Networking

in Cybersecurity 101
Basics of Computer Network Network tools
Networking Knowledge • nslookup
Common Protocols and Their usage • iptables
• ifconfig/ipconfig
Common Ports and Their usage
• ping
SSL and TLS Basics
• netstat
Public IP vs Private IP • tracert/traceroute
Network Topologies
• Star
• Ring
• Mesh
• Bus
Understanding Common Protocols
• Ssh
• RDP
• FTP
• SFTP
• HTTP/HTTPS

Independent Research by Abbas Aghayev (lead-Blast Member)

08-2023
Basics of Computer Networking
Computer networking refers to the practice of connecting two or more computing devices, creating an infrastructure in which they can exchange data,
resources, and software. It is a fundamental part of cyber security and IT skills. In this chapter, we will cover five aspects of computer networking,
including networking devices, network types, network protocols, IP addresses, and the OSI model.
Networking Devices

Several devices enable and facilitate communication between different devices. Common networking devices include:
• Hubs: Devices that connect different devices together, transmitting data packets to all devices on the network.
• Switches: Similar to hubs, but transmit data packets only to specific devices instead of broadcasting to all.
• Routers: Devices that direct data packets between networks and provide the best path for data packets to reach their destination.
• Firewalls: Devices or software that monitor and filter incoming and outgoing network traffic, allowing only authorized data to pass
through.
Network Types

There are various types of networks based on the distance they cover, and the number of devices they connect. A few common network
types are:
• Personal Area Network (PAN): Connects devices within an individual workspace, typically within a range of 10 meters.
• Local Area Network (LAN): Covers a small geographical area, such as a home or office, connecting multiple computers and other
devices.
• Wide Area Network (WAN): Covers a larger geographical area, interconnecting different LANs, often using leased
telecommunication lines or wireless links.
• Virtual Private Network (VPN): A secure network established over the public internet, encrypting the data transferred and
restricting access to authorized users only.
Network Protocols

Protocols are sets of rules that govern the communication between devices within a network. Some of the most common protocols
include:
• Transmission Control Protocol (TCP): Ensures the reliable transmission of data and establishes connections between devices.
• Internet Protocol (IP): Facilitates the transmission of data packets, assigning unique IP addresses to identify devices.
• User Datagram Protocol (UDP): A lightweight, fast, but less reliable protocol compared to TCP, often used for streaming and
gaming applications.
IP Addresses

An IP address is a unique identifier assigned to every device in a network. There are two types of IP addresses:

• IPv4: Uses a 32-bit addressing system, allowing for approximately 4.3 billion unique IP addresses.
• IPv6: Uses a 128-bit addressing system, providing a significantly larger number of available IP addresses.
IP addresses can also be categorized as dynamic or static, depending on whether they change over time or remain constant for a device.
OSI Model

The Open Systems Interconnection (OSI) model is a conceptual framework used to understand and describe how different network protocols interact.
It divides networking functions into seven distinct layers:
• Physical Layer: Deals with the physical connection between devices, including cabling and hardware.
• Data Link Layer: Handles the communication between adjacent devices on the same network.
• Network Layer: Identifies the best route for data packets and manages IP addresses.
• Transport Layer: Ensures the reliable transmission of data, including error checking and flow control.
• Session Layer: Establishes, maintains, and terminates connections between applications on different devices.
• Presentation Layer: Translates data into a format that is suitable for transmission between devices.
• Application Layer: Represents the user interface with which applications interact.
Mastering the basics of computer networking is key to understanding and implementing effective cyber security measures. This chapter has covered
essential networking concepts, but it is important to continually expand your knowledge in this ever-evolving field.
Networking Knowledge

In the world of cyber security, having a strong foundation in networking knowledge is crucial. It’s important to understand the fundamental
concepts and mechanisms that govern how data is transferred, communicated, and secured across digital networks.
Topics

• Network Architecture: Learn about the different networking models, such as the OSI model and TCP/IP model, which define how
data is structured, transmitted, and received in a network.
• Network Protocols: Familiarize yourself with various network protocols that are essential for effective communication between
devices, including HTTP, HTTPS, FTP, and more. These protocols ensure that data is transmitted reliably and securely across
networks.
• IP Addressing and Subnetting: Gain an understanding of IP addresses (both IPv4 and IPv6), how they are assigned, and how
subnetting works to divide networks into smaller segments for better management and security.
• Routing and Switching: Learn about the roles of routers and switches in a network, as well as related technologies and protocols
like DHCP, NAT, and various routing protocols (such as OSPF and BGP).
• Wireless Networking: Delve into the world of wireless networks by studying the different types of wireless technologies like Wi-Fi,
Bluetooth, and cellular networks. Understand the security concerns and best practices associated with wireless communication.
• Network Security: Explore various techniques and tools used to defend networks from cyber threats, including firewalls, intrusion
detection systems (IDS), intrusion prevention systems (IPS), and VPNs. Learn about security protocols like SSL/TLS, encryption
algorithms, and secure access control mechanisms.
• Network Troubleshooting: Understand common network issues and how to resolve them, using various network troubleshooting
tools and methodologies like ping, traceroute, and Wireshark.
Common Protocols and their Uses

In this section, we will discuss some of the most common protocols used in networking and their importance in maintaining cyber security.
Protocols are a set of rules and procedures that define how data should be transmitted, formatted, and processed over a network.
HyperText Transfer Protocol (HTTP) and HTTPS

HTTP, or HyperText Transfer Protocol, is the foundation of data communication on the World Wide Web. It defines how data should be
formatted and transmitted between a client (like your browser) and a web server. HTTP is a stateless protocol, meaning each request
and response pair is independent from others.
HTTPS, or HTTP Secure, is a secure version of HTTP that encrypts data between the client and server using Secure Sockets Layer (SSL)
or Transport Layer Security (TLS) to protect sensitive data from being intercepted or tampered with.
Internet Protocol (IP)
Internet Protocol (IP) is responsible for delivering packets from the source host to the destination host based on their IP addresses. IP is
the primary protocol in the Internet Layer of the Internet Protocol Suite and has two main versions - IPv4 and IPv6.
Transmission Control Protocol (TCP)

TCP, or Transmission Control Protocol, is a reliable, connection-oriented protocol that ensures data is delivered correctly between
applications over a network. It ensures accurate and complete data delivery by establishing a connection, segmenting data into smaller
packets, verifying the receipt of packets, and reordering packets to their original sequence.
User Datagram Protocol (UDP)
UDP, or User Datagram Protocol, is a connectionless communication protocol used for fast and efficient data transmission. Unlike TCP,
UDP does not provide error checking or guarantee delivery, making it suitable for real-time applications like video streaming and online
gaming where low latency is crucial.
Domain Name System (DNS)
The Domain Name System (DNS) is responsible for translating human-readable domain names (like www.example.com) into
corresponding IP addresses that computers understand. This process is called domain name resolution. DNS is an essential component
of internet communication, as it allows users to access websites using easy-to-remember names instead of numerical IP addresses.
File Transfer Protocol (FTP)

File Transfer Protocol (FTP) is a standard network protocol used for transferring files from one host to another over a TCP-based network,
such as the Internet. FTP is commonly used for sharing files and transferring files between a client and a server.
Simple Mail Transfer Protocol (SMTP)

Simple Mail Transfer Protocol (SMTP) is the standard protocol for sending email messages across a network. It defines how email
messages should be formatted, encrypted, and relayed between email clients, servers, and other email systems.
Understanding these common protocols and their roles in network communication is vital for ensuring the proper implementation of
cyber security measures. It will help you better identify potential vulnerabilities and make informed decisions on network defense
strategies.
Transmission Control Protocol (TCP) Ports

• FTP (File Transfer Protocol) - Ports 20 and 21: FTP is a widely used protocol for transferring files.
• SSH (Secure Shell) - Port 22: SSH allows secure communication and remote access to devices over an unsecured network.
• Telnet - Port 23: Telnet is a text-based protocol that allows you to interact with remote devices over networks.
• SMTP (Simple Mail Transfer Protocol) - Port 25: SMTP is a protocol for sending and receiving emails.
• DNS (Domain Name System) - Port 53: DNS translates human-readable domain names into IP addresses to facilitate
communication between devices.
• HTTP (Hypertext Transfer Protocol) - Port 80: HTTP is the primary protocol used for communication on the World Wide Web.
• POP3 (Post Office Protocol 3) - Port 110: POP3 is a protocol for receiving emails from your email server.
• IMAP (Internet Message Access Protocol) - Port 143: IMAP is a more advanced email protocol that allows you to access and
manage your emails on the email server.
• HTTPS (Hypertext Transfer Protocol Secure) - Port 443: HTTPS is an encrypted and secure version of HTTP.
• RDP (Remote Desktop Protocol) - Port 3389: RDP is a Microsoft-developed protocol for remotely accessing Windows devices.

User Datagram Protocol (UDP) Ports

• DHCP (Dynamic Host Configuration Protocol) - Ports 67 and 68: DHCP is used to allocate IP addresses to devices within a network.
• DNS (Domain Name System) - Port 53: (same function as in TCP)
• TFTP (Trivial File Transfer Protocol) - Port 69: TFTP is a simplified version of FTP for quick and easy file transfer.
• SNMP (Simple Network Management Protocol) - Port 161: SNMP enables monitoring and managing network devices, including
printers, routers, and switches.
• NTP (Network Time Protocol) - Port 123: NTP is a standard protocol used to synchronize time across network devices.
SSL and TLS Basics

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols designed to provide secure communication
over a computer network. They play a vital role in protecting sensitive information transmitted online, such as login credentials, financial
information, and private user data.
Secure Sockets Layer (SSL)

SSL is the predecessor to TLS and was first introduced in the 1990s. It creates an encrypted connection between a client (typically a web
browser) and a server to ensure that any data transmitted remains private and secure. SSL uses a combination of symmetric and
asymmetric encryption methods, as well as digital certificates, to establish and maintain secure communication.
Transport Layer Security (TLS)

TLS is an improved and more secure version of SSL, with TLS 1.0 being released as an upgrade to SSL 3.0. The current version, as of this
guide, is TLS 1.3. TLS provides a more robust and flexible security framework, addressing many of the vulnerabilities present in SSL.
While many people still refer to SSL when discussing secure web communication, it’s important to note that SSL has been deprecated,
and TLS is the best-practice standard for secure communication.
Key Components

• Encryption: SSL and TLS use powerful algorithms to protect data through encryption, ensuring it’s unreadable by anyone without
the proper decryption keys.
• Authentication: SSL/TLS digital certificates verify the identities of clients and servers, providing trust and authenticity.
• Integrity: These security protocols use message authentication codes to ensure that the data sent between clients and servers
has not been tampered with during transmission.
 •
Handshake Process

SSL and TLS follow a series of steps, known as the “handshake process,” to create a secure connection:
• Client hello: The client initiates the handshake process by sending a message with supported cryptographic algorithms, random
numbers, and session information.
• Server hello: The server responds with its chosen cryptographic algorithms, random numbers, and its digital certificate. Optionally,
the server can request the client’s certificate for mutual authentication.
• Client verification: The client verifies the server’s certificate and may send its own if requested. It then creates a pre-master secret,
encrypts it with the server’s public key, and sends it to the server.
• Key generation and exchange: Both the client and server generate the master secret and session keys using the pre-master secret
and shared random numbers. These keys are used for encrypting and decrypting the data transmitted.
• Secured connection: Once the keys are exchanged, the client and server can now communicate securely using the established
encryption and keys.
Network Topologies
• Network topologies describe the arrangement of various devices in a network, their connections, and the flow of data between
them. Understanding common network topologies can help you identify potential vulnerabilities and enhance your overall
cybersecurity posture. Here, we’ll briefly discuss the different types of network topologies and their advantages and
disadvantages.
Bus Topology
In a bus topology, all devices in the network are connected to a single communication medium (usually a coaxial cable) called a “bus.”
Data is transmitted in a single direction along the bus, and devices look for their address in the data to know if it’s meant for them.
Advantages:
• Easy to set up and extend
• Requires less cabling than other topologies
Disadvantages:
• If the main cable fails, the entire network fails
• Performance degrades as more devices are added
Limited cable length and number of devices
Star Topology
A star topology connects all devices to a central point or hub (typically a switch or a router). The central point is responsible for
transmitting data between devices in the network.
Advantages:
• Easy to add or remove devices without affecting the rest of the network
• If one device fails, it doesn’t affect the entire network
• Centralized management
Disadvantages:
• Requires more cabling than bus topology
• If the central hub fails, the entire network fails
Ring Topology
In a ring topology, devices are connected in a circular pattern, with each device having exactly two neighbors. Data is transmitted in one
direction around the ring, passing through each device before reaching its destination.
Advantages:
• Equal access to resources for all devices
• Can handle high-traffic loads
Disadvantages:
• Adding or removing devices can disrupt the network
• If one device fails, it can affect the entire network
• Data transmission can be slow due to the loop structure
Mesh Topology
A mesh topology connects all devices directly to every other device in the network. It can be a full mesh (where every device is
connected to every other device) or a partial mesh (where some devices are connected to all others, while others maintain only a few
connections).
Advantages:
• High fault-tolerance and redundancy, making it more resilient
• Eliminates the need for a central hub
Disadvantages:
• Requires a large number of cables, making it expensive and difficult to manage
• Can be challenging to set up and maintain
Hybrid Topology
A hybrid topology combines two or more different topologies, such as a star and ring topology, in a single network. It can be
customized to fit specific network requirements and performance needs.
Advantages:
• Can be tailored to meet specific needs
• Optimizes the strengths of various topologies
Disadvantages:
• Can be complex and difficult to manage
• More expensive than other topologies
Ping
Ping is a basic command-line tool used to test the reachability of a network host. It sends ICMP Echo Request packets to the target host and
waits for an ICMP Echo Reply. If the target host is reachable, you will receive the packets back with round-trip time statistics.
Usage: ping [target host/IP]
Host
Host is a basic command-line tool used to reveal final destination/ip of connection.
Usage: host targetdomain.com
Traceroute/tracert
traceroute (Linux) and tracert (Windows) are command-line tools used to display the path taken by packets across a network. They can
help to identify routing problems, latency, and packet loss.
Usage: traceroute [target host/IP] or tracert [target host/IP]
Nslookup
nslookup is a network administration command-line tool used to query Domain Name System (DNS) servers for host information or IP
address resolution.
Usage: nslookup [hostname]
Netstat
The netstat command is a versatile command-line tool that displays network connections, routing tables, and network interface statistics. It
can help identify critical connections, open ports, and listening services.
Usage: netstat [-options]
Nmap
Nmap (Network Mapper) is an open-source tool for network discovery and security auditing. It can scan for open ports, running services,
and identify network vulnerabilities.
Usage: nmap [-options] [target host/IP]
Wireshark
Wireshark is a widely-used network protocol analyzer that allows you to capture and analyze network traffic in real-time. It provides
detailed information about packets, protocols, and network behavior that aids in troubleshooting and security analysis.
Download link: https://www.wireshark.org/download.html