1
00:00:00,000 --> 00:00:00,900
In this lesson,

2
00:00:00,900 --> 00:00:03,420
we're going to explore web ports and protocols.

3
00:00:03,420 --> 00:00:05,760
Now, when we refer to web ports and protocols,

4
00:00:05,760 --> 00:00:07,470
we're referring to the standardized rules

5
00:00:07,470 --> 00:00:08,790
and numerical gateways

6
00:00:08,790 --> 00:00:11,250
that are used to govern data transmission and communication

7
00:00:11,250 --> 00:00:14,250
over the internet for websites and web pages.

8
00:00:14,250 --> 00:00:16,320
There are two main ports used for the web,

9
00:00:16,320 --> 00:00:19,860
and these are port 80 and port 443,

10
00:00:19,860 --> 00:00:22,200
and each one is going to use a different protocol

11
00:00:22,200 --> 00:00:25,350
for its communication over these numerical ports.

12
00:00:25,350 --> 00:00:28,050
Ports are integral to how the internet functions.

13
00:00:28,050 --> 00:00:29,490
Ports allow computers to distinguish

14
00:00:29,490 --> 00:00:32,250
between different types of traffic and services.

15
00:00:32,250 --> 00:00:36,180
Port 80 and port 443 are two fundamental ports

16
00:00:36,180 --> 00:00:38,730
used for web browsing and internet communication,

17
00:00:38,730 --> 00:00:40,860
but they do serve different purposes

18
00:00:40,860 --> 00:00:43,200
and offer different levels of security.

19
00:00:43,200 --> 00:00:47,760
First, let's take a look at port 80, which is used for HTTP.

20
00:00:47,760 --> 00:00:51,120
Now, HTTP, or the Hypertext Transfer Protocol,

21
00:00:51,120 --> 00:00:53,430
relies on port 80 by default.

22
00:00:53,430 --> 00:00:56,160
HTTP is the foundation of data communication

23
00:00:56,160 --> 00:00:58,110
on the World Wide Web.

24
00:00:58,110 --> 00:00:59,460
Anytime you visit a website

25
00:00:59,460 --> 00:01:02,790
by typing in a URL like diontraining.com,

26
00:01:02,790 --> 00:01:03,900
and you do this in your browser

27
00:01:03,900 --> 00:01:05,610
and you don't specify a port,

28
00:01:05,610 --> 00:01:08,550
your web browser is automatically and by default

29
00:01:08,550 --> 00:01:11,250
going to use port 80 to request the webpage

30
00:01:11,250 --> 00:01:12,690
from that server.

31
00:01:12,690 --> 00:01:16,230
Hypertext Transfer Protocol is an application layer protocol

32
00:01:16,230 --> 00:01:17,880
that's designed to enable communications

33
00:01:17,880 --> 00:01:19,860
between clients and servers.

34
00:01:19,860 --> 00:01:22,770
HTTP works by sending plain text requests

35
00:01:22,770 --> 00:01:25,650
from a client, like a web browser, over to a server,

36
00:01:25,650 --> 00:01:28,560
which in turn then sends back a plain text response

37
00:01:28,560 --> 00:01:32,280
with the requested content, such as HTML pages, images,

38
00:01:32,280 --> 00:01:35,940
and other types of web media to the requester's web browser.

39
00:01:35,940 --> 00:01:39,060
Now, for a long time, HTTP and port 80

40
00:01:39,060 --> 00:01:40,860
were used for most of the website traffic

41
00:01:40,860 --> 00:01:42,450
being sent over the internet,

42
00:01:42,450 --> 00:01:47,010
but there is one major drawback to using HTTP over port 80,

43
00:01:47,010 --> 00:01:49,590
and that is a lack of security.

44
00:01:49,590 --> 00:01:51,930
Now, data transferred via HTTP

45
00:01:51,930 --> 00:01:54,000
is going to be sent in plain text,

46
00:01:54,000 --> 00:01:56,340
and this means it is not encrypted.

47
00:01:56,340 --> 00:01:57,390
This makes any data

48
00:01:57,390 --> 00:02:00,240
that's being sent over port 80 using HTTP

49
00:02:00,240 --> 00:02:03,030
vulnerable to eavesdropping and on-path attack

50
00:02:03,030 --> 00:02:06,060
because that data could be read or modified by an attacker

51
00:02:06,060 --> 00:02:09,300
as it's transmitted over the local or wide area network

52
00:02:09,300 --> 00:02:10,410
between the two systems

53
00:02:10,410 --> 00:02:12,990
that are involved in that communication session.

54
00:02:12,990 --> 00:02:15,480
This vulnerability is especially problematic

55
00:02:15,480 --> 00:02:17,430
when you're transmitting sensitive information,

56
00:02:17,430 --> 00:02:20,250
like your login credentials or your personal data.

57
00:02:20,250 --> 00:02:22,260
For this reason, you should never enter

58
00:02:22,260 --> 00:02:24,720
any sensitive information, like your username,

59
00:02:24,720 --> 00:02:26,970
your password, or your credit card details

60
00:02:26,970 --> 00:02:29,760
into a webpage that is sending its data back to the server

61
00:02:29,760 --> 00:02:32,610
over port 80 using HTTP.

62
00:02:32,610 --> 00:02:36,540
Instead, we want to rely on a secure alternative to HTTP,

63
00:02:36,540 --> 00:02:38,130
and this brings us to our second port

64
00:02:38,130 --> 00:02:40,200
that you need to be aware of for web browsing,

65
00:02:40,200 --> 00:02:43,170
and that is port 443.

66
00:02:43,170 --> 00:02:46,560
Port 443 is used by HTTPS,

67
00:02:46,560 --> 00:02:49,320
which is also known as the Hypertext Protocol Secure,

68
00:02:49,320 --> 00:02:51,690
or HTTP Secure.

69
00:02:51,690 --> 00:02:56,040
HTTPS is essentially the exact same protocol as HTTP,

70
00:02:56,040 --> 00:02:58,650
but it adds a layer of encryption by sending the data

71
00:02:58,650 --> 00:03:01,380
through a secure socket layer, or SSL tunnel,

72
00:03:01,380 --> 00:03:03,540
or the newer and more modern variant,

73
00:03:03,540 --> 00:03:05,820
which is called the transport layer security,

74
00:03:05,820 --> 00:03:08,430
which is also known as a TLS tunnel.

75
00:03:08,430 --> 00:03:10,320
Now, these tunnels use encryption to ensure

76
00:03:10,320 --> 00:03:12,840
that any data transferred between the client and the server

77
00:03:12,840 --> 00:03:14,160
is going to be encrypted,

78
00:03:14,160 --> 00:03:16,710
and this secures it from interception or tampering

79
00:03:16,710 --> 00:03:18,120
by an attacker.

80
00:03:18,120 --> 00:03:19,590
Now, anytime you visit a website

81
00:03:19,590 --> 00:03:23,040
and you see https:// in the URL

82
00:03:23,040 --> 00:03:25,290
or you see that little green padlock,

83
00:03:25,290 --> 00:03:27,510
this means your browser established a connection

84
00:03:27,510 --> 00:03:30,000
using port 443.

85
00:03:30,000 --> 00:03:33,810
Remember, the S in HTTPS stands for secure,

86
00:03:33,810 --> 00:03:35,670
and it indicates that all the communications

87
00:03:35,670 --> 00:03:37,350
between your browser and the website

88
00:03:37,350 --> 00:03:39,090
are going to be encrypted.

89
00:03:39,090 --> 00:03:40,860
This is achieved using the SSL,

90
00:03:40,860 --> 00:03:42,570
or secure socket layer tunnel,

91
00:03:42,570 --> 00:03:46,020
or using TLS, the transport layer security protocol,

92
00:03:46,020 --> 00:03:48,240
which will then encrypt the data before it's sent,

93
00:03:48,240 --> 00:03:49,260
and then it will decrypt it

94
00:03:49,260 --> 00:03:51,810
upon its arrival at the destination.

95
00:03:51,810 --> 00:03:56,190
The use of HTTPS over port 443 is particularly important

96
00:03:56,190 --> 00:03:59,010
for any website that's going to be handling sensitive data,

97
00:03:59,010 --> 00:04:01,530
such as online banking, e-commerce websites,

98
00:04:01,530 --> 00:04:03,870
and any website with a login page.

99
00:04:03,870 --> 00:04:06,600
In fact, this is so important that many websites

100
00:04:06,600 --> 00:04:08,550
have set up an automatic redirection

101
00:04:08,550 --> 00:04:10,920
so that anytime somebody tries to access their site

102
00:04:10,920 --> 00:04:14,640
over the more insecure HTTP connection using port 80,

103
00:04:14,640 --> 00:04:17,160
the website will actually redirect them automatically

104
00:04:17,160 --> 00:04:21,899
to the HTTPS version of that website over port 443 instead.

105
00:04:21,899 --> 00:04:23,460
For example, if you enter

106
00:04:23,460 --> 00:04:28,460
http://www.diontraining.com in your web browser,

107
00:04:29,070 --> 00:04:30,960
you are specifically asking our server

108
00:04:30,960 --> 00:04:34,350
to send you the insecure plain text version of our website.

109
00:04:34,350 --> 00:04:36,540
When you do that though, our server is going to see

110
00:04:36,540 --> 00:04:38,220
that you want that insecure version,

111
00:04:38,220 --> 00:04:40,350
but we're not going to provide it to you.

112
00:04:40,350 --> 00:04:42,270
Instead, we automatically redirect you

113
00:04:42,270 --> 00:04:44,100
to our secure version of our website

114
00:04:44,100 --> 00:04:49,050
at https://www.diontraining.com

115
00:04:49,050 --> 00:04:50,370
because our website does ask

116
00:04:50,370 --> 00:04:52,200
for some sensitive information from you,

117
00:04:52,200 --> 00:04:54,120
like your user's login and password

118
00:04:54,120 --> 00:04:56,340
if you're accessing your courses through our website

119
00:04:56,340 --> 00:04:58,290
or your name and credit card information

120
00:04:58,290 --> 00:05:00,270
if you're trying to buy a discount exam voucher

121
00:05:00,270 --> 00:05:01,650
from our website.

122
00:05:01,650 --> 00:05:05,520
So what are some key differences between HTTP over port 80

123
00:05:05,520 --> 00:05:09,300
and HTTPS over port 443?

124
00:05:09,300 --> 00:05:12,060
Well, we have three main areas that we need to cover.

125
00:05:12,060 --> 00:05:14,940
These are security and encryption, default usage,

126
00:05:14,940 --> 00:05:18,720
and search engine optimization, known as SEO and trust.

127
00:05:18,720 --> 00:05:21,420
First, we have security and encryption.

128
00:05:21,420 --> 00:05:22,710
Now, the most significant difference

129
00:05:22,710 --> 00:05:26,520
between HTTP and HTTPS is security.

130
00:05:26,520 --> 00:05:29,280
Any traffic sent over port 80 is going to be unencrypted

131
00:05:29,280 --> 00:05:32,160
and sent in plain text using HTTP.

132
00:05:32,160 --> 00:05:35,670
On the other hand, any traffic sent over port 443

133
00:05:35,670 --> 00:05:39,150
is going to be encrypted and sent using HTTPS.

134
00:05:39,150 --> 00:05:44,150
Now, data sent over port 443 utilizes SSL or TLS encryption,

135
00:05:44,250 --> 00:05:46,170
which makes it a more secure option

136
00:05:46,170 --> 00:05:48,480
against data breaches and eavesdropping attacks,

137
00:05:48,480 --> 00:05:53,040
which is why you should always use HTTPS over HTTP.

138
00:05:53,040 --> 00:05:55,890
Second, we have to consider the default usage.

139
00:05:55,890 --> 00:05:57,540
Now, port 80 is traditionally used

140
00:05:57,540 --> 00:05:59,820
for unsecure web browsing, and that was the default

141
00:05:59,820 --> 00:06:03,570
used by all servers and web browsers since 1991,

142
00:06:03,570 --> 00:06:05,910
which was over 35 years ago.

143
00:06:05,910 --> 00:06:08,310
Now, port 443, on the other hand,

144
00:06:08,310 --> 00:06:11,550
was introduced a few years after that, back in 1994,

145
00:06:11,550 --> 00:06:13,320
as a method for securing and encrypting

146
00:06:13,320 --> 00:06:14,640
web browsing traffic,

147
00:06:14,640 --> 00:06:16,830
but it really didn't become the default

148
00:06:16,830 --> 00:06:20,700
used by most web browsers until about 10 to 15 years ago.

149
00:06:20,700 --> 00:06:24,360
These days, over 95% of all web browsing traffic

150
00:06:24,360 --> 00:06:28,650
is being sent over port 443 using HTTPS

151
00:06:28,650 --> 00:06:30,900
instead of relying on the older and insecure

152
00:06:30,900 --> 00:06:34,200
hypertext transfer protocol over port 80.

153
00:06:34,200 --> 00:06:37,200
Third and finally, we have SEO and trust.

154
00:06:37,200 --> 00:06:41,580
Now, since modern web practices favor HTTPS over HTTP

155
00:06:41,580 --> 00:06:44,370
due to that increased security, most search engines

156
00:06:44,370 --> 00:06:47,220
will also rank websites higher in their search results

157
00:06:47,220 --> 00:06:51,300
if they're utilizing HTTPS over port 443

158
00:06:51,300 --> 00:06:54,360
instead of using HTTP over port 80.

159
00:06:54,360 --> 00:06:56,850
This is because more users trust these websites

160
00:06:56,850 --> 00:06:58,230
and because the data is being encrypted

161
00:06:58,230 --> 00:06:59,280
for their protection.

162
00:06:59,280 --> 00:07:01,530
This in turn feeds the search engine's algorithms

163
00:07:01,530 --> 00:07:02,820
by seeing additional traffic

164
00:07:02,820 --> 00:07:05,610
sent to the HTTPS versions of those websites

165
00:07:05,610 --> 00:07:08,220
because they are more trusted by the end users.

166
00:07:08,220 --> 00:07:09,810
This, again, feeds the algorithm,

167
00:07:09,810 --> 00:07:12,300
and the algorithm ranks that website higher.

168
00:07:12,300 --> 00:07:15,450
So remember, when it comes to web ports and protocols,

169
00:07:15,450 --> 00:07:18,510
you need to remember that port 80 utilizes HTTP

170
00:07:18,510 --> 00:07:22,470
and port 443 utilizes HTTPS.

171
00:07:22,470 --> 00:07:26,340
Now, HTTP is insecure and it sends data in plain text.

172
00:07:26,340 --> 00:07:29,040
HTTPS on the other hand, is more secure

173
00:07:29,040 --> 00:07:30,510
because it encrypts all of its data

174
00:07:30,510 --> 00:07:31,710
before it's being transmitted

175
00:07:31,710 --> 00:07:33,483
between the server and the client.