Professional Documents
Culture Documents
Network Layer
• The network layer, or OSI Layer 3, provides services to allow end devices to
exchange data across networks.
• IP version 4 (IPv4) and IP version 6 (IPv6) are the principal network layer
communication protocols.
Characteristics of IP
IP was designed as a protocol with low overhead. It provides only the functions that are
necessary to deliver a packet from a source to a destination over an interconnected system of
networks.
The protocol was not designed to track and manage the flow of packets.
These are the basic characteristics of IP:
• Connectionless - There is no connection with the destination established before
sending data packets, meaning that no dedicated end-to-end connection is created by
IP before data is sent.
• Best Effort - IP is inherently unreliable because packet delivery is not guaranteed.
With no pre-established end-to-end connection, senders are unaware whether
destination devices are present and functional when sending packets, nor are they
aware if the destination receives the packet, or if the destination device is able to
access and read the packet.
• Media Independent - Operation is independent of the medium (i.e., copper, fiber-
optic, or wireless) carrying the data.
Default Gateway
The default gateway is the network device (i.e., router or Layer 3 switch) that can route
traffic to other networks.
On a network, a default gateway is usually a router with these features:
• It has a local IP address in the same address range as other hosts on the local
network.
• It can accept data into the local network and forward data out of the local network.
• It routes traffic to other networks.
Subnet Mask- This is used to identify the network/host portion of the IPv4 address. It’s a 32-
bit number that is used to divide a larger network into smaller sub-networks, and it works by
defining the network and host portions of an IP address.
For end devices to communicate in a network, several elements are required:
Network Interface Card (NIC): A NIC is a hardware component that enables the end
device to connect to the network. It acts as a physical interface between the device
and the network medium (e.g. Ethernet cable, Wi-Fi).
IP Address: An IP address is a unique identifier assigned to each end device in a
network. It is used to route data packets between devices on the network.
Network Protocols: Network protocols such as TCP/IP, UDP, and ICMP are used to
govern communication between end devices in a network. These protocols define the
rules and standards for communication, including the format of data packets, error
handling, and flow control.
Router: A router is a device that connects multiple networks together and forwards
data packets between them. It uses the IP address and network protocol information to
determine the best path for data to travel.
Switch: A switch is a network device that connects end devices together and enables
them to communicate with each other. It forwards data packets based on the
destination MAC address.
Media Access Control (MAC) Address: A MAC address is a unique identifier
assigned to each NIC. It is used by the switch to forward data packets to the correct
destination device.
Wireshark Layers
Ethernet II, Src – Data Link
Internet Protocol Version 4 – Network
Transmission Control Protocol – Transport
Hypertext Transfer Protocol – Application
Internet Control Message Protocol – Network
Radiotap Header v,0 Length 40 – Physical
802.11 radio information – Physical
IEEE 802.11 005 – Data Link
Logical-Link Control – Data Link
PPI version 0, 84 bytes - Physical
MAC Address
The MAC address, also known as the Media Access Control address, is a unique identifier
assigned to each Network Interface Card (NIC) in a device. It is used by the local network to
identify and communicate with specific devices. It operates at the Data Link layer of the OSI
model and is considered to be a hardware address, meaning that it is unique to the physical
Network Interface Card (NIC) and is not affected by IP address changes or other network
configurations. The first three bytes (24 bits) of a MAC address are assigned by the IEEE and
are used to identify the manufacturer of the NIC. The last three bytes (24 bits) are assigned by
the manufacturer and are used to identify the specific NIC within the manufacturer's range.
Network Security
Network security refers to any activities designed to protect your network, which protect the
usability, reliability, integrity, and safety of your network and data. Effective network
security targets a variety of threats and stops them from entering or spreading on your
network.
▪ Security should be considered balance between protection and availability
▪ Impossible to obtain perfect security—it is a process, not an absolute
▪ To achieve balance, level of security must allow reasonable access, yet protect against
threats
Threats
▪ Threat: an object, person, or other entity that represents a constant danger to an asset
▪ Management must be informed of the different threats facing the organization
▪ By examining each threat category, management effectively protects information through
policy, education, training, and technology controls
Attacks
▪ Act or action that exploits vulnerability (i.e., an identified weakness) in controlled system
▪ Accomplished by threat agent which damages or steals organization’s information
▪ Malicious code: includes execution of viruses, worms, Trojan horses, and active Web
scripts with intent to destroy or steal information
▪ Back door: gaining access to system or network using known or previously unknown/newly
discovered access mechanism
▪ Spoofing: technique used to gain unauthorized access; intruder assumes a trusted IP address
▪ Man-in-the-middle: attacker monitors network packets, modifies them, and inserts them
back into network
▪ Spam: unsolicited commercial e-mail; more a nuisance than an attack, though is emerging
as a vector for some attacks
▪ Denial-of-service (DoS): attacker sends large number of connection or information requests
to a target
▪ Target system cannot handle successfully along with other, legitimate service requests
▪ May result in system crash or inability to perform ordinary functions
▪ Distributed denial-of-service (DDoS): coordinated stream of requests is launched against
target from many locations simultaneously
Phishing - Phishing is a type of cybercrime that involves tricking individuals into revealing
sensitive information, such as passwords, credit card numbers, or Social Security numbers.
This is typically accomplished by disguising as a trustworthy entity, such as a bank, a well-
known company, or a government agency, and sending a fake email or website link that
appears to be legitimate.
Email phishing: An attacker sends an email that appears to be from a trustworthy source and
contains a link to a fake website designed to steal information.
Firewalls
▪ Prevent specific types of information from moving between the outside world (untrusted
network) and the inside world (trusted network)
▪ May be separate computer system; a software service running on existing router or server;
or a separate network containing supporting devices
Firewalls Categorized by Processing Modes
▪ Packet filtering - Packet filtering firewalls examine header information of data packets
Three subsets of packet filtering firewalls:
▪ Static filtering: requires that filtering rules governing how the firewall decides which
packets are allowed and which are denied are developed and installed
▪ Dynamic filtering: allows firewall to react to emergent event and update or create
rules to deal with event
▪ Stateful inspection: firewalls that keep track of each network connection between
internal and external systems using a state table
Packet filtering can be performed by a router, firewall, or other network device, and it is
typically used to block unwanted traffic and allow only authorized traffic to pass through.
▪ Application gateways ▪ Circuit gateways
Provide security by inspecting the contents of individual application-layer data packets. An
application gateway is typically implemented as a proxy server and acts as an intermediary
between the client and the server. The application gateway inspects the contents of the data
packets to ensure that they comply with security policies and to prevent malicious activity
▪ MAC layer firewalls ▪ Hybrids
In summary, packet filtering is used to block traffic based on network-layer information, such
as IP address and port number, while application gateways provide security by examining the
contents of application-layer data packets.
DMZ
A DMZ, or Demilitarized Zone, is used to create a secure area within a network that separates
internal network resources from the public internet. The purpose of a DMZ is to provide an
additional layer of security by ensuring that sensitive internal resources are protected from
direct exposure to external threats, such as hacking attempts, malware, and other security
threats. In a typical DMZ configuration, a firewall is used to control access between the
internal network, the DMZ, and the public internet. By configuring a DMZ, organizations can
provide external access to necessary services, such as a web server, while minimizing the risk
of exposing sensitive internal resources to external threats.
In summary, a DMZ is a security practice that provides a secure environment for public-
facing network services while protecting sensitive internal resources from external threats.
Intrusion: type of attack on information assets in which instigator attempts to gain entry into
or disrupt system with harmful intent
Intrusion Prevention System (IPS): An IPS is an evolution of the IDS technology and
provides an added layer of protection by actively blocking detected intrusions. An IPS
operates by analysing network traffic in real-time, and when it detects suspicious activity, it
takes immediate action to prevent the intrusion by blocking the malicious traffic.
▪ Honey pots: decoy systems designed to lure potential attackers away from critical systems
and encourage attacks against the themselves
▪ Honey nets: collection of honey pots connecting several honey pot systems on a subnet
▪ Honey pots are designed to:
▪ Divert attacker from accessing critical systems ▪ Collect information about
attacker’s activity
▪ Encourage attacker to stay on system long enough for administrators to document
event and, perhaps, respond
Cryptographic Algorithms
▪ Often grouped into two broad categories, symmetric and asymmetric; today’s popular
cryptosystems use hybrid combination of symmetric and asymmetric algorithms
▪ Symmetric and asymmetric algorithms distinguished by types of keys used for encryption
and decryption operations
Symmetric encryption: uses same “secret key” to encipher and decipher message
▪ Encryption methods can be extremely efficient, requiring minimal processing
▪ Both sender and receiver must possess encryption key
▪ If either copy of key is compromised, an intermediate can decrypt and read messages
Digital Certificates
A digital certificate is an electronic document that is used to authenticate the identity of a
network device, and to secure communications over the network. Digital certificates are
issued by a trusted third-party organization, and they contain information about the identity of
the certificate holder. The main purpose of digital certificates is to establish trust and ensure
secure communications between network devices. A digital certificate has both an issue date
and an expiration date. The issue date is the date on which the certificate was issued by a
certificate authority (CA), and it indicates the start of the validity period for the certificate.
The expiration date is the date on which the certificate becomes invalid and can no longer be
used to authenticate the identity of the certificate holder.
Handshaking Protocol
Handshaking is a protocol used to establish a communication session between two devices. It
is a series of exchanges between the devices that ensures that they are both available,
compatible, and ready to communicate with each other.
Connection initiation: The first device initiates the handshaking process by sending a
request to the second device to establish a communication session.
Connection request: The second device receives the request and sends a response
indicating that it is available and willing to establish a connection.
Negotiation: The two devices exchange information about their capabilities and
preferences, such as the type of encryption to be used, the preferred communication
speed, and any other relevant parameters.
Connection establishment: If the negotiation is successful, the two devices establish a
communication session, and data can be exchanged between them.
Connection termination: When the communication session is no longer needed, the
two devices follow a set of steps to close the connection and terminate the
handshaking protocol.