PRE-SECURITY acronyms and ingo

Attenuation

A decrease in force or effect, such as weakening a signal or reducing the impact of something; in networking this refers to the degradation of data signals over long distances, require amplification to maintain quality

Cross-talk

This happens because copper cables transmit data using electrical signals, unlike fibre optic cables that use photons and therefore retain no charge; electrical signals with charges generate elctromagnetic fields. If these fiels are not properly shielded that can “bleed” into adjacent wires causing signal interference/signal distortion..

-Can lead to data corruption, reduced network speeds, and increased error rates.

NEXT

Near-end cross-talk. interference is strongest at the transmitting end of the cable

FEXT

Far-End Cross-talk. Interference is detected at the receiving end

Alien Cross-Talk

Interference form external cables rather than within the same cable.

Wire Tapping

Act of secretly intercepting communications by accessing a wired connection, often for surveillance or espionage purposes.

Physical tapping

A device is physically attached to a copper wire to capture signals

Inductive Tapping

Uses electromagnetic induction to pick up on signals w/out direct contact. Electromagnetic induction is the process of an electric current in a conductive medium changing the surrounding magnetic field. This method can be used to monitor and capture data without physically connecting to the target line, making it harder to detect.

Software-Based Tapping

Vulnerabilities in network protocols are exploited to intercept data remotely.

TEMPEST attacks

Electromagnetic Eavesdropping. Some devices emit electromagnetic radiation which can be picked up on by sensitive equipment. This equipment can then be used to reconstruct screen images or key presses.

Wireless Signal Hijacking

Devices that use inductive charging, or wireless power transfer, are ALSO susceptible to data leaks.

RFID AND NFC signals can be intercepted electromagnetically.

RFID

Radio Frequency Identification is a wireless technology that use radio waves for communication.

-used for tracking and identification(inventory management,roll systems, pet microchips)

-long distance

-one way communication

NFC

Near Field Communication. Used for contactless payments, secure access, and device pairing

-short distances

-two-way communcation: NFC devices can exchange data back and forth

Electromagnetic shielding

used to prevent unauthorized interception of signals and protect sensitive information. Materials like Faraday cages block electromagnetic waves and prevent data links. Cables can be braided with metals or foil wrapped to reduce signals leaking.

Wireless signals (WI-fi,RFID,NFC) can be intercepted w/out shiels as well. Typically, remedied by using encrypted communication protocols and shielding antennas.

Shielding methods: FC, SC, MC, RF ROOMS, EIC, AND WFAM

Faraday Cages: Enclosures made of conductive materials that block electromagnetic waves

Shielded cables: Wires wrapped in metallic layers to prevent signal leakage

Metallic Coatings: Devices coated with conductive materials like copper or nicel to reduce interference.

RF shielding rooms: special rooms lined with conductive materials to block radio frequencies

Electromagnetic Isolation chambers: GOV. and Millitary settings to prevent eavesdropping.

Window Films and meshes: Applied to glass surfaces to block electromagnetic signals

Shielding materials

Copper

Steel

Nickel & Silver

Aluminum

LLC

Logical Link control

VLAN tags

A special identifier added to a network’s data packets to indicate which VLAN(virtual local area network) they belong to. Allows networks to be segmented logically even if devices are physically connected. Think of VLANs like separate lanes on a highway. Without VLANs, all network traffic is mixed together like cars driving chaotically without designated lanes.

-when a device sends data, switch adds a vlan tag to the ethernet frame,tag contains a VLAN ID, which helps network devices determine where the packet should go

-upon destination, tag is removed before the delivery

-reduces broadcast traffic so network speed n efficiency increase

-exists on DATA LINK LAYER. can also interact with layer 3 when routing btwn VLANS

CSMA/CD

on.Carrier Sense Multiple Access with Collision Detection - Network access method used by early ethernet techologies for LAN. (to manage how devices communicate over a shared medium while avoiding data collisions.)

Modification of CSMA. Used to improve CSMA performance by terminating transmission as soon as a collision is detected.

1. frame ready to transmit? if not wait for a frame

2. is medium idle? if not wait until it becomes ready

3. start transmitting and monitor for collision during transmission

4. did a collision occur? if so begin collision detected procedure

5. reset retransmission counters and complete frame transmission

Prodecure for detected collision:

1. continue transmission(with a jam signal instea dof frame header/data/CRC) until mimimum packet time is reached to ensure ALL recievers detect the collision

2. increment retransmission counter

3. max number of transmission attempts reached? if so abort transmission

4. calculate and wait the random backoff period based on num. of collisions

5. re-enter main procedure at stage 1

CSMA/CA

Carrier Sense Multiple Access with Collision Avoidance - It is a network protocol used to manage how devices transmit data over a shared communication channel, particularly in wireless networks.

-necessary because wireless devices cannot detect collisions while transmitting

-CSMA/CA tries to prevent them by waiting before sending data instead of trying to ‘detect’

-improves network efficiency

1. CS - carrier sense. Nodes listen to see if there is anything being sent along the shared medium (listens for wireless signals in a wireless network).

2. CA - Collision avoidance. If another node was heard, we wait for a period of time typically randomized

3. RTS/CTS - rquest to send/clear to send : optional. MAY NOT be used at all for small packets of information.

4. Transmission & Acknowledgement - medium clear, node recieved a CTS to send, it sends the frame in its entirety. node waits reciept of an ackowledgement packet from Access point. if it doesn’t arrive in timely manner, assumes packet collided with another transmission and a backoff algorithm is run to attempt to re-transmit.

-Very challenging for a wireless node to listen at the same time as it transmits

CRC

Cyclic redundancy check. method used to detect errors in transmitted data frames

LAN

Local Area Network

MAC

Media access control

Ring topology also called

TOKEN topology

Switch/hub

control connection point. designed to connect large number of devices to a central location. use packet switching to deliver information

Router

Connect networks. processes data passing between public internet and private networks & private to private network communication.

-paths between networks and uses routing

ARP

Address resolution protocol- used for devices to asign themselves to an ip address using a mac address. Uses an ARP cache to store these matches.

Network Address

identifies start of the actual network.
Exp: 192.168.1.0

in theory, the other devices on the network start with 192.168.1.

Default gateway

router, has a special address. How data exits or enters/ communicates with other networks.

typically use either 1st or last host address on a network.
Range is 0-225 ; so either .1 or .254

Host address

ip address used to identify a device on a subnet

DHCP

Dynamic host configuration potocol

- asigns an ip from a DHCP server

DHCP Discover

the first step in obtaining an ip. asks dhcp server

DHCP Offer

responds to the discover inquiry and offers the device an Ip address

DHCP Request

Device replies and accepts IP address from DHCP offer

DHCP ACK

(ACK= Acknowledgement).

DHCP server acknowledges the ip is now taken and gives the device the ip to use for the next 24 hrs.

OSI model

Open systems interconnection model:dictates how all networked devices send and recieve data

Layer 1 of the OSI model is:

Physical. cables , ethernet.

Layer 2 of the OSI model is:

DATA LINK LAYER:

physical mac address. receives packet from network layer and adds physical mac address of the receiving's endpoint.
+must make data presentable and transmissible to the next layer

NIC

Network interface card. hosts its own mac address. soldered into the computer. physical address.

Layer 3 of the OSI model is:

Network Layer:
Routers considered layer 3 devices

everything on this layer done with ip addresses

-reassembles small chunks of data into larger chunks

* deciphers most optimal path for the data
-has OSPF AND RIP

OSPF

OPEN SHORTEST PATH FIRST

- what path is shortest?(least amnt of devices packet travels thru)

-what path most reliable?(has there any packet data loss here?)

-which path has faster physical connection? (copper or fibre?)

RIP

Routing Information Protocol

Layer 4 of the OSI model is:

Transport layer:
-vital communication role between devices

uses TCP AND UDP

TCP

Transmission Control Portotype

Guarantees accurate data. Has a data checking feature. Capable of sychronizing data between two devices so no overflow.

-If one chunk of data is not recieved, packet must be entirely resent . rest cannot be used

-more work must be done by devices

-slower than UDP
Ex: file sharing, internet browsing, sharing an email

-connection based.must have established connection btwn client and server before data is sent

-has its own layers; application, transport, internet, and network interface

UDP

User Datagram Protocol

Unreliable. does not care if other computer receives data or not. sends it anyways.

-Faster

-Not as advanced as TCP

-leaves user software to decide

-does not reserve a continuous connection so no bottlenecking

-skype, video calls; sending a lot of data. any hiccups? you want it to keep sending data and keep moving. Continuous data stream

-may have unstable connection

Bottlenecking

One part of a system slows everything else down. In networking this means a slow connection or limited bandwidth can hold up data flow, preventing devices form communicating efficiently.

Multiplexing

the process of efficiently managing multiple data streams over a single communication channel.
This happens in the LLC sublayer.

allows multiple data packets from different sources to be transmitted over the same network efficiently without interfering with each other.

LLC

Logical Link Control sublayer in the datalink layer of the OSI chart. Ensures different network protocols can coexist on the same network connection.

how to consider this: highway with multiple types of vehicles. instead of building a separate road for each type of vehicle, the highway instead is miltiplexed. Meaning that all the vehicles driving along it share the same road but in organized lanes.

Packets

-small pieces of data that create larger pieces of data.

-often have headers

-Think of packets like puzzle pieces. Each piece contains part of the final picture, but on its own, it’s incomplete. When all the pieces are assembled correctly, you get the full image—just like packets of data coming together to form a complete file, message, or webpage.Packets are used in network communication because sending small pieces of data individually is faster and more efficient than sending everything at once. If one piece is lost, the system only needs to resend that specific part rather than starting over.

Frames

Think of Layer 2 (Data Link Layer) as the mailroom of a building. When a package (data) is sent, it doesn’t have an address like a regular letter—instead, it has a tracking number (MAC address) that helps it get to the right device .A frame is like a delivery package—it carries the actual contents (data), but also includes extra information like who sent it and where it needs to go within the local network. It’s not responsible for long-distance routing (that’s Layer 3’s job with IP addresses), but it makes sure the data reaches the right device inside the same network.

3 way Handshake

-Associated with a TCP established connection. The process in which this occurs.

-SYN —> SYN/ACK—→ ACK——> DATA——> FIN ——> RST

TCP PACKET HEADERS

Source port, source Ip, destination port, destination Ip, sequence number, acknowledgement number, data, flag, checksum

UDP PORT HEADERS

TimetoLive, source address, source port, destination address, destination port, data

Source port port/packet header

-Chosen by random, opened by sender to send TCP or UDP data. used in the process of TCP and UDP handling data.

-For both UDP TCP this is randomized from 0-65535

Destination port port/packet header

When data travels across a network, it needs to know which door to go through to reach the correct service.The destination port helps the receiving device know which application should handle the incoming data.

Source IP port/packet header

Ip address sending the packet

Destination IP port/packet header

ip address the packet is being sent to

Sequence number tcp packet header

-When connection is established, the first piece of data transmitted is given a number/ ISN. Each packet sent increases the Sequence number based on the number of bytes transmitted. The receiver sends back an ACK number confirming the next expected sequence number.

-each byte of data is assigned a sequence number ensuring packets arrive in correct order

-if packet is lost, reciever requests a retransmission using the sequence number

-involved in tcp

Ex:
If a sender starts with sequence number 1000 and sends 500 bytes, the next packet will have sequence number 1500. The receiver will acknowledge this by sending ACK 1500, meaning it successfully received the first 500 bytes.The ACK = last sequence + data size method applies when sending multiple bytes in one packet.

Data port/packet header

The data section of a packet in TCP and UDP is where the actual payload (information being transmitted) is stored.After the header, the data section contains the actual information being transmitted (like a webpage request or file transfer). In UDP, The packet header is much smaller than TCP's, containing only source/destination ports and a checksum.The data section holds the actual message (such as a video stream or game data).

Acknowledgement number tcp packet header

• It tells the sender which bytes of data have been successfully received.

• It helps reorder packets if they arrive out of sequence.

• It ensures lost packets are retransmitted, preventing data corruption.
  Sender transmits data with a sequence number (e.g., 1000).

• Receiver gets the data and sends back an ACK number (1001), meaning it successfully received the first byte and is expecting the next one.

• If the sender doesn’t receive an ACK, it resends the missing data.The +1 method applies when only one byte is sent (like handshake messages or minimal data packets).

Flag tcp packet header

Determines how packet should be handled by either device during handshake process.
special flags=special behvaiors.They control the flow of communication between devices.They help establish, maintain, and terminate connections.They allow error handling and retransmission when needed.
SYN (Synchronize) – Used to initiate a connection.

• ACK (Acknowledgment) – Confirms receipt of data.

• FIN (Finish) – Signals the end of a connection.

• RST (Reset) – Abruptly terminates a connection.

• PSH (Push) – Forces immediate data delivery to the application.

• URG (Urgent) – Marks data that should be processed immediately.

Checksum tcp packet header

Imagine you order a package online. The seller writes down the total cost on the receipt and sends it with the package. When you receive it, you check the receipt and recalculate the total based on the items inside. If the total matches, everything is correct. If it doesn’t, something went wrong—maybe an item is missing or damaged.

Gives TCP integrity.

Mathematical equalion.calc

• The sender calculates a checksum based on the data in the packet.

• This checksum is attached to the packet before sending.

• The receiver recalculates the checksum when the packet arrives.

• If the checksum matches, the data is intact.

• If the checksum is different, the packet is corrupt and must be discarded or retransmitted.

ISN

The Initial Sequence Number (ISN) is a randomly generated number that marks the starting point for data transmission in a TCP connection. It plays a crucial role in ensuring reliable communication between devices.Prevents duplicate or old connections from interfering with new ones.Helps synchronize sequence numbers between sender and receiver.

How It Works in a TCP Handshake

1. Client sends a SYN packet with a randomly chosen ISN (e.g., 1000).

2. Server responds with SYN-ACK, including its own ISN (e.g., 5000).

3. Client acknowledges the server’s ISN and confirms the connection.

FTP

-port 21

File transfer protocol: Used by file sharing application on client server. Download files from central location

SSH

Secure shell

-port 22

used to securely log in to systems via text-based interface for management

HTTP

Hypet text transfer protocol

-port 80

Used to power WWW. Browser uses to download text, images, and videos of webpages

HTTPS

Hyper Text Transfer Protocol SECURE

-port 443

-same as http but uses security measures; encryption

SMB

Server Message Block

-port 445

-similar to FTP, however SMB allows you to share devices like printers

RDP

Remote desktop protocol

-port 338

-used as a secure means o logging into a system using a visual desk-top interface.(as opposed to a text based interface like ssh protocols).

Port-Forwarding

Network technique that redirects traffic from a spec. port on your router to a specific device like your computer.
By default, device son your home network are shielded from public , but port forwarding opens controlled “entry points” so certain services— ex. minecraft servers or RDP— can be accessed remotely.
Port forwarding is configured at the router
-it works like this: tell your router to forward incoming input traffic on spec. external port (ex. 80) to the same port on your device’s internal ip. now external users can access that service by hitting your router’s public IP on port 80 and your router relays it internally. From then on, when the router hears “Port 80,” it automatically routes that request to the right device.And that works the same whether it’s:

• A Minecraft request on port 25565

• A webcam stream on port 8080

• A file-sharing app on random port 30222

You just need to tell the router which computer is responsible for answering those requests. ex: Your public IP is 105.32.88.4 (this is what people online see).

• Your computer's local IP is 192.168.86.42

• Your Minecraft server listens on port 25565

So, in the router’s port forwarding settings, you'd say:

> “Forward any incoming requests on port 25565 to 192.168.86.42:25565.”

Now when your friend types 105.32.88.4:25565 in Minecraft, the router gets the request and immediately passes it to your computer, no questions asked.

Firewall

-responsible for data traffic entering and exiting. Administrators can configure the rules for these
-where is reaffic form, where is it going, what port, and what portocol should be accepted/used
-preforms packet inspections

-firewalls can be hardware or software like snort
there are two categories: stafeul and stateless

Stateless Firewall

firewall uses static set of rules to determine individual packets are acceptable
EX: device sending a bad packet wouldn’t get entirely blocked
-fewer resources; but is MUCH dumber

-only as effective as the rules or permissions are

-great at receiving large amounts of traffic from set of hosts (like a DDOS attack)

Stateful Firewall

-uses entire information from a connection and determines device’s behavior based on the ENTIRE connection rather than just inspecting individual packets.

-bad connection to a host? BLOCKED.

VPN

Virtual Private Network-

separate nerwork’d devices can communicate securely with another. This is called creating a tunnel. i.e a dedicated path btwn each othe rna donly that. devices connected form their own private network that only they (the tunneled devices) can decode (As the data will become encrypted).

-offers privacy and anonmypty

PPP

-Point-to-point protocol. Data link layer protocol. Used to establish a direct connection btwn 2 nodes

-Multi-tool for network connections handling: framing; encapsulate network layer packets into frames, authentication; supports protocols like PAP,CHAP,MS-CHAP to verify identity, compression; can compress data to improve throughput, error detection; uses checksums to detect corrupted frames, and multiprotocol support; can carry IP,IPX,NETBEUI-ETC.
Used by PPTP to allow for authentication and provide encryption of data. use a private key and a public key certificate, similar to SSH.
ex: 1. ppp handles authentication —> PPTP wraps that PPP data inside a GRE(Generic Routing Encapsulation) tunnel—> tunnel sent over the internet using TCP port 1723. PPP is the engine, PPTP is the tunnel that carries it

GRE

Generic Routing Encapsulation- Simple tunneling protocol developed by cisco. wrapper that takes ANY data packet, puts it inside another packet, and sends it across a network.
like mailing a fragile obj. inside a sturdy box with some bubble wrap. it allows incompatible networks/protocols play nicely together by packagining them in a format that routers can understand and forward
-does not provide encryption
Tunnel traffic between two routers over the internet (like a private network running across public infrastructure).

• Carry non-IP protocols (like IPX or multicast) over IP networks.

• Serve as the tunneling method in protocols like PPTP, where PPP is encapsulated inside GRE.

PPTP

Point to point Tunneling Protocol.
PPTP wraps that ppp data inside of a GRE. then, it runs that data thru the control channel (tcp port 1723).
PPTP is like mailing a letter inside a padded envelope(which is the PPP, then putting that envelope inside a giant box (GRE) and sending it through a vacuum tunnel (The internet).

it has weak encryption, and is vulnerable to brute-force and man-in-the-middle attacks

-is incompatible with NAT or modern firewalls. earliest attempts to build a secure tunnel thru the internet

IP SEC

internet Protcol Security-

heavy duty armor of VPN protocls. Ipsec is a suite of protocols that operates at the network layer (layer 3) to secure ip trafic directly.
-encrypts and authenticates EACH ip packet

-Has modes: transport modes: encrypts the payload(used btwn 2 hosts), and tunnel mode: encrypts the entire IP packet and wraps it in a new one(used for site-to-site vps)

-has ESP(Encapsulating security payload), AH(Authentication Header), and IKE(Internet Ket exchange)- which are authentication, integrity, and handling of key negotiation and setting up secure tunnels

IPSEC is like putting your data in a locked briefcase(ESP), stamping it with a tamper-proof seal(AH), and handling it to a trusted courier who verifies both sender and recipient(IKE). Even if someone intercepts it they cant open it or fake it.

ESP

Encapsulating security protocol

AH

Authentication Header

IKE

Internet Key Exchange

VLAN

Virtual local area Network

allows specific devices within a network to be virtually split up and given separate perms.
-provides security and specifies devices that can communicate amongst each other