Certified - CompTIA Network +

Web and directory service protocols enable the daily operation of enterprise systems, from browsing websites to authenticating users across the network. These protocols make it possible for users to connect to web applications, retrieve information from centralized databases, and log into various systems using a single identity. Web protocols such as H T T P and H T T P S focus on delivering content to users, while directory protocols like L D A P and L D A P S manage user credentials, group memberships, and policy enforcement. Both types of services are deeply intertwined with infrastructure operations and user experience.
In the Network Plus certification exam, questions about web and directory services appear under the application protocol and port assignment objectives. These questions often test your ability to match protocols with their roles, identify secure versus insecure implementations, and recall standard port numbers. You may encounter network diagrams or configuration scenarios that require you to recognize whether encrypted communication is taking place or whether a specific service is reachable. The protocols in this category are fundamental to network access and user authentication and are therefore tested in multiple ways.
Hypertext Transfer Protocol, or H T T P, is the foundational protocol used to deliver web content across networks. It operates over Transmission Control Protocol port 80 and transfers content such as text, images, and scripts from a web server to a browser. H T T P is stateless and designed for performance and simplicity, but it does not provide any built-in encryption or security. All data, including any credentials or session identifiers, is transmitted in plain text. For this reason, H T T P is considered unsafe for use with sensitive or personal information.
To protect web communication, Hypertext Transfer Protocol Secure, or H T T P S, is used. H T T P S encrypts the H T T P session using Secure Sockets Layer or Transport Layer Security and operates on Transmission Control Protocol port 443. This encryption ensures that the data exchanged between the browser and the server cannot be intercepted or altered during transmission. H T T P S is now the standard for all websites that involve user authentication, financial transactions, or personal information, and most modern browsers display warnings when sites use unencrypted H T T P.
The differences between H T T P and H T T P S are critical from both a security and exam perspective. H T T P transmits information openly and can be read by anyone with access to the data stream, making it inappropriate for login forms, credit card transactions, or any confidential content. H T T P S, on the other hand, provides encryption, integrity, and server identity verification. Certificates used in H T T P S also enable users to confirm that they are communicating with the intended site, helping to defend against phishing and man-in-the-middle attacks.
Lightweight Directory Access Protocol, or L D A P, is used to query and manage information stored in directory services. These directories hold structured data about users, devices, groups, and policies in a hierarchical format. L D A P is widely used in enterprise identity management systems and operates over Transmission Control Protocol port 389. Unlike H T T P, which delivers content to users, L D A P is used to support authentication, authorization, and access control across multiple systems and applications by referencing a central directory.
L D A P directories are built using a hierarchical, object-based structure. This format organizes entries like users, computers, and organizational units into a tree-like model. Each object is defined by attributes such as username, group membership, or password expiration. This structure makes it possible to manage large volumes of identity data efficiently. In enterprise networks, directory services such as Active Directory rely on L D A P for everyday tasks including user login, resource access, and group policy enforcement.
To secure directory access, L D A P S is used. This is the encrypted version of the protocol and runs over Transmission Control Protocol port 636. It wraps L D A P messages in S S L or T L S encryption, protecting user credentials and query data from being intercepted. Just like H T T P S, L D A P S provides confidentiality and integrity, ensuring that authentication sessions and directory lookups cannot be monitored or modified by attackers. L D A P S is especially important in environments where directory services are exposed across network segments or accessed remotely.
Directory services support a variety of critical use cases. They enable single sign-on, which allows users to authenticate once and access multiple systems. They also allow role-based access control, where permissions are assigned based on group membership or directory attributes. These systems reduce the complexity of account management and centralize control, which improves both security and efficiency. Without directory services, administrators would need to manage separate sets of credentials and access rules for every application or service.
When considering the roles of web and directory protocols, it’s important to understand how they complement each other. Web protocols such as H T T P and H T T P S are used to serve content and web-based applications to users. Directory protocols such as L D A P and L D A P S manage the identities and permissions that determine who can access those resources. Together, they form the backbone of secure and structured user access in enterprise environments, supporting everything from public web portals to internal application suites.
Domain Name System, or D N S, plays a key supporting role in the operation of both web and directory services. When a user enters a web address or a client attempts to reach a directory server, D N S is used to resolve the human-readable name to an I P address. Without name resolution, neither web pages nor directory queries would be reachable. D N S records also support service discovery, enabling clients to locate the correct server for H T T P, H T T P S, L D A P, or L D A P S based on domain and subdomain mappings.
For more cyber-related content and books, please check out cyber author dot me. Also, there are other podcasts on Cybersecurity and more at Bare Metal Cyber dot com.
Encryption plays a central role in securing both web and directory services. Without encryption, any data sent over the network—including passwords, form inputs, and directory lookups—can be intercepted by attackers with access to the communication path. H T T P S and L D A P S were developed specifically to solve this problem. H T T P S encrypts browser-to-server communications using Secure Sockets Layer or Transport Layer Security. L D A P S does the same for directory lookups and authentication queries. In modern environments, unencrypted versions of these protocols are often blocked by default, and encrypted alternatives are required by compliance standards and cybersecurity frameworks.
Port numbers associated with each service are an essential part of configuring and troubleshooting communication. H T T P uses Transmission Control Protocol port 80, and H T T P S uses port 443. L D A P communicates over port 389, while L D A P S uses port 636. These port assignments are widely standardized and must be open on firewalls for services to be reachable. In practice, servers must be configured to listen on these ports, and clients must be allowed to connect to them through any intermediary network devices. A mismatch in port usage—such as attempting to reach L D A P S on port 389—will result in failed connections and authentication errors.
When access issues arise, protocol-based troubleshooting can reveal the cause. Start by confirming whether the service is running and listening on the expected port. A web server not listening on port 80 or 443 will be unreachable, and a directory service restricted to port 389 will fail to process encrypted queries. Next, check for firewalls or access control lists that might be blocking the connection. Internal or external firewall rules may deny traffic to or from specific ports. Lastly, verify name resolution using tools like NSLookup or Dig to ensure that domain names resolve to the correct I P addresses.
Secure web access also requires digital certificates. For H T T P S to function, the server must have a valid certificate signed by a trusted certificate authority. This certificate contains the server's identity and a public key that allows clients to establish a secure connection. Browsers check that the certificate is valid, not expired, and correctly matches the server name. If any of these conditions are not met, the browser will display a warning or refuse to establish the connection. Proper certificate management is critical for ensuring that H T T P S sessions are not interrupted or spoofed.
Directory integration is a core part of enterprise authentication systems. L D A P and L D A P S are used to authenticate users during login workflows, authorize access to shared resources, and support single sign-on implementations. They also enable role-based access control, where users are granted permissions based on group memberships or directory attributes. These services often integrate with platforms like Active Directory, which serve as centralized stores for user credentials and network policies. In large organizations, hundreds or thousands of systems may rely on a single directory service for authentication and identity management.
Failing to use encrypted versions of these protocols has serious security consequences. When H T T P or L D A P is used instead of their encrypted counterparts, credentials and data are exposed to potential eavesdropping. Attackers on the same network can intercept usernames, passwords, and session identifiers. This kind of visibility allows for account takeovers, privilege escalation, and data theft. To prevent these threats, H T T P S and L D A P S should be used by default, and access to unencrypted versions should be explicitly disabled wherever possible.
In enterprise environments, these protocols are found everywhere. H T T P and H T T P S are used in internal web-based management interfaces for routers, switches, firewalls, and application dashboards. L D A P and L D A P S are used behind the scenes for everything from desktop logins to email client authentication. Many applications are built to query a directory service at startup, to validate users, or to retrieve configuration settings. While some of these services run internally only, encryption is still important to protect against insider threats and compromised devices.
The Network Plus exam includes questions that ask you to identify the correct port number for a given protocol, differentiate between secure and insecure versions, and select the best protocol for a specific use case. You may be shown a network diagram and asked to explain why a connection is failing, or be given a scenario where credentials are exposed, and required to identify that L D A P is being used insecurely. Mastering the relationships between these protocols, their ports, and their role in secure communications is critical for both exam success and practical network design.
To review the key points, H T T P and H T T P S are used for delivering web content. H T T P is unencrypted and uses port 80, while H T T P S is encrypted and uses port 443. L D A P and L D A P S are used for directory services. L D A P uses port 389 and is not encrypted by default, while L D A P S uses port 636 and encrypts all communication. Secure versions should be the default in all network designs, and access to legacy unencrypted ports should be limited or disabled. These protocols support identity, access control, and user experience across nearly every modern organization.