Network Security

OSI Model Vs TCP Model

Cyber Security –CIA Triad

Confidentiality
The state of being Confidentiality
secret

Integrity

ity
No unauthorized

Int
modification

bil
egr

aila
ity

Av
Avilability
Available when ever
required
AAA- Principle
Validate who the user is ?
The online banking web
site ask for a valid userid
and password before A ut h
entic
granting access in the ation

system

tion
a
o riz
What a user can do ? Au
th What user has done?
After getting access to the The bank keeps an audit
online banking web site, Accou trail of all the actions
nting
user can view account which the user performed
details of his savings during his stay with the
account only system
Basic
• Vulnerability: Weakness/Loophole in a system which allows threat.
• Threat: Take advantage of vulnerability to hack a system.
• Risk: The potential loss caused due to threat.

Terminology • Risk = Vulnerability X Threat

• Vulnerability Assessment: The process of identifying risks and

of Hacking vulnerabilities in computer networks, systems, hardware, applications,

and other parts of the IT ecosystem.
• Penetration Testing: An authorized simulated attack performed on a
computer system to evaluate its security.
• Asset: A resource of value such as the data in a database or on the file
system, or a system resource.
• Countermeasure: A safeguard that addresses a threat and mitigates
risk.
• Exploit & Payload: An exploit is a piece of code written to take
advantage of a particular vulnerability. A payload is a piece of code to
be executed through said exploit.
Types of
Hackers
 White Box: Sharing the full information to tester.
e.g., URL, Credentials and Source code given for
testing.

Black Box: Testing without having proper

Types of information
Pentesting e.g., Only URL is provided for testing.

Gray Box: (White Box + Black Box) Having

minimal information for pentest.
e.g., URL + Credentials given for testing
What is a
Network
Protocol?

• A protocol is a set of rules

that governs the
communications between
computers on a network.
• These rules include
guidelines that regulate the
characteristics of a network
Simple Network Architecture
 20 &21-FTP (File Transfer Protocol)
Different Network 22-SSH (Secure Shell)
Protocols
23-Telnet
25-SMTP
53-DNS
80-HTTP
123-NTP
137-139-Net-Bios
443-HTTPS
161-SNMP
636-LDAP
3306-MSSQL
3389-RDP
3-way handshake
 • Network Security assessment

• Evaluation and Auditing the security

Why Scanning • Firewall Penetration Test (Policy auditing)
• IDS proof/evaluation
• Identifying unexpected new servers

• Identifying open ports for

• proactively protect the network (Network
and security admin)
• attacking it (Hackers)
Types of Nmap Scans

• TCP SCAN
• UDP SCAN
• SYN SCAN
• ACK SCAN
• FIN SCAN
• NULL SCAN
• XMAS SCAN
TCP Flags:

1 2 3 4 5 6

SYN (synchronize): ACK RST (reset): Signify the FIN (finish): Indicate PSH (push): Indicate URG (urgent): Indicate
Packets that are used (acknowledgment): connection is down or that the connection is that the incoming data that the data that the
to initiate a Packets that are used maybe the service is being torn down. Both should be passed on packet is carrying
connection. to confirm that the not accepting the the sender and directly to the should be processed
data packets have requests receiver send the FIN application instead of immediately by the
been received, also packets to gracefully getting buffered TCP stack
used to confirm the terminate the
initiation request and connection
tear down requests
TCP SCAN:
• Tcp scan will scan for TCP port like port 22,
21, 23, 445 etc and ensure for listening
port (open) through 3-way handshake
connection between the source and
destination port.

• If the port is open then source made

request with SYN packet, a response
destination sent SYN, ACK packet and then
source sent ACK packets, at last source
again sent RST, ACK packets
UDP Scan
•UDP scan works by sending a UDP packet to
every destination port; it is a connectionless
protocol. For some common ports such as 53
and 161, a protocol-specific payload is sent to
increase the response rate, a service will
respond with a UDP packet, proving that it is
open. If no response is received after
retransmissions, the port is classified as
open/filtered. This means that the port could
be open, or perhaps packet filters are
blocking the communication.
Syn and Stealth Scan
Fin Scan
Xmas Scan
Lab Exercise
Scan Scan a single IP nmap 192.168.1.1

Scan Scan a host nmap test.com

Scan Scan a range of IPs nmap 192.168.1.1-20

Scan Scan a subnet nmap 192.168.1.0/24

Scan Scan targets from a text file nmap -iL list-of-ips.txt

What Are Packet Sniffers?

• A packet sniffer is either a software or hardware tool to intercept, log,

and analyze network traffic and data.
1. WinDump
2. Wireshark
3. Telerik Fiddler
4. tcpdump
5. Kismet
 Nmap –sV
192.168.157.190
Default username
and password
FTP Exploit
Bruteforce Attack
Vulner Scan
IP Addressing
• IPv4: 32-bit addresses
• Usually written in dotted notation, e.g. 192.168.21.76
• Each number is a byte
• Stored in Big Endian order

0 8 16 24 31
Decimal 192 168 21 76

Hex C0 A8 15 4C

Binary 11000000 10101000 00010101 01001100

30
Classes of IP Addresses
0 1 8 16 24 31
Class A Example: MIT
0 Ntwk Host
18.*.*.*

1-126
0 2 8 16 24 31
Example: NEU
Class B 10 Network Host
129.10.*.*
128-191
0 3 8 16 24 31
Example:
Class C 110 Network Host
216.63.78.*

192-223 31
Threat Modeling

•Defining security requirements.

• Creating an application diagram.

• Identifying threats.

• Mitigating threats.

• Validating that threats have been mitigated