View Open Ports with nmap

[00:00:00]
>> So we're talking about security. We talked about SSH, we talked about firewalls. We talked about the importance of keeping your software up to date. We talked a bit about two factor authentication that doesn't really come into play as much on the server. And we talked about the VPN.

[00:00:13]
And a VPN is a virtual private network, which allows you to say like, hey, I trust all these devices, but within my network we're gonna throw all these massive walls and barriers. To make sure that nobody outside can get it and we make it really really onerous to try to break into our network.

[00:00:29]
That way it cuts out on kind of the negotiation, you have to have security where security is always wants to lock things down. Where's you as Sin engineer while access to things. So it's always a trade-off for making constantly. And before getting the firewalls, we have to understand what a port is.

[00:00:49]
A port just is a communication and point that maps through specific processor network service. Ports are amazing because we talked earlier about the IP addresses and how there's a finite number of IP addresses. But even so, without ports, we'd run out IP addresses much faster. So a port allows us to have multiple services on one IP address, even thaosands of services on one IP address.

[00:01:15]
Now if you wanna see the well known ports, and there are some ports that are usually reserved or well-known, we can take a look at those. So we'll say less. And we're using less here because it's a lot. So we wanna go through slowly. Any familiar ports in there?

[00:01:38]
SSH, 22, yeah, it's usually reserved for SSH. Now, more of my old school people out there know what FTP is, Port 21, very familiar. Telnet, yeah, that's a throwback. I think it still exists, but I don't know if it's worth going into in this class. Let's see, look at that, port 80, the most popular port in the world.

[00:02:03]
That's what the Internet runs on, is port 80 in your browser. Not a lot of people know that. And I won't go through the whole thing because it goes and goes and goes and goes and goes and goes and goes and goes. But these are all well-known ports that other companies or general practice they tend to use.

[00:02:21]
You can still use them but you run into something called a port collision? If there's already another port, that's why we usually use port 3000, that's not reserved for anything. We use port 8000 or 8080, something like that. But really there's thaosands and thaosands of ports, if your odds of running to collision if you pick a high enough number, you're usually pretty good.

[00:02:42]
Port 443 HBS, yeah, that's what the Internet runs on. So, ports are an opening in your computer. So you can't connect to your computer without some sort of port. You connect to an IP address that doesn't really tell you anything, you have to give it a port as well.

[00:03:00]
Ports and open ports are one of the more I won't say dangerous, but things you have to be aware of. So let's take a look at our open ports. We're gonna use a program called nmap. So sudo apt install nmap and you can do this on your machine, you can do this on your server, it actually doesn't matter.

[00:03:24]
And then run nmap against your droplet's IP, and it'll give you a list of your open ports. All right, let's do it together. So for this one, I'm actually gonna do it on my local machine, I think I have nmap installed, I do. Make that bigger. So I need my droplets IP and I have not used this droplet enough usually over time I can memorize it my IP address but it's been a while so let me pull this one up here and get my IP address I'm just going to run Nmap against my server, and it'll tell me which ports are open on my droplet.

[00:04:36]
Let me just clear that out so it'll be a little easier to read. And there, it's showing the ports that are open on my server, right now, port 22. What's port 22?
>> SSH.
>> SSH so port 22 is always gonna be open. Port 80? What's port 80?

[00:05:03]
>> HTTP.
>> HTTP, yeah, it's always gonna be open as well. Port 3000, why is that open?
>> Node.
>> Node, that's right. But it shouldn't be open, because we don't need port 3000 to be open, because nginx is actually intercepting all those. So we only want requests to port 22 for SSH, port 80.

[00:05:23]
So what we need to do is close port 3000, which opened by default, because our node server opened it up. So let's talk about how to do that.