ITSE202

CYBERSECURITY II
LECTURE I – NETWORK BASICS
1. NETWORKS
Two or more computers (or other devices) are connected so as
to be able to exchange data.
Each device is a node in a network with a unique address (IP
Address).
Addresses are numeric quantities such as 192.168.5.1
Some addresses have names(Domain Names), so it becomes
easier to remember by humans. For instance;
https://www.youtube.com/
Networks provide the main transit for information, and because
of this, they are subject to scrutiny and attack.

Network Topology
2. TYPES OF NETWORKS
 Personal Area Network (PAN)
 Local Area Network (LAN)
 Metropolitan Area Network (MAN)
 Wide Area Network (WAN)
 Virtual Private Network (VPN)
 Storage Area Network (SAN)
 Personal Area Network (PAN)
It is the smallest and the most basic network, mainly in a short
range. In most cases, a Bluetooth connection between a
headphone and a smartphone is the most prevalent example
for a personal area network. Alternatively, a small home
network consists of a modem, 2-3 computers, and 2-3
smartphones.
 Local Area Network (LAN)
A local area network is a computer network that connects
computers and vehicles in a limited geographical area such as
home, school, laboratory, business buildings.
High data transmission, smaller area, and no need for a
monthly rental intermediary to ensure permanent connectivity
are among its advantages.
 Metropolitan Area Network (MAN)
It is a network system that includes multiple LAN systems and
has a size between the LAN and WAN on a geographical scale.
It may belong to a single institution or organization, or it may
be in the form of a public service.
 Wide Area Network (WAN)
It is the type of network that covers the widest area
geographically. Expresses the network structures spread over
the world.
WAN technologies can be used to connect remote branches (in
other country) of institutions and organizations.
Generally, WAN technologies are slower than LAN.
 Virtual Private Network (VPN)
In its most basic sense, it is a service that allows you to
connect to the internet through another IP address.
VPN secures your connection and encrypts your connection
while connecting to any network and ensures your identity
cannot be found.
Also, you can connect to banned sites, restricted sites or IPs in
your country.
 Storage Area Network (SAN)
It is the name given to very high speed network storage
devices.
It connects different types of data storage devices together
with database servers to serve large network users, and it
allows data exchange between.
3. BASIC NETWORK DEVICES
Network devices are intermediate devices that enable
computers or similar digital systems, which are in the end
system position, to work and communicate with each other.
 The Internet is actually formed by the interconnection of such
Devices.
3.1 Hub
It is a device that allows more than one computer or device to
connect to each other.
Hubs do not know which computers are connected to them
and do not perform a network operation of the source or
destination computer.
For this reason, according to Switches, they are defined as
dumb devices in short.
3.2 Switch
Switch is the network hardware that enables the
communication of the computers to which it is connected, just
like the Hub.
The differences between Hubs and Switch:

While the hub sends data to all computers, the Switch sends
data only to the chosen computers.
Switches prepare a separate path for whatever device is
connected to their ports, and unlike Hubs, it directs all of the
bandwidth to the desired port.
Hubs automatically divide and transfer the bandwidth to all
ports. Thus, there is a loss of speed.
Switches can send data with an encryption method. Hubs
cannot.
3.3 Router
Router, is the network hardware that provides the connection
between multiple networks. That is, it provides routing of
computers connected to the network.
It examines the incoming network packet and transfers it to
another network. It also determines how the incoming packets
will reach which address.
3.4. Modem
A modem is a device that connects computers to the public
network and enables a computer to access computers in
remote locations.
Modems are primarily used to transfer digital data over a
telephone line.
When a modem sends data, it converts digital data into analog
signals, , called modulation.
When a modem receives data, it converts analog signals into
digital signals, called demodulation.
Wireless modems, on the other hand, convert digital data into
radio signals.
3.5 Access Point
It is a wireless signal distributor. It is a network device used to
convert the existing wired network to wireless and/or expand
and strengthen the wireless network's area.
3.6. Repeater
It is an electronic device that receives a signal and retransmits
it.
Repeaters extend transmissions so that the signal can travel
longer distances.
3.7. Network Card
A network card (or NIC) is a small electronic circuit board that
allows computers to communicate over a computer network.
It's the part of the system that enables your computer to
connect to a local area network (LAN), wide area network
(WAN), or the Internet.
3.7.1. MAC(Media Access Control) Address
A MAC address is a unique identifier assigned to a NIC
(Network Interface Controller/ Card).
It consists of a 48-bit and 64-bit address associated with the
network adapter. The MAC address can be in hexadecimal
format.
MAC address usage is common in most IEEE 802 networking
technologies, including Ethernet, Wi-Fi, and Bluetooth.
To find your MAC address in a Windows computer type getmac
command in cmd. E.g; 00-14-22-04-25-37
To find your MAC address in a Linux computer type
ifconfig -a command in terminal. E.g; ether 08:00:27:1d:8e:54
4. DATA TRANSMISSON
In modern networks, data are transferred using packet
switching.
Messages are broken into units called packets, and sent from
one computer to the other.
At the destination, data are extracted from one or more
packets and used to reconstruct the original message.
Each packet has a maximum size, and consists of a header and
a data area.
The header contains the addresses of the source and
destination computers and sequencing information necessary
to reassemble the message at the destination.
5. PROTOCOLS
Define the rules that govern the communications between two
computers connected to the network. Example; HTTP protocol
for communication between web browsers and servers.
Roles; addressing and routing of messages, error detection and
recovery, sequence and flow controls etc.
5.1. Internet Protocol
The IP protocol provides two main functionality:
 Decomposition of the initial information flow into packets of
standardized size, and reassembling at the destination.
 Routing of a packet through successive networks, from the
source machine to the destination identified by its IP
address.
Transmitted packets are not guaranteed to be delivered
The IP protocol does not request for connection
(connectionless) before sending data and does not make any
error detection.
5.2. Transmission Control Protocol (TCP)
TCP provides by using IP packets a basic service that does
guarantee safe delivery:
 Error detection
 Safe data transmission
 Assurance that data are received in the correct order
Before sending data, TCP requires that the computers
communicating establish a connection.
It uses the 3-way handshake method for this. It requests a
confirmation message that the information is sent, and if it
cannot receive this confirmation, it requests a confirmation
message again.

SYN (Synchronize - Request)

SYN + ACK

ACK (Acknowledge)

3-way handshake
TCP message types
Syn; used to initiate and establish a connection. It also helps
you to synchronize sequence numbers between devices.
ACK; helps to confirm to the other side that it has received the
SYN.
SYN-ACK; SYN message from local device and ACK of the earlier
packet.
FIN; used to terminate a connection.
5.3. User Datagram Protocol (UDP)
Connectionless protocol, without any error detection facility.
Provides only support for data transmission from one end to
the other, without any further verification.
The main interest of UDP is that since it does not make further
verification, it is very fast.
Useful for sending small size data in a repetitive way such as
time information.
5.4. Internet Application Protocols
On top of TCP/IP, several services have been developed in order to
homogenize applications of same nature:
FTP (File Transfer Protocol); allows the transfer of collection of files
between two machines connected to the Internet.
Telnet (Terminal Protocol); allows a user to connect to a remote host in
terminal mode.
NNTP (Network News Transfer Protocol); allows the constitution of
communication groups (newsgroups), organized around specific topics.
SMTP (Simple Mail Transfer Protocol); defines a basic service for
electronic mails.
SNMP (Simple Network Management Protocol); allows the management
of the network.
Internet Application Protocols
6. PORTS
An IP address identifies a host machine on the Internet.
An IP port will identify a specific application running on an
Internet host machine.
A port is identified by a number, the port number.
The number of ports is not functionally limited, in contrast to
serial communications where only 4 ports are allowed.
There are some port numbers which are dedicated for specific
applications.
TCP and UDP use ports in connection with upper protocols.
There are 65535 ports and the first 1024 ports are the well-
known ports. For example, when the client (PC) wants to
connect to a website, the Destination Port in the TCP segment
is 80. HTTP's default port number is 80.
Port numbers between 0 and 255 are used to access the
standard application layers. For example, port 23 is used for
telnet and port 21 is used for ftp.
In Windows Operating System, you can find which port number
the computer uses for which application program in the file
C:\Windows\System32\Drivers\etc\services
6.1. Port Numbers
The most used port numbers are listed below.

FTP: 20-21. port (file can be exchanged with the related device)
HTTP: port 80 (Alternative Port: 8080 - output port to Web)
HTTPS: port 443
SMTP: Port 25 (communicates with the related device via e-mail)
TELNET: port 23 (provides text-based communication with the
related device over the terminal)
SSH: port 22 (provides remote control to related device)
IMAP: port 143
POP3: port 110
SMPTS: port 465
POP3S: port 995
IMAPS: port 993
DNS: port 53
DHCP: 67-68. port
7. DOMAIN NAME SYSTEM (DNS)
Mnemonic textual addresses are provided to facilitate the
manipulation of internet addresses.
DNS servers are responsible for translating mnemonic textual
Internet addresses into hard numeric Internet addresses.
DNS servers are classified according to the places they are
located and the institutions they belong to.
Internet addresses are divided into subsections. These sections
are called top-level domains. The parts that these domains refer
to are as follows:
.com: Commercial organizations (COMmercial)
.edu: Higher education institutions (EDUcation)
.org: ORGanizations
.gov: Government-owned institutions (GOVernment)
.mil: Military institutions (MILitary)
.net: Organizations providing large network services
(NETwork)
.int: International organizations (INTernational)
.num: Where to find phone numbers (NUMBers)
.arpa: Reverse DNS query places
8. Open Systems Interconnection (OSI)
Model
The usual way to conceptualize a network in computing and
electronics engineering is through the Open Systems
Interconnection (OSI) Model.
The basic model of network communication.
This is characterized by several layers of abstraction.
Describes the functions of a networks system.
OSI Model
Application layer; the function of this layer is high-level APIs,
remote file sharing and resource sharing in general.
Presentation layer; this layer is concerned with the translation
of data between a networking service and an application. This
could be data compression, character encoding and encryption
or decryption.
Session layer; the functionality of the session layer is
concerned with managing communication sessions, such as the
continuous exchange of information in the form of back-and-
forth transmission between nodes.
Transport layer; this layer deals with the reliable transmission
of data segments between points on a network, including
segmentation, acknowledgement and multiplexing.
Network layer; the network layer functionality includes the
structuring and managing of multi-node networks, including
addressing, routing and traffic control.
Data link layer; here the reliable transmission of data frames
between two nodes connected by a physical layer is the main
concern.
Physical layer; finally, the physical layer is focused on the
transmission and reception of raw bit streams over a physical
medium. Another model which is useful to compare with the
above OSI here is the TCP/IP model.
HOW THE OSI MODEL WORKS
The layers work together to form a mechanism of
communication between systems at various levels of
abstraction. How this works in practice can be understood by
an example of its use and envisaging(forecast) the movement
of packets within a network.
An email client, such as MS Outlook, has data which resides at
Layer 7 – the application layer. When an email is written and
send is pressed, the data works its way down the OSI layers
one by one and through the network.
The data first works through the presentation and session
layers, before entering the transport layer; here, the email will
be sent by SMTP. The data will move through the network layer
into the data link.
The packets eventually reach the physical layer, where the hard
wiring will send the data across the networks to the recipient.
When the recipient is reached, the process occurs in reverse,
that is, it will work its way back up the OSI model before
reaching the application level again.
9. TCP/IP MODEL
The TCP/IP model is a part of the Internet Protocol Suite. This
model acts as a communication protocol for computer
networks and connects hosts on the Internet. It is a concise
version of the OSI Model and comprises four layers in its
structure.
One of the main differences between the two models is that
the application layer, presentation layer and session layer are
not distinguished separately in the TCP/IP model, which only
has an application layer above the transport layer.
Application layer; this is equivalent to application,
presentation and session layers in the OSI model, dealing with
higher-level application-based processes. The applications use
the services of the underlying lower layers. For example, the
transport layer provides pipes between processes. The partners
involved in this communication are characterized by the
application architecture, such as peer-to-peer networking or
the client-server model. At this layer reside the application
protocols such as SMTP, FTP, SSH and HTTP, each of which has
its own designated port.
Transport layer; transport and network layers in the OSI model
are concerned with host-to-host transport of data. The
transport layer uses the local or remote networks, separated by
routers, to perform host-to-host communication. It is this layer
which sets up a channel of communication which is needed by
the applications. The basic protocol at this level is UDP, which
provides an unreliable connectionless datagram service. TCP
provides flow control and the establishment of the connection,
together with the reliable transmission of data.
Internet layer; the Internet layer is concerned with the
exchange of datagrams(contains header information to find the
destination) across network boundaries, providing a uniform
network interface that hides the underlying network
connections’ topology or layout. It is, therefore, this layer which
provides the actual capability to internet-work; in effect, it
establishes and defines the Internet. It is this layer which
defines the routing and addressing capabilities that are used in
the TCP/IP protocols, the main one of which is the Internet
Protocol, which define the IP addresses. In routing, its function
is to transport datagrams to the next host.
Link Layer(also called the dalink layer, network interface
layer, or physical layer); the local network link where hosts
communicate without routers between them. It is what handles
the physical parts of sending and receiving data using the
Ethernet cable, wireless network, network interface card, device
driver in the computer, and so on.
10. REFERENCES
 Ralph Moseley, (2022). Advanced Cybersecurity Technologies, 1th
Edition.
 https://www.cloudflare.com/en-gb/learning/ddos/glossary/
open-systems-interconnection-model-osi/