ISC2 CC Domain 4: Network Security

Networking

A computer network is a set of computers sharing resources or data.

Simplex

Is a one-way communication. One system transmits, the other receives. Directions can't be reversed.

Half-duplex

Communication between two devices whereby transmission takes place in only one direction at a time.

Full-duplex

Communication that happens in two directions at the same time.

Baseband

Network with one channel; can only send one signal at a time

Broadband

Network with multiple channels; can send multiple signals at a time, like cable TV

Internet

A global collection of millions of peered WAN networks, it really is a patchwork of ISPs.

Intranet

Is an organization's privately owned network.

Extranet

Is a connection between private Intranets.

Circuit Switching

A dedicated communications channel through the network. The circuit guarantees the full bandwidth. (Expensive, but always available, used less often)

Packet Switching

Data is sent in packets, but take multiple different paths to the destination. (Cheap, but no capacity guarantee, very widely used today.)

Quality of Service (QoS)

Gives specific traffic priority over other traffic. ( Most commonly VOIP or other UDP traffic needing close to real time communication.)

PAN (Personal Area Network)

A personal area network is the interconnection of components, such as laptops, personal digital assistants, printers, mice, keyboards, and other Bluetooth equipped devices, using some form of wireless technology.

LAN (Local Area Network)

A network that connects computers and devices in a limited geographical area.

MAN (Metropolitan Area Network)

A large computer network that usually covers a city or a large campus.

WAN (Wide Area Network)

A computer network that covers a large geographical area such as a city, country, or spans even intercontinental distances.

GAN (Global Area Network)

Is a network used for supporting mobile users across a number of wireless LANs, satellite coverage areas, ... the transition from one to the next can be seamless.

VPN (Virtual Private Network)

Sends private data over an insecure network, most often the Internet.

Port 80 (TCP)

HTTP (Hypertext Transfer Protocol) TCP

User Datagram Protocol (UDP)

Primarily used for VOIP. It is connectionless; it is better to lose a packet or two than have it retransmitted half a second later.

OSI model (Open Systems Interconnect)💡

A layered network model that standardizes the communication functions of a telecommunication or computing system regardless of their underlying internal structure and technology. (Application, Presentation, Session, Transport, Network, Data Link, Physical)

OSI Model Layers💡

1. Physical

2. Data Link

3. Network

4. Transport

5. Session

6. Presentation

7. Application

OSI Model order?💡

7-1 All People Seem To Need Data Processing.

1-7 Please Do Not Throw Sausage Pizza Away.

OSI Model Layer 1

The Physical Layer. Defines the physical characteristics of the network, including Media, hardware hardware and topology. (Wires, Fiber, Radio waves, hub, part of NIC, connectors) Cable types: AKA Ethernet cable - Copper TP Least secure, eavesdropping, interference, easy tap into, but also cheap.

What type of Topology is used on the physical layer of the OSI Model?

Bus, Star, Ring, Mesh partial/full.

What type of threats are capable in the Physical Layer of the OSI Model?

Data emanation (Changes to the electromagnetic field that is generated by a network cable or device), theft, eavesdropping (clamp a sniffer), sniffing, interference (Don't run power cables next to the Ethernet cables because it could corrupt data.)

What is Layer 2 of the OSI Model?

Data Link - Layer 2

What is a preferred secure cable type?

Fiber (Expensive, but secure) Transmits through light.

What is the cheapest type of cable used for networking?

Copper TP (Twisted Pair) - Ethernet

What type of cable is cheap and secure?

Although Fiber is expensive, it is preferred because its secure. (Transmits through light.)

OSI Model - Layer 2 : Data Link

Transports data between two nodes connected to the same network. Uses LLC ( Logical Link Control) error detection.

Data Link Layer :

MAC address (BIA) - A unique identifier on the network card.

What are two parts of a MAC Address?

UOI (Organization Unique Identifier) and UAA / Device Identifier

What threats can affect Layer 2 of the OSI Model?

MAC Spoofing, MAC Flooding.

Token Passing

Similar to the talking stick, not really used anymore. In a network, when you have the stick, you have the token and you are allowed to send traffic.

OSI Model Layer 3

The Network Layer. Responsible for routing. Verifies where the packets must be sent, and decides the next device on the network that the packet must be sent to.

What are the protocols for Layer 3 of the OSI Model? 💡

IP, ICMP, IPSEC, IGMP, IGRP, IKE, ISAKMP, IPX. (Anything that starts with I and is not IMAP)

What are some threats to the Network Layer of the OSI Model?

Ping of Death, Ping Floods, Smurf-Spoof source and directed broadcast, IP modifications, DHCP attacks,...

What is layer 4 of the OSI model?

Transport Layer

What is the Transport Layer?

Layer 4 of the OSI Model - The Transport Layer manages data delivery between applications on different devices. It ensures data arrives in order, without errors, and controls the flow of information. Think of it like a reliable delivery service for your internet data! 🚚📦

What type of threats can affect the UDP of the "Transport Layer"?

Fraggle Attack- works the same way as Smurf but may be more successful since it uses UDP and not ICMP.

What type of protocol is reliable in the Transport Layer of the OSI Model?

TCP ( Transmission Control Protocol) It's reliable, connection oriented, delivery is guaranteed, 3 way handshake, slower/ more overhead, data reassembled.

What type of threats can affect🚨

SYN floods - half open TCP sessions, client sends 1,000 of SYN requests, but never the ACK.

What is the fastest and dumbest layer of the OSI Model?

Layer 1 - Physical layer

What is the slowest and most intelligent layer of the OSI Model?

Layer 7 - Application Layer

What is Layer 5 of the OSI Model?

Session Layer - Establishes connection between two applications: Setup > Maintenance >Tear Down

What is Layer 6 of the OSI Model?

Presentation Layer, formats data to be exchanged and secures that data with proper encryption

What is Layer 7 of the OSI Model?

Application Layer

Application Layer

Presents data to the user. (Applications/websites) User protocols: HTTP, HTTPS, FTP, SNMP, IMAP, POP, and many more.

What threats affect layers 5-7 of the OSI Model?

Virus, Worms, Trojans, buffer overflow, application or OS vulnerabilities

What Layer has non-repudiation?

Layer 7 - Application Layer

EUI/MAC-48

First 24 are the manufacturer identifier. Last 24 are unique and identify the host

EUI-64 MAC

24 bit for manufacturer, but 40 for unique ID.

IPv6

Requires 64 bit or modified 48 bit MAC's. ( Add FF:FE for 48 bit).

IP Addresses

First deployed for production in the ARPANet in 1983, ARPANet later became the internet.

Well Known Ports

0-1023 - Mostly used for protocols

Registered Ports

Ports 1024 - 49151. Mostly used for vendor specific applications.

IP addresses are

IPV4(32-bit addresses) and IPV6 (128-bit addresses)

Dynamic, Private or Ephemeral Ports

49152-65535. Can be used by anyone for anything.

Port 20 TCP

FTP (File Transfer Protocol)

Port 21 TCP

FTP Control

Port 22 TCP & UDP

SSH (Secure Shell)

Port 23 TCP

Telnet: Older version of remote access for TCP/IP it is unencrypted and does not require verification, thus its replacement by SSH.

Port 25 TCP

SMTP - Simple Mail Transfer Protocol is used to send email over the internet, can also use port 2525.

Port 110 TCP

Post Office Protocol (POP3) - used to receive email from a mail server

Port 143 (TCP)

IMAP (Internet Message Access Protocol)

Port 80 (TCP/UDP)

Hypertext Transfer Protocol (HTTP), can also use port 8008 and 8080.

Port 443 (TCP)

HTTPS - Hyper Text Transfer Protocol Secure is used to transmit web page data to a client over an SSL/TLS-encrypted connection

Port 137 (UDP)

NetBIOS (name services), used for name registration and resolution.

Port 138 (TCP/UDP)

NetBIOS Datagram Service

Port 3389 (TCP/UDP)

Microsoft Terminal Server - Remote Desktop Protocol (RDP) - Connect to a server remotely.

IPv4 (Internet Protocol version 4)

Is a connectionless protocol for use on packet-switched networks. Used on modern networks. It specifies 32-bit addresses composed of four octets.💡

End user views Google.com

Rather than remembering 66.102.12.231 or 2607:f8b0:4007:80b::200e.

Public IP Addresses (Internet routable addresses)

Used to communicate over the internet between hosts.

Private Address Ranges (RFC 1918- Not routable on the internet)

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

IPv6 (Internet Protocol version 6)

128-bit Internet address consisting of eight 4-character hexadecimal numbers to handle routing of many more devices.

IPSec (Internet Protocol Security)

Set of protocols that provide a cryptographic layer to IP traffic; for IPv4, it is bolted on. For IPv6, it is designed into the protocol.

ARP (Address Resolution Protocol)

Translates IP Addresses into MAC Addresses. (No security)

ARP Cache Poisoning Attack

An attack in which an attacker changes the MAC addresses of the ARP cache, or "poisons the ARP cache" of victims to the MAC address of the attacker so that conversations get redirected to the attacker

RARP (Reverse Address Resolution Protocol)

Is used by disk less workstations to get IPs.

ICMP (Internet Control Message Protocol)

Used to help IP, for Ping (Echo request/reply) and TTL Exceeds in Traceroute.

traceroute command

Uses ICMP to trace a network route.

HTTP/HTTPS - HyperText Transfer Protocol / Secure

Transport HTML data.

DHCP (Dynamic Host Configuration Protocol)

The common protocol we use to assign IPs. Controlled by a DHCP Server for your environment.

EMI (electromagnetic interference)

A type of interference that may be caused by motors, power lines, televisions, copiers, fluorescent lights, or other sources of electrical activity.

Crosstalk

Is the signal crossing from one cable to another, this can be a confidentiality issue.

Attenuation

Is the signal getting weaker the farther it travels.

UTP (unshielded twisted-pair) cable

The most popular cabling method for local networks and is the least expensive and is commonly used on LANs. The cable is made of twisted pairs of wires and is not surrounded by shielding.

STP (Shielded twisted-pair cable)

A cable that is made of one or more twisted pairs of wires and is surrounded by a metal shield.

SYN, SYN-ACK, ACK Handshake

is a three-way handshake process used in TCP (Transmission Control Protocol) to establish a reliable connection between a client and a server for data transmission. Transport - Layer 4

SDN (Software Defined Networking)

Allows network administrators via software to initialize, control, change, and manage network behavior dynamically.

Network Access Control (NAC)