Transcript from the "Ports" Lesson
>> Jem Young: And I keep saying ports and I should have defined that earlier. It's a communication endpoint that maps to a specific process or network service. Now what, so why ports? In terms of think about an operating system level, why would I need a port for something?
>> Jem Young: Yeah.
>> Speaker 2: It's like changing the channel on your TV. It lets you dial in a specific mode of communication.
>> Jem Young: Yeah.
>> Speaker 2: And let you keep your peanut butter separate from your chocolate.
>> Jem Young: Peanut butter and chocolate?
>> Speaker 2: It's an old Reese's peanut butter cup commercial.
>> Speaker 2: But yeah, the point is to be able to be specific, to talk to one program that's talking to you, FTP versus HTTP versus whatever.
>> Jem Young: Exactly, on a computer, I can hit an IP address, and it's like, cool. Where do I go now? But by specifying the port, I can say exactly where I want this communication to go. This is much more efficient than having a trillion IP addresses where every single IP address is a different service.
[00:01:04] We can hit one IP address and have different ports. The dangerous thing about ports, is that, every port that is open to the Internet means it's a vulnerability, potentially, that can be exploited. So in general, you want the minimum amount of ports that you need running. That's why by default, ports are closed until you open them up.
[00:01:23] And even now I don't want port 3000 open because I don't need that to be exposed to the Internet. So if I went to, and I demonstrated this earlier. That means I can go to jemisthebest on port 3000. And it still connects, which is not what we want.
[00:01:42] We want only port 80 to connect, and all traffic to go through port 80. Because what if at some point I started up another service on port 3000, and I redirect somewhere else. I now have an open port that is vulnerable to exploits or something like that. So in general, the best practice for ports is always to keep them closed.
[00:01:59] Unless you need to open up, and only open up the explicit ones that you need. Because again, it takes a trivial amount of time to port scan you, and find out what software you're running and what's open.
>> Jem Young: And if we wanna see a different version of the ports that are, or we can see like what the standard ports are.
[00:02:18] They're probably not gonna be open most of the time. But you can say less /etc/ services. And I find it really interesting, cuz the other, a bit earlier we talked about how there are standard ports. That's why we always choose something above 2000 or 3000 or 1000. Because there are well-defined ports, like 22.
[00:02:38] Let's see what's on here, FTP is port 21. And these are just de facto standards, you can change these at any time. But it's sometimes better to keep these standards. The other day, Sam, you mentioned, you can change your port from 22 for SSH if you wanted to.
[00:02:56] You could, but that makes SSHing it a little bit more tricky if I want to, say, share my server with you. But you can absolutely do that, and it would just change the port map. Is there any question about ports? The only thing you really need to know is keep them closed unless you need them.
[00:03:12] [LAUGH] Then if you wanna give a too long, didn't listen to Jem. So yeah, just keep them closed.