C172

⇐Iiotrox:#✗ ""

-
Course subjects
1
explore components of comp networks + network com protocols .

2 /
compare contrast transmission control / internet protocol ( TCP/IP) security + 051 model .

3 devices network
Networking essentials ,
+
types , basic commands
,
network topologies +

architectures
4 Explore concepts related to security vulnerabilities threats , ,
risk mitigation policies
,
+

procedures security management

w/ .

5 Examine encryption fundamentals intrusion detection & prevention systems authentication

, , ,

access controls ,
device hardening .

* PA : Definitions + Reading
* 0A : scenario based
 unit 2

intro to

networking foundations
module 1: TCP/IP + 051

Objectives :

* Describe relationship between 051 { TCP/IP Layers

* ID TCP/IP Model
* ID 051 Model
* Describe data flow of 051 model

-
TCIP / IP 051 Overview+

• models described as a set of procedures that sends data from one host
to another .

o done over internet ,

network or other communication .

TCP / Icp PROTOCOLS 0 S I

M O DEL + SERVICES MODEL

""""""""
application
HTTP ,
FTTP
application
,

telnet ,
NTP .

session

transport TCP ,
UDP Transport

' P. ARP , ' CMP

network '
network
1 GMP

network datalink
interface Ethernet

physical
•
Tcp/ip
0 transmission control Protocol and Internet Protocol
0 not as
widely used .

0 Layers
☒ network interface : physical cabling or wifi .

On network : internet protocol ( IP) or internet control message Protocol ( ICMP ) . logical transmission protocol .

☒ transport :
ensures data is delivered to correct app .

☐ transmission control Protocol CTCP) . Reliable verifies data t resents it .

☐ User Datagram Protocol ( VDP) Unreliable .

,
does not guantee redelivery of data . Pref . in audio stream .
 added in app
☒
Application Deals w/ all pieces of info
:
.

HTTP)
☐
hypertext transfer Protocol (
☐ simple Mail transfer protocol ( SMTP )
☐ DNS
-
OSI tB will be a big part of exam .

•
Developed by The International Standards organization ( Iso) .

Allows for greater granularity

•

Layers
•

⑧ Datalink layer : Responsible for error free delivery of data to the receiving device or node

Network for transmission of data b tween hosts in diff networks routing data
Layer :
Layer packets
+
.

thru devices switches

Implemented + .

!! transport layer :
provides service to app layer + relieves from network . Responsible 4 reliable data delivery .

0
segments + reassembles data
0 Often called heart of 051

Session layer establishment, maintenance authentication

Responsible for
⑧ :
connection ,
t .

0h Presentation layer : translates data from app to format required to transmit data over network .

App layer :
network apps ( HTTP or FTP eat) .
+
production of data transferred .

051
typically ref as # s not name
•

I
.

0 S
.
,

Acronyms for remembering layers for MODEL

-

051 .

Please Physical I

_N→⑨Ñ
-

*
Data link 2
NIC functions @ layer 2 ,
Do -

Not -
Network 3 Presentation 6

Throw
-

Transport 4
5
Sausage -
Session 5

Pizza -
Presentation 6 transport
7-
Away -

Application network

datalink 2

I
physical
 module 2 : network media ,
devices ,
+ standards
* know devices + where sit in 051 .

-
network media devices -

Cables
•
modem •
UTP
0
necessary for sending + receiving data .
o unshielded twisted pairs
° allow transport along analog lines ( phone / o twisted to protect against interference .

cable lines) .
0
invented by Alexander Graham Bell . Still

0
Types used today .

cable
on 0
types
⑨ DSL ⑨
Cat 3 → 10M pbs . Used for phone lines
satellite Cat 4 16 Mpbs up to 100 meters
on 8 →
. notused
•
Router * ☒ Cats → 100 Mpbs Ip to 100 meters Re

/
-
.
,

point of connection between 2 networks

placed by Se
o
. know .

° forwards data packets between net -

this 1¥ • cat Se → doubles twisted
pairs 1 Gps.
over
info
works 100 meters . Used for device to

• Switch switch hub , or router

0 connects devices within network + allows At • Cat 6 →

Used in Ethernet LANs and data
4
communication .
Centers . tightly woven pairs .

0 More complex version of hub .

I Gps up to 100 meters, 106ps up to

0 switches have capability to add security 50 meters .

measures + function more

intelligently .
⑧
Cat 6 a → improvement of the Cat 6 . 106ps over

0 less chatty ,
allows more simultaneous 100 meters .
Higher quality cable .

conversations . Most commonly used in wired net -

0
Creates array of MAC addresses + works today .

knows °
Connectors used @
where packets go to . Datalink end of UTP cables .

Layer .
↳ RJII supports : 2 pairs used , in telephones .

↳ RJ 45 :
•
Bridge sup . 4 pairs ,
used w/ ethernet cables .

0
connects 2 or more networks .
•
Coaxial
0
bridge does not analyze only ,
forwards °
used
by cable tv companies .

info .
0
copper protected by metal shield

not Fiber
widely used •
0
anymore .

plastic threads to transfer

Repeater
0
use
glass or
•

0
strengthen replicates regenerates signals .
data using light .

,
,

For extends wifi connection transfer data

digitally
° 0
ex ,
in large .

home .
0 Types
•
Hub Dumb * ☒
single -
mode → one glass of plastic fiber

{
.

0 takes data packets from router .

sends to all 9 0 benefit : carry bandwidth for Sox distance
"
Dumb
"

does not 3
devices connected on network .
+ of multi mode cable Used for
long distances
data
.
.

screen .

]
•
ex : u , ,zµb each device must
ony won at any ( thousands of kilometers)
g.
. .

the traffic
designed for it + ignore the * gym , ,y mom
.

,
genera,, , , ,,, w , yan.gg.ge,
rest Less
expensive
.
.

051 Layers 0
Connector
types
•

network (3) Data link (2)

• ST :
straight tip connectors
most w/ multi mode fiber
commonly
☐
used

until mid 2000s -

switch Router modem switch router

☒ LC :
lucent connectors Smaller . version of

Standard connector Most common

physical (1)
.

type today . Used with SFP ( small

form factor
pluggable)
-

Modem hub repeater

module 3 : Basic network commands
•
Ping :
sends internet control message Protocol •
ns look up
( ICMP) echo request to a host + listens
°
name server lookup
for Displays info
reply
0
.

° If •
displaying DNS
reply received , will
display time taven .

trbl shooting DNS

0
latency +
connectivity issues problems .

can be
measured
°
Useful : IP address
.

displays names to
mappings .

•
trace route / Haart •
dig
0 traces the route an IP packet faves to 0 Domain information groper

destination .
0
Query DNS name servers .

0 trace route = Linux

•
helps troubleshoot DNS problems .

trace rt =
Windows 0 Replacement for ns lookup .

Useful :
where failed trouble • who is
ping
° .

see
,

eat Used most often to lookup who

shooting performance domain
0
issues . owns or
,

• trace path block of IP addresses on the internet .

Similar to trace route Displays privacy options that from being

0
0
path many hide info
-

taken
by a packet .
returned .

° Can be used Primary Linux

by a_ny used
0
.

Primarily Linux route

0 •
.

•
ip config
°
displays current route tables on a host .

0
provides user w/ the IP, subnet mask ,
°
Used
by local host to determine where to send

default traffic
gateway
+ . .

0
/ all command -
Default ,
collects MAC
•

Scp
address DHCP Secure
lease into
copy protocol
+ 0
.
,

/ release between
→ releases connections securely copies files
0 0
all + servers .

renews the adapters .

0
leverages SSH ( secure shell ) for authentication and

o
Primarily Windows encryption .

if ftp
config
• •

file transfer
Used to config kernel network inter Copies file from onehost
0
protocol
° to
-
. .

faces .
another .

Linux °
data is
unencrypted
primarily
0
.

•
ARP 0
FTPS uses SSL / TLS
- ifenryptien is needed .

0 Address Resolution Protocol °

transfer uses TCP for reliability

Displays IP to ( MAC) add

•
tft
press
°
physical the -

for discovered transfers hosts in

0 from client to server vice versa
mappings or .

the cache finger

•
.

0 ARP used to . . .
0
displays info about a user on a remote
system .

•
add •
nmap
⑧ remove 0 network mapper

modify entries in ARP cache .

° Scans networks to find hosts +
open ports
0 hosts must be on local network
.
0 Used to find what is
deployed on network for volner -

On info found
by broadcasting to ability analysis + security scans .

everyone on the network .

•
top dump
•
net stat 0
Displays packets being transmitted over network sys
0
network statistics 0
protocol analyzer ( sniffer)
info about active ports Shows contents of network
Displays
0
0 -

packets .

o useful in trbl shooting capacity •

telnet / ssh

management .
0 allow a user to
manage accounts + devices

onetstat -
r →
displays routing info for remotely .

network adapters .
0 Dif ? NÉE .

o avail Linux , Windows

.
, macos .
 * on exam
module 4: network types modules : network Topologies
•
PAN :
personal area network
•
bus :
single line of devices connected together by one

°
Centered around person + devices .
Shared network cable .

°
connects computer headphone sect 0 Used often in
,
tablet . begin .

Communication between devices networking

°
not used as

q*oo_d_---r_-fBe
,

on bluetooth
frequently now .

I
☒ usb connections °
comps .
must connect w/
⑧ wifi hotspots physical wires
::0
.
'

speakers 0 bus topologies must be

= bhB M .kz?-o.UB. q Boar =
LAN Local Area Network terminated
properly
• : .

°
devices connected in a limited area
0 If the wire is cut then the network fails .

0 ethernet / wifi
°
also called network segment b/c be
more comps can
.

0
popularized in 1960s added w/ network cables
0 1980s -
LANs support TCP/IP .
⑧
problem b/c cannot send + receive @ the
•
WLAN :
wireless Area Network same time .

0 wifi is used to communicate between devices .

⑧
Cable is bus is shared communications medium .

0
popular for small businesses .
All comps will recieve AI network traffic .

•
SAN : storage Area Network
°
The main issue w/ this network type is overcrowd -

0 allows access to
storage devices specifically . ing .

0 allow servers to access devices ( tape libraries

•
Ring : combats traffic collisions in bus network .

disk arrays ect ) while , presenting them like network is still shared medium , but traffic is con -

local attached device . trolled .

°
Used to connect servers + storage devices .
°
Important differences :

0 reduce interference from LAN traffic ① network cable interrupted by each comp
•
CAN :
campus area network on ring .

0
multiple LANs over limited area ② cable connected back to self instead of
°
Similar to WLAN but smaller area
terminators
,
.
•
•
MAN : Metropolitan Area Network 0 Dual rings ( pictured) are used •
• •

0 network access > CAN

.
to maintain network

⑥ ⑧ firm
connectivity .gg
0
Owned
by many orgs .
.

0 Creates fabric of network coverage .

°
Found in fiber optic netw .

of
°
Offers 9 speeds compared to WAN .
•
Star
Topology :
central netw .
•
•
•
WAN : wide Area Network device connects to various other an

0 covers large geographical area .

devices .

0
Internet is ex .
of WAN .
0 each device is only connected to central switch .

°
Network connects smaller networks °
Most common in LAN netw .
now .

transfer 0
protects from
0 ex :
global banks use WAN to

data across the world This .

maintains most loses of

security data :F
so does not need to
connectivity .
patch
panel
go thru
°
internet . allows versatile
switch
network definitions set
up
•
.

Client Used WAN 4

distinct server
8.fbka.to
0
server 0 in
: distinct
-

client .

large businesses .

server :
Sys . stores data t.info .
Connection passes
⑧ client : machine that needs -
access to thru headquarters to connect devices .

the data mesh All

: internet networking devices
•
ex :
are
.
.

0
peer -
to -

peer : each machine on network

heavily interconnected .

acts as server + client 0

unlike others can be wireless connec -

• ex :
bitcoin + +or . 1- ions .

0
self -

healing network .
Can connect to Iif
nodes .
 module 6 : Network Architectures Module 7 : virtual + Cloud Computing
centralization BAM irtvalithtion typically associated w/
-
: vms

•
Beginning : all data kept on mainframe
,
use, operating as servers within datacenter ,

only took inputs but can ALSO refer to

comp +
displayed . a
variety of

server hardware
•
cloud computing

⑤
.

- -

d[
instruct
is a modern ex -
-

↳ converts harware resource →

§

ample .
terminal result ☐ Software .

,
One ex office 365 data center
gives admin superpowers
0 0
.
.
in .

owl older phone

:::?0 0
pros

perform 9 moving physical equipment

^
browser ☒ no .

app b/c web F)

☒ no
than
single point of failure ( Spo
DATA Helps w/ backup
on server . +
recovery .

☒ increase / decrease resources allocated to VM .

Decentralization
Hyper visors * need to know for
-
-

exam .

computing device rather than data for devices

hypervisor
•
power in •
: creates virtual hardware

Center .
0
open source or commercial .

•
Became possible w/ IBM microcomputers -1980s .
•
Can install 05 on VM ,
runs lik installed on

•
Cons physical hardware .

0 not often bared ↳ VMOS

guest 05
up
=
.

hostos
0
mismanaged local security ↳ 05 comp
-

. on -

0
Data may be incompatible between users due •
hypervisor is
RES-OURCETRA-t-F.CI .
Let's

program differences
to everyone know how much allowed
they are
.

•
Pros to use .

°
no network needed ! -

Type 1 Hypervisor
" "

Also called bare

lack of single point of failure metal hypervisor s
0 • -

. .

Client / server comet Oses that

NATlVE
comp
VMs
• a •

run .

0
popular w/ enterprise 0
VMware Esxi

apps
0
Open
-
source KVM
y
.

,
0 shared responsibility switch Éf • Must be installed on bare metal server .

of centralized server 1 •

pro -
has complete access to all machine's

⑤
server
& decentralized client
underlying hardware .

Computer very little info of host

•
. on console screen

0
allows implementation of § comp .

advanced user interfaces .

•
admin is done on dif comp .

0 con -
data inconsistency if multi . users have
given IP address
↳ to connect to VM needed

diff versions client software .

-

Type 2 Hypervisor

*ifith①
↳ move
•
run as app comp
upgrades hard
can on .

server it is a •
runs all requests thru comp 05 .

• Peer → Peer client server •

cons
0 client comp act as
served +
clients .
°
competes for hardware resources .

con uses resources direct access

-

which
o °
on the no
comp .
.

both lead to
is station
degraded performance
°
server + Wor . .

0
Many machines allow this
automatically
across oses .

/
-
HELPFUL TO KNOW DIF

:[ https://youtu.be/pGGDdKZvYpI
]:
?⃝
 Cloud popular w/ app devs
•

Computing
-
.

demand self service ↳ takes the of server power from

Oh
worry
• -

, , resource
pooling elastic accessible
Dev Allows to scale 7 de depend
, ,
+ measurable .
.

app or -

•
on -
demand ing on need .

IT to Also called computing

0
allows quick reaction by expand
↳ server less

services as needed Global . .

-

SaaS -
software as a service

•
Cloud providers
•
software as a service

AWS GCP Azure anything from Facebook to Office 365

•
0
. .

, ,

Allows for like

temporary high
•
use ,

traffic times for marker cloud

your
website .

development models
•
like a water bill only for what ,
pay you
•
Private cloud -

equipment hosted within a

use .
single company 's on -

pre -

•
mares
connectivity across world better ,
Mises data center .

faster °
all equipment to is
.

belongs +
managed
-

Cloud service Models # know for exam by them

•
Public cloud -
Cloud provider responsible for

n,""""""°"
y,,p
maintaining hardware +
repairing
" " " "" " "

YY0V
people 0
state of the art security
each client's
protected by
0

Y0V
is
space
VPC + Firewalls .

Community cloud semi private cloud

•

Common
-
.

WI universities .

hybrid cloud combo private +

public clouds
CsPCsP
-
•

Extend apps + services b tween their

virtual data center + public provider .

Must-have connection
°
b tween data centers

could be VPN WAN

hyÉ
via or .

É
servers +

Physical
É
-
Iaas -
infa structure as a service
•
cornerstones
0 server
virtualization
o
storage
o
network

• customizable ,
but user responsible for more

things .

•
virtual Private Cloud (VP C) means each users

network is isolated
•
Virtual servers also used for PaaS + SaaS
•
User is responsible for backups .

Always deploy 2 of
↳
everything .

Paas -
Platform as a service .

Cloud provider responsible for virtual

• -

servers + ( sometimes) services that run

on top .
module 8 : Network Security Overview
Me
NETWORK SECURITY TERMINOLOGY °
Zero -

Day
asset person / device / location / info that
•
☒ the threat
:
or exploit is not known to

Sec 0ps aims to protect .

public .

attack threat which Intrusion Protection Software ( IPS) option

: action taken
by ⑧
•
a

vulnerability lets admires send

exploits a
.
Seeks any unknown or sus

to gain or code for analysis

prevent access to asset .
.

risk : likehood of attack ☒

Ofc not has so the risk remains
everyone
•

an .
,
.

•
Sec 0ps • ATTACKER TYPES
:
security operations ; protects
assets + reduces risk .
•
•
Vulnerability testers

Threat photos 0 red team attempts

which can exploit volner to compromise
• : :
-
sys .

abilities .
0
blue team : defends

Vulnerability software / hard purple team takes same attack /defend

° :
weakness in
•
: .

Ware / facilities / people which approach but debrief cross train later
,
+ -
.

can be
exploited .
•
Script kiddies

Mr VULNERABILITIES copycat hackers hack for entertain

°

usually
-
,

vulnerability scanner tool ( cloud app) went

•
: or .

detects vulnerabilities your network Use tools that

way more advanced
0
on .
are
common vulnerabilities than what
they understand
•
.

o
physical security °
For
example using script mods ,
to mine in
⑧ Data is
encrypted + that key is changed RuneScape .

freq on premise .
0
These are
unpredictable ble .
they
don't
⑧ Doesn't work if someone can steal understand consequences of what
your the

shit and crack the key in their own

%
they could do .

time . COMMON THREATS + ATTACKS

Weak passwords wiretapping
0 •

☒ This is brute force tools Wires laid WI

telephone
°
common sense . in line wires .

packet
°
can break these .
-
sniffer listens + records net -

⑧ written downpasswords work traffic .

☒ Default passwords if don't EMF

listening tool prevent taking
-
0
you can

them Allows
change you've left the Sys device down add
to
.

wiretap .

unlocked .

listening w/o device being taken down .

0 Mis Configured Firewall Rules 0 to combat fiber optic

,
many ppl use in

• Default
passwords or
leaving loop high security areas . They immune to

holes .
EMF .

⑧ check it often to avoid these mistakes • Port scanning

.

0 Personal Devices in Network open TCP ports allow to

opportunity
0

⑧ Problem w/ BYOD Viruses find what services or

can are being
.

apps
the
pollute network .
run on comp .

On
Trojan Horse
ex : 0 10s of thousands of ports tho ( rip) .

•
Solution Mandatory -
anti-virus 0 There's an for that ! Port scanners
app
.

0
Advanced Persistent Threats automates + allows for more in -

depth
" "
APT ; waits for the opportune moment port scanning
⑨
.

• ransome
ware or
highly destructive
•

Taking control

malware Forces restoration from the correct tied, hacker

°
. once ports are

backup . uses vulnerability scanners to find weak

⑧ sits idle long enough to be in many spots
back ups
forcing compliance Databases
pop targets
SQL Command
°
are
-
.
,

can be used to take control of DB .

 •
buffer overflow : used clog up mem
to . MODULE 9 : CONFIDENTIALITY ,

to trick CPU into

running rouge code .
INTEGRITY + AVAILABILITY ( CIA) ,

0
Protections
A integrity
'
input fields NH intro to CIA
É
1. user are checked for long / CIA

unplanned writing .
! Triangle •
confidentiality
HAHA
jÉ
* data moves
2. enable NX bit CPU limits info
only
°
execute code
- -
-
-
. , , inside triangle .
access
,
, ,

Spoofing
or

contradicts avail
of confidentiality
• ,

availability .

Used for this hard • &

Compromise Risks
eavesdropping
° -
is •
confidentiality + availability
0

due to advances in
networking .
☒
Unencrypted info

☒
Not
" " regularly purging .

"

§§%
° ^
Physical theft
☒

⑧ social
"
engineering
¥ ooo
Accidents / Malfunctions
!
⑧
-
- -
S
1
client
0 Protections
•

is
\ makes request ☒
encrypt info @ rest + in -
transit
3 req , to server * ⑧
made to
,
µ
.
z hacker encrypt / physically secure laptops .

intercepts w/ ☒
delete files
hacker ,
µi fave server securely

,µ☒y
train social
s server

data is sent
Tl 4 hacker
☒
employees on
engineering
☒
to client so Pretends to
complex passwords
be client
nos "
least privilege :
,

•
only assign
-

revering users min .

info from
hacker server per mish
.

•
Integrity
•
Denial of Service (Dos ) 0 Risks
0
floods user w/ packets moving network ☒ man -
in -
the middle atks
unreachable . ☒ intentional / unintentional data deletion
o
Ping Flood -
sends tons of ICMP echo
regs .
☒ Malfunctions
Ends up like feedback
electromagnetic pulse ( EMP) atks
•
in .

a sound
Sys . Makes comp not 0
Prevention
work well ☒ All data transmissions
.

encrypt
☒ avoidable or core able .
One-way Hash calls : create value,
0
Smurf Attack sends tons of ICMP echo regs
: .

verify data has not changed .

from spoof IPs to 7- victim Clogs network ⑧ version control in data

storage
.
+
.

hard to stop / subdue

it's
very .
•
Availability
0
Risks
Social
•
Engineering on Dos or DDoS
o impersonation ⑧ Unplanned downtime from server crash .

phishing Accidental changes

0
☒ to access control
0 Prevention
NH RISK MITIGATION • full disaster recovery plan .

•
Important job in Sec 0ps Server high avail clustering tech
-

.
.

Honeypot
:
☒
• use data that seems legit to trick
Regular back ups
attackers away from real data .

also slows attacker

°
tar pit same ,
but .

Be have plan for

proactive quarantining
• -

comps .

↳ treat like COVID outbreak

your network
:P .

•
Sometimes viruses aren't dangerous right
away
0
Troj Horse
,
Rootkits backdoor atks , .
MODULE 10 : FIREWALLS ,
IDS , IPS
NH FIREWALLS •
Stateful Inspection
•
Network firewall : barrier intercepts traffic +
0 State : connection state b tween 2 comps .

inspects making
,
sure everything is safe .
0
prevents many rules having to be set on

0 limits type of traffic which can reach . Senders side to notify protocol packet
•

Physical ,
VMs
,
or
apps .
relieved .

°
0
host -
based firewall : firewall app on work creates temporary rules to taper down

station . on traffic .

•
App level
F / R E WALLS o
Highly responsive , inspects content of

packets .

Layer 7 Firewall
§ Also Known
°
LAYER 7: .

application
3
LATER 6 : w NK INTRUSION DETECTION + PREVENTION

presentation
- •
Intrusion Detection system : IDs malicious
1-1
LAYERS : traffic based on DB of known behaviors +
Session STATEFUL
I
payload sigs IDS .

"

tap mode IDs can

-

wiretap into the

"
°
LAYER 4 FIREWALL
:
3 :

PACKET transport I network , listening for anything phishy . .

.

FILTERS LAYER 3 : 2 Get it ? :P

0
network E
•
Intrusion Prevention System ( IPS) -

intercepts
LAYER 2:
§ threats .

datalink I
°
in -
line : IPS works best when wired

middle
A-
LAYER 1 : a-
as a man in the network .

€ It data from
physical copy pastas one side of

the network to the other .

F. Both use reputation protectionbased

Packet
-
.

•
Filters
File is blocked based known history
on its
cooperates at layer 3+4
.

Ain't Hester Bynes coming thru here

.

no .

0
Layer 3 - IP address
. Layer 4- TCP or UDP
.

IPS
inspects incoming / outgoing traffic 5
•
+ compare BOTH
to DB .
I☐
0 Packet Filters Check . - .

Protocol i Monitors
typically IP) Intercepts /
☒ •
IDs
•
•

network to
☒ Source IP malicious blocks threats
detect threats .

Destination IP traffic
Many network
•

•
Listens
☒ Source TCP / UDP
port #
•
Avail virtual . ports , op i10
.

• Destination TCP / UDP

passively Pairs
t host based
.

port #
-

! has cables
•

Does not inspect contents of packet only •

can be
Alerts
-

, •

routed physi
header ( address label) config
-

.
Admin tap
Circut Mode Cally to create
Level
Gateways
• -

choke points
0 middle -
man
,
conceals ID of client +

server .

0
Changes IP + TCP / UDP #
0 Allows traffic btween networks .

0
foundation of Ad AT + PAT .
MODULE 11 : 051 + SECURITY
NH LAYER 4 : TRANSPORT
"* LAYER 7- : TCP / UDP
physical •

•
Threats •
Ensures data is relieved + delivered based
o
wiretapping on app needs .

☒ threat on CAT 6
,
not fiber optic •
TCP us .
UDP
cables 0 TCP -
connection oriented -

reliable provides .
.
,

☐ this can be done by sniffing delivery confirmation . Will retransmit data .

EMF .
0 UDP -
connection less , not as reliable, used
0 Protect in music
streaming often .

o
security locks on doors .
•
Threats
0
physical often overlooked , but renders 0 Port scanner -
scans victim 's
comp for
rest obsolete w/o
open ports
.

•
Prevention
NH LAYER 2 :
Data link 0
packet filter firewall-

•
Represents how comp .

logically connect to
0
port redirection exactly - what it sounds
network .
like . Redirects web requests to
lesser
includes ethernet wifi known port Not
very effective
• + .
.

•
Threats
0 Ethernet switches + ULAN NH LAYERS : SESSION
⑧ 2 modes which can be config ⑧
Allow comps dif . b tween connections w/ in

access Service host

assigned
☐
to
single VLAN same
-

.
on .

☐ trunk -
interconnect multi .
switches •
Threats
for multi VLANS .
.
° Attack on Remote Procedure Protocol (RPC)
Attacker exploit trunk config RPC is used
can .
+
preform ☒ to exe
procedures on
other
VLAN
hopping attack .
comps ( like sending a
print job .

•
Prevention •
Prevention
005 App patches
config
°
network in access mode
+
.

NH LAYER 3 : NETWORK AM LAYER 6 : PRESENTATION

Allows comp
•
. on dif .
network to
exchange data .
•
translation + security layer between apps .

IP / ICMP Allows comps to encode encrypt data

• •
+ .

Threats Preformed @ Transport Layer Security

•
0

0
Dos / DDoS ( TLS ) [ replaced 55L?

Ping for info Threat

gathering
° •

•
ping sweep - sends pings to see which
°
TLS / SSL -
man in the middle atk .

susceptible
• Prevention
comp are online be
. +
may °
to other atks .

App -

layer proxy or IPS .

Spoofing
0

be NH LAYER 7 : APPLICATION
• can
Layer 2+3 .

for HTTP / HTTPS

Layer 2 spoofs
☒
MAC address
•

, .

•
Prevention •
Threats
0
ping sweep -

packet filter firewall 0

Attack web servers /APIs
spoofing IPS system If APIs don't contain
authorization
o

check can activate

anyone ,

the API .

☒ Once attacker finds the API

, they
can use to access db or
anything
else attached .

•
prevent
oauth users twice .
/ Reverse proxy
MODULE 12 : ENCRYPTION
ANY ENCRYPTION TECHNIQUES + METHODS •
1psec
•
Symmetric key encryption same key : o Internet Protocol Security
@ layer
encrypts data as decrypts data network 3
0
.
secures .

Suite of tools , Creates Unique Session

°
A -

PLAINTEXT Plaintext
a # Er Text

Agog ⑤ ⑤ ⑤ gateway to
encrypt data from 2 comp .

BBB
D%B § £ •
Ñ☒B encrypted data
sender
encrypt decrypt recipient B- Ñ
A- uses same a

key

*☒☒D_ncryp→ÉEfDBMµ§ •☒☒dnocryptiesD07µ§
o§
shared secret
Hgq§ag_←Ep←→q MFp-FT-EE.EE#o
key •
1psec
Keys used to
create encrypted
•
" packets
0 The encryption is most vulnerable when
.

•
Data
payload encrypted
sender exchange + recipient the
key .

•
Asymmetric Encryption o
composed of

Authentication Header ( Alt)

two different
keys used decrypt
•
are to .

0 Useful for ecommerce + banks .

☐
provides data integrity
Public key infrastructure ( PKI)
Encapsulating security payload / ESP)
0 ☒

allows 2
parties to
exchange encrypt .
☐
provides encryption
ed data w/o first Used w/ Internet
key exchange
°

exchanging private /
shared keys Advanced Encryption standard ( AES)
•

⑧
algorithm creates keys -

public key
°
symmetric key cipher -
near impenetrable .

published to public repository up to 14 transformations context

0
.
.

for data at rest

creates
digital signature
-

0 0 .
.

0 Downside -
lots of computational
power needed
⑨ b/c of this combo of
, many use

asym +
sym encryption
OTLS :
uses
sym +
asym encrypt .

•
Elliptic Curve
Cryptography
weakness of PKI math formulas
0
-
based on

0 ECC fixes that -

uses algebraic structure
of elliptic curves to
generate keys .

☒ Hard to crack w/o quantum comp .

AM COMMON ENCRYPTION USES

TLS
encryption
•

☐
Transport Layer Encryption
0
creates secure internet channel b tween
client + server .

Public form
key is
0
in of Cert Cert
by .

authority
Public
key

⑤
Is
µqg§R '
-

1Ñ☒Ñ
1-
-

Public key
tis
$
-

T
+

data encrypted
data can q
server
by using only be decrypted 8 Private

by paired private key . Key

MODULE 13 : CLOUD SECURITY

NH DATA PROTECTION + CLASSIFICATION BEST PRACTICES

•
Data can
only be kept so
long -
don't Private Cloud

keep it
longer than meant to
°
scalable single tenant
you are
-
. ,

•
Verify w/ cloud
provider if backups
°
owner of equipment responsible for
everything
.

in to time
kept factor -

you
're allowed
to
keep data .

some have restrictions where

places
•
on

data reside
can
physically .

AH ENCRYPTION OF DATA AT REST + TRANSIT

•
Data at Rest
should be
o
encrypted
0 Data Encryption key ( DEK) : locks + unlocks
0 data insymmetric encrypt .

key Encryption key CKEK) protects (encrypts)

o :

DEK
0
Asymmetric .

°
Store
encrypt ☐ Ekin key management
•
Data in transit

very important for public t hybrid

0

clouds .

AH APP SECURITY ACCESS CONTROL + NET SEC

,

•
Federated identity management : allows users

authenticate via fb ,
google ect
to
,
.

↳
prevents storage of usernames +
pass on
your
server .

•
network security
0
separate public +
private servers to prevent
cross server attacks .

of firewalls
Using layers
°
+ Sec
prevents
this too .

/ - - / , / - - / ,

ÉR]

° ° ° °
ADDS NETS EC !

PUBLIC Private

SERVER server

☒• CLOUD SECURITY
Cloud platform security
•

0 multi factor authentication

0 Service account

② Used for apps to access resources from cloud .

☒ Connect via API to

prevent hard coding
key
user / pass .

Audit
logs
o

Public
☒
providers keep -
shows what users
to
Private might
are up .
MODULE 14 : WIRELESS SECURITY

#É¥itp¥ •
WAP or Wireless Router
most often found in homes
networks w/o password unencrypted
°
•
a = . + small

• 3 DES offices .

0
antiquated , runs DES encryption 3 times .

Distribution
ROUTER
0
still used w/ some but can be brute
ROUTER
orgs , a
p
system or r

forced broken in < 7-

day .

•
AES n -
b -

o Advanced Encryption standard

0
Can run @ 3 speeds
128 -
bit

192 -
bit Ñtst
☒ 256 -
bit * most devices use this now .
•
802 IX .

Security standard
0
symmetric key alg .
0
provides network control @ port level .

Most modern CPUs support AES Provides authentication based EAP / Ex ten
0
Allow CPU
0
-
Nl .
on -

to process
encryption @ high speeds . sible Authentication Protocol .

•
WEP client has
client granted
✓ Ap prop access
info
.

Auth -

Deprecated f
°
in 2004 , k

client not
0
Can be busted in Ll
day today " th A
.

s
0
Made to
provide same Sec to wireless netw .
i:f client not p
•

granted network
as wired .
client •
access .

✗
0
One code
encrypts every packet on netw .

•
WPA
°
can also check antivirus on client +
°
Encrypts every packet on network w/ unique refuse access based on that .

8- 63 alphanumeric key .

÷iÉattat÷
'

weaknesses found w/ WPAZ

replaced
°
some +
,

3 .
•
De auth Attack

•
WPA 2 °
DOS atk -

forces clients off the network .

0
Wireless stand for 15 Why
encryption
°
.

years .

Prevent
main dif
mandatory for CCMP access to hetw
0 :
support . .

↳ Counter Mode Cipher Block Chaining force users to reconnect to fake

Message Authentication Code Protocol .

access point .

CCMP part of AES capture WAP 4

way handshake
☒ to

WPA 3 access
gain
•
.

0 released 2018 °
Defense
0
encrypts each device on unsure network .
⑨
WPA 3 -

management packets are

0
uses SAE + PFS encrypted .

SAE -
slows down brute force atks .
•
Fake Access
☒ PFS -
if one session
very is compromised ,
°
attacker sets up illegitimate wireless net -

does not to future sessions work WAP

apply .

using their own .

wireless networks IEEE 802.11 all

use
unencrypted traffic is visible
•
.
0
to

attacker
Ñntwinfa~,ET_zf--_
o-qo-t-B.co
a-o@___G__@h-_g_@_ Protect
• Use VPN
•
Ad hoc ☒
do not connect to Un secure networks
to peer network WAP
peer
0 -
no .

!
P