Network Port Security

Thread Starter

Parth786

Joined Jun 19, 2017
642
I'm not computer networking expert, I have little bit knowledge of switches routers towers and about computer's. I am curious to know about port security in networking. I did a little research for port networking. I found out two things open port and close port. I saw that the port is open, Then it is dangerous for the computer user. it is bad to have open ports on your computer networking. We should always keep the port close

I am reading this but I don't understand practically what is port in networking and what happen If port open, then why is it dangerous ?
 

spinnaker

Joined Oct 29, 2009
7,835
When you open a port hole on a ship, what can be done from the outside to the inside? If the port hole is locked closed what happens?
 

BR-549

Joined Sep 22, 2013
4,938
Your internet connection is like a party line. Have you heard of a party line?

There is an open port on your computer for each party. These parties or computer services/programs send packets back and forth to the proper internet addresses.

Some of these services download and execute code......such as updates or streaming video.

A virus or malicious code could open a port and download or upload anything. Without you knowing it.

Even a good program with a secure port can be fooled and believe who it is talking too.

" netstat -ab " in an administrative command prompt(windows 10 and probably many more versions) will show you your open ports. Wait for full response.
 

BR-549

Joined Sep 22, 2013
4,938
I can remember catching my aunt listening to the gossip on a party line. She bribed me with cookies to keep quiet. I was corrupted early.
 

spinnaker

Joined Oct 29, 2009
7,835
I can remember catching my aunt listening to the gossip on a party line. She bribed me with cookies to keep quiet. I was corrupted early.

My aunt also had a party line. Never caught her listening in.

In my old town home, I had everone's phone line running through my house, tapped out on a ternminal block for whatever reason. I found out when trying to hook up an extra line in my house us \ing my homemade "butt" phone.
 

Thread Starter

Parth786

Joined Jun 19, 2017
642
I would like to understand two things What is port in term's of hardware and programming

I am explaining my doubt with example. When I visit site of ACC So what happens is that my computer send request by typing url of ACC to the server of the ACC. Then the server displays the page that I want. This is a process in which the computer, switch, routes, server, internet, web browser are involved

Now you can tell in this process what is the port ?

I run this command and see this window. this is not complete just showing you some lines
C:\WINDOWS\system32>netstat -ab

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:190 DESKTOP-N84TTCT:0 LISTENING
[httpd.exe]
TCP 0.0.0.0:157 DESKTOP-N48TTCT:0 LISTENING
RpcSs
[svchost.exe]
 

nsaspook

Joined Aug 27, 2009
8,648
The most dangerous open port on your computer is the one behind your eyes. More 'secure' computers have been hacked because of social engineering than government agents using networks. Network port security is important but don't forget about human hacking,we’re all vulnerable .
 

eetech00

Joined Jun 8, 2013
2,568
I would like to understand two things What is port in term's of hardware and programming

I am explaining my doubt with example. When I visit site of ACC So what happens is that my computer send request by typing url of ACC to the server of the ACC. Then the server displays the page that I want. This is a process in which the computer, switch, routes, server, internet, web browser are involved

Now you can tell in this process what is the port ?

I run this command and see this window. this is not complete just showing you some lines
Hi

Port security is meant to mean the actions one takes to secure (or protect) access to a port.

A port is a "communication endpoint". Using the phone analogy, each person at each end of a phone call is a communication end point.
If each person is uses a predefined "protocol", both persons are always listening and only one person speaks at a time. In the case of computers, when a network service is launched, it creates a communications endpoint or a "port", it is assigned a number by the OS usually below 1023,.and begins listening ("opens" the port) using the assigned number. If we use your web example, the open port number listening at AAC is 80. After you type the AAC URL in your computers browser and hit "enter", a message request is sent to the IP address and port number 80, of the AAC web service. The web service receives the request and replies by sending a HTTP response representing the AAC web page.

Now, the "security" part of this are the steps the AAC website administrator took to prevent the service from responding to a request that is purposely malformed, or otherwise formatted, to cause the service to respond in a way that compromises the security of the AAC Web server.
This security can be done a number of ways, and might include configuring the host firewall to accept only strictly formatted HTTP requests.

So, you can see from the above that port security does not mean turning off ports. Ports do not turn themselves on, they are created by the OS when a network service is launched. The way to prevent a port from opening is to prevent a network service from running in the first place.
Disabling all unnecessary network services is part of "Host hardening" but that's a whole other subject.

BTW-
When you run "netstat -an" the port number is the number to the right of the colon in the output. For example:

104.122.126.111:80<----port 80
104.122.126.111:443<----port 443

Hope that helps....

eT
 
Last edited:

Thread Starter

Parth786

Joined Jun 19, 2017
642
The most dangerous open port on your computer is the one behind your eyes. More 'secure' computers have been hacked because of social engineering than government agents using networks. Network port security is important but don't forget about human hacking,we’re all vulnerable .
Yes, I understand that if there is any open port, it is a dangerous, any one can hack your System

I have read it network port is a number that identifies one side of a connection between two computerscomputer's have port numbers to handle incoming and outgoing connections. A port number is a 16-bit unsigned integer that ranges from 0 to 65535

I found below examples when I was searching on the internet

Example : When a user requests a website from their web browser, they're communicating over port 80 for HTTP, so the data is then sent back over that same port and displayed within the program that supports that port (the web browser).

Note : @eetech00 When I was typing message message, during that time you posted your reply your answer is a great and its helping me to understand some basic but still there are some thing which is unclear for me
.
 
Last edited:

eetech00

Joined Jun 8, 2013
2,568
Example : When a user requests a website from their web browser, they're communicating over port 80 for HTTP, so the data is then sent back over that same port and displayed within the program that supports that port (the web browser).
.
Well...almost...;)

Your computer uses its own port number, assigned above port number 1023, to communicate to the web server.
So when the web server send back its reply, it will be destined for a port number above 1023.

eT
 

Thread Starter

Parth786

Joined Jun 19, 2017
642
I am taking simple example so that i can do and see the practical result

I have computer and raspberry board both are connected with same wifi router. I am running web server on raspberry. I have created web page with html and any programming(java,php, python). Web page is hosting my web site. Raspberry pi working as server and computer working as client so if any computer connected in same network can access my website

Now can tell me what can I do to understand the open ports and close ports in my example?.
 

eetech00

Joined Jun 8, 2013
2,568
I am taking simple example so that i can do and see the practical result

I have computer and raspberry board both are connected with same wifi router. I am running web server on raspberry. I have created web page with html and any programming(java,php, python). Web page is hosting my web site. Raspberry pi working as server and computer working as client so if any computer connected in same network can access my website

Now can tell me what can I do to understand the open ports and close ports in my example?.
Hi

You can view the port status on either system by using the "netstat" command. Be aware that the switch options vary between systems.
Use the "help" options to show the available options.

If the web server is configured correctly, you should see a connection listed at port 80 with a status of "Listening".
On the client, you should see nothing, until you launch the browser and connect to the web server. You should then see a connection listed at a high port number (above #1023) connected to the web server address of port 80. The status should be "Established".

I think at this point you'll need to read up on tcp/udp communications protocols to understand this further...

hope that helps, and good luck.

eT
 

markdem

Joined Jul 31, 2013
113
OK, let me try.

The port number is simply like a persons name in a house. The house number is like a IP address.
If I want to send you a letter, I don't just put your address on it as you would not know who the letter is for without opening the letter. (This would make routing the letter very slow).
You also put your address and name on the back of the letter to allow the receiver to send something back to you.

So, when I want a page from this site, I send a "letter" to 104.203.235.39(server address) with a port of 443 (the name of the service I want to talk to. In this case it is HTTPS).
But what happens if I wanted to talk to a email server, not a web server? How do we tell the server that the service we want is email? We use port 25 instead. This is like taking to a different person.
This works in he opposite direction too. When you send this letter, you include a port number that the stack has chosen for you. That way, when this sites server talks to you, the traffic knows it needs to go to your browser and not to skype for example.

When we install a service, a web server for example, the software will then listen on the port it has been set up on. There is nothing stopping you running a web server on port 555 for example.
The OS does not have anything to do with this (not really true, but lets keep it simple for now). When you install a network stack (TCP\IP) ALL ports are open, even if there is no service installed. This is because a server is just a house. A letter can be sent to your house when there is no one in it, just nothing will happen to it.
If you run netstat -an it will show you who is home on the computer you ran it from. As you ran it from inside, a firewall will not effect the result. If you want to check if port 80 is open on your pi, run "telnet <ip_of_pi> 80". If you want to check what ports are open form the internet to your pc, have a look at this site -https://www.grc.com/x/ne.dll?bh0bkyd2. if you click on the proceed button, the site will send a letter to the first 1024 ports and sees if someone if home. Remember, this, just like the netstat test, is testing the computer you ran the test from. It will also be effected by any firewall that maybe running on your router.

If you want to block (or close) a port, you need something that can look at the letter and make a decision if it should be let thought. This is called a firewall. Simple firewalls can only block a port. eg, no letters are allowed to port 443. More advance firewalls can read the contents of the letter and see if it is ok to pass. (Like the NSA).
A firewall can run on a box before your server, or it can run on the server. If you are using Linux on your pi, have a look at iptables. (I am only guessing it is available on a pi). It will allow you to open and close ports. You can then close port 80, and do the telnet test again to see if it worked.

Remember closing a port on the server is pointless as it will just stop the service. eg, if you block port 80, the web sever will just stop working.
When you read on the internet that ports should be closed, people are taking about blocking them at the router so people on the internet can't get to services on you local network that you don't want them too. (port 139 is a good example.)

Also note that routers and (most)switches have nothing to do with ports. All they do is pass letters, they don't care about the name on the letter, only the address.

Hope this make sense. The subject is quite complex so it may take a few different tries before it clicks.
 
Last edited:
Top