[MUSIC] So the hardware at layer 4, typically the same routers and firewalls. The addresses at layer 4, are ports. One device can have many different ports. Think about then your IP address as being like a house number, number 10 on a given street is the building number. Our ports, well, these can be different entrances to that building, just think about a company. They may have a reception lobby area for guests, they may have an entrance for delivery drivers, they may have a separate entrance for staff, they may have multiple entrances, exits in the event of a fire doors. All of those entrances-exits, they serve a different purpose and this is the same idea with the ports. One IP address, one physical property may have multiple ports or services. And so the idea of a port is a service and we number ports, we give ports a different number. So one IP address may offer services on many different ports. So layer 4, the hardware routers and firewalls, the addresses are ports. The traffic we see at layer 4 are known as segments and we have two protocols I would like you to be aware of for layer 4, TCP and UDP. TCP has got a really great bio. Just imagine you saw TCP on a dating website or you saw its resume. TCP is connection orientated and reliable, that sounds pretty cool. That sounds pretty good, desirable qualities surely. UDP is connectionless and unreliable. It's not selling itself very well, I don't think. Both of these protocols have a purpose. They both have a benefit and which one we use, depends on what we're trying to achieve, it depends on the outcome. Let's look at why? TCP is a very formal process. It gets to be reliable because it forms a connection. Imagine you're meeting somebody in a very formal environment, what you do commonly is you would shake their hands, you would introduce yourself and at that point only then would you have a conversation. We have a similar kind of concept here, negotiates a handshake and forms a transport layer session of a layer 4 session. The traffic is passed backwards and forwards, and now because there is a connection, because we formed a connection between those two parties. Each piece of traffic passing backwards and forwards is numbered with a sequence number. So if one host transmits segments 1, 2, 3, 4 and 5, and the receiving host only receives 1, 2, 4 and 5. It can identify that segment 3 is missing and it can write back to the sender saying, hey something is missing please can you re-transmit. Then at the end of this TCP session, just like as with human beings in a very formal environment, that session is ended. You shake hands, there's a handshake again to close the session. Now that gives us lots of benefits, but all that formality has an overhead. Can you imagine walking down a corridor and you just want to say hi to somebody? Can you imagine stopping, shaking hands, introducing yourself saying hi and then shaking hands and finishing the conversation? That's overkill, for human beings were also for layer 4 as well. UDP is much more like that informal hi, doesn't form a connection. What it does is sends the information. If you want to send a segment, you send the segment, you don't check that the receiving host has got it, you are not numbering the communications. And that metaphor of using of saying hi in a corridor, I think that links really well. You just say something in passing very very fast. So the benefit of UDP and the use case for UDP is where we want speed. And there are some protocols that use both TCP and UDP. Let me give you an example. We have a protocol called DNS, Domain Naming Service. When we type in something like www dot ISC square dot org, that's a human name. That's not an address that computers can use. What we need to do is to get that human usable name to an IP address and the DNS protocol does that for us. It takes names and returns an IP address or it can do the opposite, it can take an IP address and give you back the relevant name. So, it's pretty important function in computing. The internet doesn't work without it. If you type an isc square dot org without DNS, we don't get that IP address back. We would have to remember the IP addresses of all those websites we want to visit, kind of like telephone numbers almost. So this is an easier way for human beings to use these systems. DNS then, when your computer, your device that you're using makes a request for a website, let's say ISC squared dot org, your computer will fire off a DNS request, please can I have the I P address for this website. And there should be a response. Both of those are sent by UDP. Very fast we want a quick conversation. TCP though is used with DNS where two DNS servers want to synchronize their databases. The database of names against IP addresses, that has to be accurate. And when they are exchanging that information or updating that information between DNS servers, very important that it is complete and that it is accurate. And this process is called a zone transfer. And for DNS service, DNS uses TCP a reliable connection orientated protocol for zone transfers. Two different use cases within a single protocol. I wouldn't get too hung up about DNS, I think that's really useful information, but the idea is that both TCP and UDP have a valid purpose in life, they both add value to platforms. So layer 4, then let's look at some other ports. On the left hand side, what we see are some older risky ports. On the right hand side, we see some safer alternatives to those risky ports. So port 23 is Telnet, this is a remote command line. You can type a command here and it will be executed on the remote machine. The big problem with this. This is a great capability and is one of those older, all these things on the left hand side of what we saw in that TCP IP slide right at the start, slide 10 as slide 9 of the chapter. Telnet not encrypted, so any commands, any credentials, user names, passwords, if anybody is able to intercept that traffic, they can read it, it's a big problem. File Transfer Protocol FTP, another one of our TCP IP suite protocols uses ports 20 and 21, uses two ports, it does support encryption. Well that's sounding healthier than Telnet. However, the initial login isn't encrypted. If you can capture the first few packets that user name and password are transmitted in clear text, that's a big problem. Then we have HTTP which runs on ports 80. This is what we use to view website. So what we used to use it's very rare to see web servers, web services using port 80 anymore. And this is precisely because the problem with HTTP is that it isn't encrypted. So let's look at the safe alternatives then. For telnet we have a great alternative. Just on the very next port, Secure Shell. Secure Shell is kind of like a swiss army knife, it does a whole range of things. Below you see SFTP and that is part of the SSH protocol suite. It performs file transfer, data tunneling remote, command line very, very popular with system administrators. Something I use pretty much daily. Does all the things that Telnet can do and a whole range more? It's kind of like Telnet and FTP bundled together in a single protocol suite and it is very capable, encrypted, really good authentication options as well, really strong authentication options. Then just coming back to file transfer then FTPS, which is kind of like HTTPS below and SFTP which we said is part of SSH. So these used to different ports but the idea is the same, they are both secure versions of FTP. One has the S at the end, one has the S at the start, that they're both they both work in slightly different ways, but they are both secure ways to do what FTP was doing. So FTP is part of the SSH, sweet. FTPS is more like HTTPS. HTTPS uses port 443 and is encrypted same as port 80 but encrypted and it's encrypted using transport layer security most commonly. [MUSIC]
