SEC SY0 701 STUDY GUIDE ELLIOTS GLOSSARY SEC SY0 701 STUDY GUIDE
  • Info
    Click 'Save & Edit' to enable all features
    Export
    Study
    Edit
    Manage
Public
Save & Edit
Searching...
Flashcards in this deck (35)

  • System ports run from 0 to 1023.

    System ports run from 0 to 1023.

    port_ranges_and_common_service_ports

  • User ports run from 1024 to 49151.

    User ports run from 1024 to 49151.

    port_ranges_and_common_service_ports

  • Dynamic and private ports run from 49152 to 65535.

    Dynamic and private ports run from 49152 to 65535.

    port_ranges_and_common_service_ports

  • TCP 22 (SSH) provides secure remote shell access when keys and passwords are handled correctly.

    TCP 22 (SSH) provides secure remote shell access when keys and passwords are handled correctly.

    security_recommendations_for_services

  • TCP 23 (Telnet) is unsecure and should be avoided for remote management.

    TCP 23 (Telnet) is unsecure and should be avoided for remote management.

    security_recommendations_for_services

  • TCP 80 (HTTP) is unencrypted and should be replaced by HTTPS where possible.

    TCP 80 (HTTP) is unencrypted and should be replaced by HTTPS where possible.

    security_recommendations_for_services

  • TCP 443 (HTTPS) secures and encrypts data between the user's browser and a website via TLS.

    TCP 443 (HTTPS) secures and encrypts data between the user's browser and a website via TLS.

    security_recommendations_for_services

  • UDP/TCP 53 runs DNS and is vulnerable to DDoS attacks; DNSSEC provides integrity but not confidentiality.

    UDP/TCP 53 runs DNS and is vulnerable to DDoS attacks; DNSSEC provides integrity but not confidentiality.

    port_ranges_and_common_service_ports security_recommendations_for_services

  • TCP 445 (SMB) should not be open to the public because it allows file and printer sharing over the network.

    TCP 445 (SMB) should not be open to the public because it allows file and printer sharing over the network.

    security_recommendations_for_services

  • Use encrypted ports like 995 for POP3S and 993 for IMAPS instead of their unsecured counterparts.

    Use encrypted ports like 995 for POP3S and 993 for IMAPS instead of their unsecured counterparts.

    security_recommendations_for_services

  • The chmod command allows users to change file and directory permissions with syntax: chmod <operations> <file/directory name>.

    The chmod command allows users to change file and directory permissions with syntax: chmod <operations> <file/directory name>.

    essential_linux_file_and_system_commands chmod_numeric_and_symbolic_modes

  • IEEE 802 standards such as 802.1X and 802.1D define important network access control and bridging behaviors.

    IEEE 802 standards such as 802.1X and 802.1D define important network access control and bridging behaviors.

    core_ieee_802_standards_(802.1x,_802.1d)

  • chmod +r sample.txt -> adds read permissions to the sample.txt file

    chmod +r sample.txt -> adds read permissions to the sample.txt file

    chmod permissions file

  • chown changes file ownership

    chown changes file ownership

    chown ownership linux

  • chgrp changes group ownership

    chgrp changes group ownership

    chgrp group linux

  • ls lists a directory's content

    ls lists a directory's content

    ls commands directory

  • ps reports a snapshot of the current processes

    ps reports a snapshot of the current processes

    ps process monitoring

  • pwd shows the current working directory's path

    pwd shows the current working directory's path

    pwd paths shell

  • cd changes the shell working directory

    cd changes the shell working directory

    cd navigation shell

  • cp copies a file or directory

    cp copies a file or directory

    cp file commands

  • mv moves files or directories from one directory to another

    mv moves files or directories from one directory to another

    mv file commands

  • rm removes files, directories, device nodes and symbolic links

    rm removes files, directories, device nodes and symbolic links

    rm delete danger

  • sudo executes commands with administrative privileges

    sudo executes commands with administrative privileges

    sudo privilege security

  • Numeric chmod 7 means read, write and execute permissions

    Numeric chmod 7 means read, write and execute permissions

    chmod numeric permissions

  • Numeric chmod 6 means read and write permissions

    Numeric chmod 6 means read and write permissions

    chmod numeric permissions

  • Numeric chmod 5 means read and execute permissions

    Numeric chmod 5 means read and execute permissions

    chmod numeric permissions

  • IEEE 802 is a collection of networking standards covering physical and data link layer specifications

    IEEE 802 is a collection of networking standards covering physical and data link layer specifications

    ieee networking standards

  • 802.1X is port-based network access control where RADIUS validates the user

    802.1X is port-based network access control where RADIUS validates the user

    802.1x security networking

  • 802.1D defines the Spanning Tree Protocol for loop protection in Ethernet bridges

    802.1D defines the Spanning Tree Protocol for loop protection in Ethernet bridges

    802.1d stp networking

  • Ethernet is a family of networking technologies used for local area networks.

    Ethernet is a family of networking technologies used for local area networks.

    ieee_802 networking core_concept

  • 802.1D defines the Spanning Tree Protocol for Ethernet MAC bridges.

    802.1D defines the Spanning Tree Protocol for Ethernet MAC bridges.

    802.1d stp bridging

  • The Spanning Tree Protocol (STP) provides loop protection in bridged Ethernet networks.

    The Spanning Tree Protocol (STP) provides loop protection in bridged Ethernet networks.

    stp loop_protection ethernet

  • Ethernet MAC bridges implement bridging functions and may follow standards such as 802.1D.

    Ethernet MAC bridges implement bridging functions and may follow standards such as 802.1D.

    bridges standards 802.1d

  • Core IEEE 802 standards relevant to LAN security include 802.1X for port-based network access control.

    Core IEEE 802 standards relevant to LAN security include 802.1X for port-based network access control.

    802.1x security ieee_802

  • Study notes highlight port ranges, common service ports, and security recommendations for network services.

    Study notes highlight port ranges, common service ports, and security recommendations for network services.

    ports security study_notes
Study Notes

Ports — Overview

  • Port ranges: Well-known/system ports \(0\text{–}1023\), user/registered ports \(1024\text{–}49151\), dynamic/private ports \(49152\text{–}65535\).
  • Transport protocols: Ports can be TCP or UDP; security depends on the application and whether encryption (e.g., TLS) is used.
  • Security tip: Close or firewall unused ports, prefer encrypted variants (TLS/SSL) and restrict services like SMB from public exposure.

Common service ports and security notes

  • FTP: TCP \(20\) (data) and TCP \(21\) (control). Unencrypted; prefer secure alternatives (SFTP/FTPS).
  • FTPS: Uses TLS; explicit mode on TCP \(21\), implicit mode often TCP \(990\) (control) and TCP \(989\) (data).
  • SSH: TCP \(22\) — secure remote shell; protect keys and passwords.
  • Telnet: TCP \(23\) — unencrypted, avoid for remote administration.
  • SMTP: TCP \(25\) — sending mail; unsecured. Use submission/STARTTLS (e.g., port \(587\)) for authenticated, encrypted sending.
  • DNS: UDP/TCP \(53\) — name resolution; vulnerable to DDoS. Use DNSSEC to ensure integrity (not confidentiality).
  • HTTP: TCP \(80\) — unencrypted web traffic; use HTTPS instead.
  • HTTPS: TCP \(443\) — HTTP over TLS; standard secure web traffic.
  • POP3 / IMAP: POP3 UDP/TCP \(110\) (use \(995\) for POP3S), IMAP TCP \(143\) (use \(993\) for IMAPS).
  • SNMP: UDP/TCP \(161\) — network management; SNMPv3 improves security but still has limitations.
  • SMB: TCP \(445\) — Windows file/printer sharing; do not expose to the public internet.
  • RDP: TCP \(3389\) — Remote Desktop; secure with VPN or restrict access.
  • UPnP: TCP \(5000\) — device discovery and media streaming; can increase attack surface if exposed.
  • SRTP / Push services / Other: Some ports like UDP \(5004\), TCP \(5223\) are used for real-time or push services; check vendor docs for security guidance.

Practical port-security recommendations

  • Block inbound services you don't need; whitelist IPs for remote management.
  • Prefer encrypted service variants (HTTPS, FTPS/SFTP, IMAPS, POP3S, LDAPS).
  • Monitor unusual services (e.g., TCP \(777\) used by malware historically).
  • Keep servers and services patched; limit exposure of SMB, RDP, and other high-risk services.

Linux commands — essential groups

File ownership & permissions

  • chmod — change file mode (permissions). Syntax: chmod <mode> <file>; supports symbolic (+r, -x) and numeric modes.
  • chown — change file owner (user).
  • chgrp — change file group.
  • chroot — run a command with a different root directory (change root environment).

Filesystem navigation & info

  • ls — list directory contents (use ls -l for details).
  • pwd — print working directory.
  • cd — change directory.
  • mkdir / rmdir — create and remove directories.
  • touch — update file timestamps or create empty files.

File operations

  • cp — copy files or directories.
  • mv — move or rename files and directories.
  • rm — remove files, directories, symlinks (use carefully).
  • dd — low-level copy/convert utility (specify if= input file and of= output file).
  • cat — display file contents or concatenate files.

Processes & system info

  • ps — show process status (snapshot of running processes).
  • time / times — measure command execution time or display process times.
  • uname — print basic system information.
  • sudo — run commands with elevated (superuser) privileges.
  • groups — show group memberships.

Utilities & forensic

  • locate — find files by name using a database (fast, depends on updatedb).
  • cksum — compute checksum and byte count for files.
  • ExifTool — read/write metadata from multimedia files.

chmod — numeric and symbolic modes (quick guide)

  • Numeric permission digits map to read/write/execute combinations: use MathJax for clarity:
  • \(0\) = no permission
  • \(1\) = execute only
  • \(2\) = write only
  • \(3\) = write + execute
  • \(4\) = read only
  • \(5\) = read + execute
  • \(6\) = read + write
  • \(7\) = read + write + execute
  • Numeric mode is three digits: owner, group, others (e.g., chmod 755 file means owner \(7\), group \(5\), others \(5\)).
  • Symbolic form examples: chmod u+rwx,g+rx,o+rx file or shorter chmod u=rw,g=r,o=r file.
  • Recommendation: give the minimum permissions required (principle of least privilege).

IEEE 802 standards — key points

  • IEEE 802: family of standards for local area networks and metropolitan networks covering physical and data link layers (MAC).
  • 802.1X: port-based Network Access Control (NAC) for wired and wireless; typically uses RADIUS for authentication.
  • 802.1D: Spanning Tree Protocol (STP) for loop prevention in Ethernet bridging; provides MAC bridge and loop protection.
  • Note: IEEE 802 includes many other specs (e.g., 802.3 Ethernet, 802.11 Wi‑Fi); 802.1 sub-standards focus on bridging, VLANs, and access control.

Study tips & quick reference

  • Memorize common port numbers and whether they are TCP/UDP and encrypted (e.g., HTTPS TCP \(443\) — encrypted; HTTP TCP \(80\) — not).
  • Practice basic Linux commands (ls, cd, chmod, chown, ps, cp, mv, rm) until comfortable.
  • Understand permission math: convert numeric modes to rwx triplets and back.
  • For network security, prioritize closing unused ports, using TLS, and restricting high-risk services like SMB and RDP.