You are on page 1of 15


Telecommunications and
Networking Security
 Working with Protocol and Services
Working with Protocols and
 The following sections will discuss in more detail
how TCP/IP hosts communicate with each other.
We will discuss the concepts of ports,
handshakes, and application interfaces. The
objective isn’t to make you an expert on this
subject, but to help you understand what you’re
dealing with when attempting to secure a TCP/IP
Working with Protocols and
 Well-Known Ports
Simply stated, ports identify how a communication
process occurs. Ports are special addresses that
allow communication between hosts. A port
number is added from the originator, indicating
which port to communicate with on a server. If a
server has this port defined and available for use,
it will send back a message accepting the request.
If the port isn’t valid, the server will refuse the
connection. The Internet Assigned Numbers
Authority (IANA) has defined a list of ports called
well-known ports.
Working with Protocols and
A port is nothing more than a bit of additional
information added to either the TCP or UDP
message. This information is added in the header
of the packet. The layer below it encapsulates the
message with its header.
Many of the services you’ll use in the normal
course of utilizing the Internet use the TCP port
numbers identified in Table 2.1. Table 2.2 identifies
some of the more common, wellknown UDP ports.
Working with Protocols and
The early documentation for these ports specified
that ports below 1024 were restricted to
administrative uses. However, enforcement of this
restriction has been voluntary and is creating
problems for computer security professionals. As
you can see, each of these ports potentially
requires different security considerations,
depending on the application they’re assigned for.
All the ports allow access to your network; even if
you establish a firewall, you must have these ports
open if you want to provide e-mail or web services.
Working with Protocols and
 TCP Three-Way Handshake
TCP, which is a connection-oriented protocol,
establishes a session using a three-way
handshake. A host called a client originates this
connection. The client sends a TCP segment, or
message, to the server. This client segment
includes an Initial Sequence Number (ISN) for the
connection and a window size. The server
responds with a TCP segment that contains its
ISN and a value indicating its buffer, or window
size. The client then sends back an
acknowledgment of the server’s sequence
Working with Protocols and
A web request uses the TCP connection
process to establish the connection
between the client and the server. After
this occurs, the two systems communicate
with each other; the server uses TCP port
80. The same thing occurs when an e-mail
connection is made, with the difference
being that the client (assuming it’s using
POP3) uses port 110.
Working with Protocols and
 Application Programming Interface
Interfacing to TCP/IP is much simpler than
interfacing to earlier network models. A
welldefined and well-established set of
Application Programming Interfaces (APIs)
is available from most software companies.
APIs allow programmers to create
interfaces to the protocol.
Working with Protocols and
When a programmer needs to create a
web-enabled application, they can call or
use one of these APIs to make the
connection, send or receive data, and end
the connection.
The APIs are prewritten, and they make the
job considerably easier than manually
coding all of the connection information.
Working with Protocols and
Microsoft uses an API called a Windows
socket (WinSock) to interface to the
It can access either TCP or UDP protocols
to accomplish the needed task. Figure 2.10
illustrates how the Windows socket
connects to the TCP/IP protocol suite.