Chapter 3 Exploring network technologies and tools

OSI Model

Open system interconnection model

Seven layers of OSI

Physical, Data link, Network, Transport, Session, Presentation, Application

Physical

Basic equipment of networking, copper wires, fiber optic cables, radio wavs

Data Link

Network Switches and media access control (MAC) addresses

Network

Introduces IP addresses

Transport

End to end comms services for apps.

Transmission control protocol (TCP) and User datagram protocol (UDP)

Session

Establishes, manages, and terminates sessions between apps.

Presentation

Translates data into a standard format that can be understood.

Provides encryption, compression and data transformation

Application

Provides network services to app communications with other apps over the network

Transmission control protocol (TCP)

Connection oriented traffic

User datagram protocol (UDP)

Provides connectionless sessions

Best effort to deliver data without extra traffic

Insecure protocols for data transfer

File transfer protocol (FTP)

trivial file transfer protocol (TFTP)

Secure sockets layer (SSL)

Secure alternatives for data in transit

Transport layer security (TLS)

Internet protocol security (IPSEC)

Secure shell (SSH)

Secure file transfer protocol (SFTP)

File transfer protocol secure (FTPS)

Secure Shell (SSH)

Encrypts traffic in transit

Uses TCP port 22

Common email and web protocols

Simple mail transfer protocol (SMTP)

Post office protocol (POP3)

Internet message access protocol (IMAP)

Hypertext transfer protocol (HTTP)

simple mail transfer protocol (SMTP)

Transfers email between clients

uses TCP port 25

TCP port 587 for added TLS encryption

Post office protocol (POP3)

Transfer emails from servers to end users

Use TCP port 110 for unencrypted

Use TCP port 995 for encrypted

Internet message access protocol (IMAP)

Store email on a mail server, organize and manage email in folders

Use TCP port 143 unencrypted

993 for encrypted

Hypertext transfer protocol (HTTP)

Transmits web traffic between servers

Use TCP port 80

Use TCP port 443 with TLS encryption

Enhancing email security

Sender policy framework (SPF)

Domain keys identified mail (DKIM)

Domain based message authentication, reporting and conformance (DMARC)

Lightweight Directory access protocol (LDAP)

LDAPS (LDAPSecure)

Formats and methods used to query directories

Use TCP port 389 for unencrypted

port 636 for encrypted

Voice and video use cases protocols

real time transport protocol (RTP)

voice over internet protocol (VOIP)

secure real time transport protocol (SRTP)

Session initiation protocol (SIP)

Remote desktop protocol (RDP)

Used to connect to other systems remotely

uses TCP port 3389, usually is blocked by firewall

Domain name system (DNS)

Primary purpose is for domain name resolution.

Resolves hostnames to IP adresses.

Risk of DNS

DNS poisoning

Switches

Connects devices on a local network.

Media access control (MAC) addresses to physical ports

Hardening switches

Port security

MAC filtering

Routers

Connects networks to each other based on destination IP address

Use firewalls and access control lists (ACL) to allow/block traffic

Implicit deny

Unless something is explicitly allowed, it is denied

Route command

used to view and manipulate the routing table.

Firewall

filters incoming and outgoing traffic for host or between networks

Types of firewalls

Stateless, stateful, Web app, Next Gen

Fail-open

Allows all traffic to pass when security device fails

Fail-closed

Closes all traffic if device fails

Network address translation (NAT)

Translates IP public to private and vice versa

Hides IP addresses on internal networks from the internet

Physical isolation and air gap

Ensures networks aren’t connected to another

Segmentation

routers use ACL for traffic

firewalls filter traffic using packet-filter rules

Logical separation

Virtual local area network (VLAN) segments traffic between logical groups

Proxy servers

Forward requests for servers from clients mostly HTTP and HTTPS

Jump server

Placed between different security zones and provide secure access from devices in one zone to another