320
there needed to be a system

03:21.320 --> 03:23.170
where we could
centralize control,

03:23.170 --> 03:25.610
and that system was TACACS Plus.

03:25.610 --> 03:26.990
We'll talk about that more with

03:26.990 --> 03:29.580
remote access in just a bit.

03:30.610 --> 03:33.275
An important service
on the network.

03:33.275 --> 03:36.140
DNS, Domain Name Service,

03:36.140 --> 03:39.125
or you could hear
Domain Naming Service.

03:39.125 --> 03:41.400
You and I like
user-friendly names.

03:41.400 --> 03:43.580
However, for systems to connect,

03:43.580 --> 03:45.395
they need IP addresses.

03:45.395 --> 03:47.570
We have to have some
reference point

03:47.570 --> 03:48.935
that we can go to and say,

03:48.935 --> 03:52.010
"Hey, what's the IP
address for weather.com?"

03:52.010 --> 03:53.875
Or whatever it is
we're looking for.

03:53.875 --> 03:56.205
That's our DNS server.

03:56.205 --> 03:58.310
Our DNS server provides us with

03:58.310 --> 03:59.990
name resolutions that we can

03:59.990 --> 04:02.375
connect to via IP
address to host.

04:02.375 --> 04:05.350
DNS works at port 53.

04:05.350 --> 04:07.230
Now in a little bit,

04:07.230 --> 04:10.025
we'll talk about the DNS
database and how it works.

04:10.025 --> 04:12.050
But for now, remote naming to

04:12.050 --> 04:14.615
IP addresses, to IP addresses,

04:14.615 --> 04:17.615
to user-friendly names,
to IP addresses,

04:17.615 --> 04:20.700
that's DNS port 53.

04:21.920 --> 04:26.310
DHCP, another important
network service.

04:26.310 --> 04:30.640
DHCP provides IP addresses
to clients automatically.

04:30.640 --> 04:32.870
Rather than having
an administrator

04:32.870 --> 04:34.460
walk around from host to host,

04:34.460 --> 04:36.475
IP not and an
assigned IP address,

04:36.475 --> 04:37.965
a client comes online,

04:37.965 --> 04:41.565
pairs the DHCP server
and gets an IP address.

04:41.565 --> 04:43.220
That's very helpful.

04:43.220 --> 04:45.125
One of the things we'll
talk about is how

04:45.125 --> 04:48.190
DHCP works and the
process called DORA,

04:48.190 --> 04:50.595
Discover Offer
Requests Acknowledge.

04:50.595 --> 04:52.485
That's coming up in just a bit.

04:52.485 --> 04:57.550
DHCP operates on port 67 and 68.

04:58.370 --> 05:01.455
Now an alternative to FTP,

05:01.455 --> 05:03.710
we talked about this one
a little bit earlier

05:03.710 --> 05:06.215
when we were at Layer
4 of the OSI model.

05:06.215 --> 05:10.100
We talked about an alternative
to FTP called TFTP,

05:10.100 --> 05:12.640
Trivial File Transfer Protocol.

05:12.640 --> 05:15.620
TFTP is used in some
environments when we're

05:15.620 --> 05:19.040
looking to download operating
systems for devices.

05:19.040 --> 05:21.560
For example, if I'm
doing an operating

05:21.560 --> 05:24.020
system upgrade on a
router or something,

05:24.020 --> 05:25.810
I might use TFTP.

05:25.810 --> 05:29.780
A lot of the times we think
to use FTP or other means.

05:29.780 --> 05:32.990
This is port 69, and
if you'll remember,

05:32.990 --> 05:34.580
the difference of TFP,

05:34.580 --> 05:38.005
it piggybacks on UDP,
which is connectionless.

05:38.005 --> 05:40.685
FTP piggybacks on TCP,

05:40.685 --> 05:42.830
which is connection oriented.

05:42.830 --> 05:44.480
Lots of letters in this class.

05:44.480 --> 05:46.800
[LAUGHTER] I hope
you're keeping up.

05:47.180 --> 05:50.330
HTTP, I think we're all

05:50.330 --> 05:53.770
familiar with web traffic,
Hypertext Transfer Protocol.

05:53.770 --> 05:55.700
This is port 80.

05:55.700 --> 05:57.935
If we're communicating
with web traffic,

05:57.935 --> 05:59.420
we're using port 80.

05:59.420 --> 06:03.000
I'll mention that HTTP is
not secure and in of itself.

06:03.000 --> 06:05.735
We're going to have to add
some security in just a bit.

06:05.735 --> 06:09.480
For now, HTTP is port 80.

06:09.480 --> 06:12.415
POP, Post Office Protocol.

06:12.415 --> 06:15.575
I mentioned to you that
SMTP was for sending mail.

06:15.575 --> 06:18.004
When you're downloading
email to your devices,

06:18.004 --> 06:19.640
you're feeling those devices,

06:19.640 --> 06:21.215
perhaps even on the server.

06:21.215 --> 06:22.880
What we're looking at is using

06:22.880 --> 06:24.564
>> one of the two protocols.

06:24.564 --> 06:28.890
>> POP is very common and
we're on Version 3, POP3.

06:28.890 --> 06:31.055
There's also a
protocol called IMAP,

06:31.055 --> 06:32.700
which will come up
in just a minute,

06:32.700 --> 06:35.570
but that's Internet Mail
Application Protocol.

06:35.570 --> 06:37.990
That would be an
alternative to POP3.

06:37.990 --> 06:41.320
POP3 uses port 110.

06:43.010 --> 06:45.645
Network Time Protocol.

06:45.645 --> 06:48.440
Network Time Protocol is
really important because it

06:48.440 --> 06:51.365
controls the synchronization
of devices on the network.

06:51.365 --> 06:53.060
Many network services,

06:53.060 --> 06:55.910
particularly Kerberos
and several others,

06:55.910 --> 06:58.405
require that our
systems be in sync.

06:58.405 --> 07:00.320
Network Time Protocol is

07:00.320 --> 07:02.630
a service running on your
domain controller that

07:02.630 --> 07:04.160
helps ensure everybody's using

07:04.160 --> 07:06.880
the same time clock and
that we're synchronized.

07:06.880 --> 07:08.910
NTP uses port 1,

07:08.910 --> 07:10.740
2, 3. You know what?

07:10.740 --> 07:12.535
I was going to tell
you guys an NTP joke,

07:12.535 --> 07:13.690
but my time is always off.

07:13.690 --> 07:16.375
[LAUGHTER] I hope
you enjoyed that.

07:16.375 --> 07:19.070
I'll be here all week, folks.

07:19.730 --> 07:23.265
There's our friend IMAP that
we talked about earlier.

07:23.265 --> 07:24.975
An alternative to POP.

07:24.975 --> 07:29.420
Downloads mail from the
server and uses port 143.

07:30.050 --> 07:34.200
SNMP, Simple Network
Management Protocol,

07:34.200 --> 07:36.190
this is a protocol that

07:36.190 --> 07:38.730
allows us to capture
information on our networks,

07:38.730 --> 07:40.600
that way we can monitor
and be aware of

07:40.600 --> 07:43.535
the traffic and the various
events that are going on.

07:43.535 --> 07:47.950
With SNMP, we have three
main elements, an agent,

07:47.950 --> 07:50.720
a central manager, and an MIB,

07:50.720 --> 07:53.600
which is our management
information base.

07:53.600 --> 07:55.310
Our agent is whatever

07:55.310 --> 07:58.555
network devices are
running the SNMP software.

07:58.555 --> 08:00.800
The central manager,
which is ultimately

08:00.800 --> 08:02.180
your management system that's

08:02.180 --> 08:04.055
pulling all the
information together,

08:04.055 --> 08:06.605
and then our management
information base.

08:06.605 --> 08:08.180
All your agents contain

08:08.180 --> 08:10.010
an information
database specific to

08:10.010 --> 08:11.480
the various parameters and

08:11.480 --> 08:13.675
the information that's
being captured.

08:13.675 --> 08:16.160
This is the database
that's used to request

08:16.160 --> 08:18.560
the agent for specific
information and

08:18.560 --> 08:20.690
then make sure that
information is transmitting

08:20.690 --> 08:23.570
it and formatting in such
a way that can be useful.

08:23.570 --> 08:26.585
That's the management
information database.

08:26.585 --> 08:31.440
A Simple Network Management
Protocol uses port 161.