Networking and its Security overview for cybersecurity

• Networking serves as the foundation of the interconnected world we live in, enabling seamless communication and data exchange. Understanding the basics of networking is crucial for building a secure and robust digital infrastructure.
• The Internet is a global network of interconnected devices using transmission mediums and a set of protocols such as TCP/IP, HTTP, and DNS for sending and receiving data.
• In 1983, the Transmission Control Protocol/Internet Protocol (TCP/IP) became the standard suite of communication protocols that underlies the Internet. This transition was pivotal for the development and expansion of the global network.
• In 1984, the Open Systems Interconnection (OSI) model was introduced. The OSI model provides a conceptual framework for understanding and designing network architectures, offering a systematic approach to communication protocols.
• Packet - A packet is the fundamental unit of data transmitted over a network, employing protocols like TCP/UDP, encapsulating source and destination addresses, packet type, and data, with an overall size ranging from 64 to 1518 bytes, encompassing Ethernet, IP, TCP/UDP, HTTP headers, and payload; its transmission speed is measured in bits per second (Kbps, Mbps, Gbps), not bytes per second.
• Service is a specific functionality provided by network devices and servers, that configured to run on specific ports and secured using authentication and encryption Whereas, Protocol is a set of rules that determine how data is transmitted between different devices in a network, while Port is Virtual communication channel used by network protocols to identify which specific services or application running on computer or network device (65535).
• Network devices are physical entities or equipment operating at different layers of the network stack, facilitating communication and data transfer within a network. 1. Physical Layer - Cable, Repeater, Unguided media (Radiowave, Infrared), Hub, Modem, Network Interface Card (NIC) 2. Data-link Layer - Bridge, Switch, Network Interface Card (NIC) 3. Network Layer - Router, Layer 3 Switch, Gateway

Networking Model -

• Networking Model encopasses Networking concept that divided into several layers where each layer assigned particular task. This layering helps in designing, understanding, and troubleshooting complex network systems more effectively.

OSI Vs TCP/IP Model -

• OSI (Open Systems Interconnection) Model: A conceptual framework with seven layers, providing a systematic approach to network design and communication. Reference model by ISO(International Organization for Standardization) in 1984.
• TCP/IP (Transmission Control Protocol/Internet Protocol) Model: A practical and widely used networking model with four layers, serving as the foundation for the Internet. Design and develop by ARPANET.
• Difference between layer in OSI and TCP/IP -

Physical Layer (Layer 1) -

• Serves as the foundational level in networking, managing the physical connection between devices through various transmission media, including guided (wired) and unguided (wireless signal) options.
• Devices such as hubs, repeaters, modems, and cables operate within this layer. Its primary function involves the transmission of binary signals (0s and 1s), utilizing analog or digital formats. Bit synchronization is achieved through a clock, and bitrate control determines the number of bits transmitted per second.
• The Physical Layer accommodates transmission modes like simplex, half-duplex, and full-duplex, contributing to efficient communication. Additional Carrier Sense Multiple Access (CSMA), Collision Detection/Avoidance (CD/CA), and Broadcast mechanisms, influencing network access.
• Physical layer attacks such as eavesdropping, jamming, EMI (Electromagnetic Interference), and fiber tapping are crucial aspects integrated into the robust functionality of the Physical Layer.

Data-Link Layer (Layer 2) -

• Involving the encapsulation of packets into frames, taking into account the size of the NIC card in the host machine. Devices such as switches and bridges operate within this layer, utilizing protocols like ARP and STP.
• Framing, a key functionality, involves constructing frames with headers (destination), packets, and trailers (sender). Error and flow control are managed through CRC, ensuring the detection and retransmission of damaged or lost frames.
• Access control is implemented to determine channel control.
• Sublayers include Logical Link Control (LLC) for encapsulating MAC addresses and Media Access Control (MAC) for establishing a link between LLC and the Physical Layer.
• Importanct topics in this layer include Ethernet frames, types of casting, switching modes and techniques, VLANs, ACLs, ARP/RARP, VPNs, error detection/correction/flow control, Spanning Tree Protocol, 802.1 AE/Encryption, Wi-Fi.
• Data-link layer attacks like MAC Spoofing and ARP Spoofing.

Network Layer (Layer 3) -

• Operating at the source-to-destination level, manages routing and packet forwarding, crucially selecting the shortest path for transmission and converting segments into packets while adding sender and receiver IP addresses to the header.
• Routers, key devices at this layer, employ protocols such as IPv4, IPv6, ICMP (Internet Control Message Protocol), and IGMP (Internet Group Management Protocol).
• Functionalities include packetizing data, guiding packets through the network via routing decisions, and addressing through IP address assignment, facilitating internetworking across different networks.
• This layer encompass IPv4 and IPv6 addressing, distinctions between classful and classless routing, subnetting strategies, Network Address Translation (NAT) and gateway functions, Static and Dynamic routing protocols, such as OSPF and EIGRP, ICMP and IGMP protocols for management and control, along with network performance metrics like Ping, Time-to-Live (TTL), Jitter, and Latency considerations.
• Additionally, IPSec protocol ensures secure communication over the network.
• Network-layer threats, including IP Spoofing, Smurf, ICMP Flooding, Ping of Death, and Routing Table overflow, along with DHCP Starvation, Flooding, Spoofing, Client-Hijacking, and Option Injection attacks.

Transport Layer (Layer 4) -

• Operating at the point-to-point or host-to-host level, responsible for breaking data into smaller units known as segments for transmission. These segments are then equipped with source and destination port numbers and sequence numbers.
• The layer ensures reliable communication by providing acknowledgments (ACK) for successful data transmission and re-transmitting data in the event of errors.
• Key functionalities encompass port addressing, segmentation, and reassembly of data, as well as flow and error control.
• Protocols such as TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) determine the specific mechanisms for achieving these functions. UDP, a connectionless protocol, contrasts with TCP, which is connection-oriented, emphasizing speed and simplicity over reliability.
• Additionally, SSL/TLS protocols provide secure communication, and SCTP introduces features like multi-streaming and multi-homing. The sliding window protocol optimizes data transfer efficiency.
• Within this layer, threats such as UDP Flood, SYN/SYN-ACK Flood, and TCP Session/Hijacking.

Session Layer (Layer 5) -

• Responsible for establishing and maintaining sessions, as well as handling authentication and synchronization between communicating entities.
• This layer ensures that data exchange occurs in an organized and secure manner, facilitating effective communication by managing the establishment, maintenance, and termination of sessions between applications on different devices.
• Additionally, the Session Layer includes mechanisms for authentication to verify the identities of communicating parties and synchronization to coordinate the timing of data exchange within the session.

Presentation Layer (Layer 6) -

• Focuses on extracting and manipulating data into the required format for transmission over the network. It handles tasks such as compression and encryption/decryption, ensuring efficient data transfer and security.
• This layer is responsible for translating between the application layer's data format and the network's standardized format, enhancing interoperability between different systems and applications.
• Additionally, it plays a crucial role in data compression to optimize bandwidth usage and encryption for securing sensitive information during transmission.

Application Layer (Layer 7) -

• Operating at the process-to-process level, represents actual applications that generate data for network transfer, providing services closest to end-users. The Application Layer plays a crucial role in enabling users to interact seamlessly with network services and applications.
• This layer incorporates various protocols, including HTTP/S, DHCP, DNS, SFTP, and SNMP, facilitating communication between software applications.
• It supports a wide array of functionalities, encompassing file transfer access and management (FTAM), mail and directory services, and Network Virtual Terminal (NVT) for standardized communication between different computer systems.
• Specific protocols such as HTTP for web browsing, DHCP for dynamic IP address allocation, DNS (and DNSSEC for security enhancements), WHOIS for querying domain registration information, TACAS+ for remote authentication, TELNET for remote terminal access, FTP for file transfer, SMTP/IMAP/POP3 for email services, SNMP for network management, SSH for secure remote access, and NTP for time synchronization, showcase the diverse applications within this layer.
• However, the Application Layer is susceptible to various attacks, including HTTP Flood, DoS/DDoS, Slowris, DNS Hijacking/Cache Poisoning, Session Hi-jacking, and Bot/Botnet attacks necessitating robust security measures to protect against these threats.

Networking Attacks at each layer -

• Networking attacks involve unauthorized attempts to exploit vulnerabilities in computer networks, aiming to gain unauthorized access, disrupt services, or steal sensitive information. These attacks can take various forms, including malware, phishing, and denial-of-service attacks.
• Layer | Protocol | Use cases of layer | Attack on that layer

Network and its Security -

• Network security is a comprehensive field encompassing various strategies and technologies to safeguard data, systems, and communications from unauthorized access, attacks, and disruptions.
• The use of proxies, both forward and reverse, enhances security by acting as intermediaries between users and servers, providing additional layers of protection.
• Virtual Private Networks (VPNs) ensure secure and private communication over the internet, while TOR (The Onion Router) enhances anonymity by routing traffic through a series of volunteer-operated servers.
• Zero Trust Network Access (ZTNA) transforms traditional security models, adopting a trust-no-one approach, and Endpoint Security coupled with Data Loss Prevention (DLP) strategies fortify individual devices against threats and data leakage.
• Honeypots and Honeynets act as decoys, luring attackers to gather intelligence on their tactics and methods.
• Secure Access Service Edge (SASE) and Secure Web Gateways (SWG) provide cloud-based security solutions, while firewalls establish barriers against unauthorized access.
• Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Managed Detection and Response (MDR), and Security Information and Event Management (SIEM) collectively contribute to threat detection, prevention, and response.
• Authentication mechanisms like OpenID, OAuth, SAML, and Single Sign-On (SSO) ensure secure user access, while Authorization methods such as Role-Based Access Control (RBAC), Discretionary Access Control (DAC), and Mandatory Access Control (MAC) govern resource permissions.
• This evolving landscape leverages advanced automation and artificial intelligence to adapt and respond to emerging cybersecurity challenges effectively.

Networking Automation -

• SD-WAN (Software-Defined Wide Area Network) is a revolutionary approach to networking that leverages software-defined principles to optimize the management of wide area networks.
• Traditionally, WANs relied on hardware-based infrastructure, but SD-WAN introduces flexibility and agility by decoupling the control plane from the underlying hardware.
• This allows for centralized control and management of network resources, enabling efficient and dynamic traffic routing based on application requirements, network conditions, and security policies.
• SD-WAN solutions often incorporate features like application-based routing, traffic optimization, and secure connectivity, utilizing a mix of private and public network connections.
• By providing enhanced visibility and control, SD-WAN simplifies network management, improves performance, and reduces costs, making it particularly valuable for organizations with distributed branch offices or those adopting cloud-based applications.

Cryptography -

• A cryptographic system is a crucial component of network security, utilizing mathematical algorithms to encode and decode information to protect it from unauthorized access or modification during transmission.
• Cryptographic systems can be broadly categorized into two types: symmetric key cryptography, where the same secret key is used for both encryption and decryption, and asymmetric key cryptography, employing a pair of public and private keys for different functions.
• The importance of the secret key, particularly in symmetric key cryptography, lies in its role as a shared secret between communicating parties.
• It serves as the cornerstone for secure communication, ensuring that only authorized entities possessing the secret key can decipher and access the protected information. The security of the entire cryptographic system hinges on the secrecy and robustness of this key.
• Consequently, effective key management practices, including key generation, distribution, storage, and revocation, are paramount to maintaining the integrity and confidentiality of data in networking environments.

Summary -

• Networking is the interconnected communication of devices through layers like the OSI model, using protocols for data transfer. Security in networking involves safeguarding against attacks at different layers, such as encryption for confidentiality, firewalls for traffic control, and intrusion detection systems for threat monitoring.
• It requires implementing secure authentication, regularly updating systems, and educating users. VPNs and security frameworks like Zero Trust enhance overall network security, ensuring the reliability and protection of data in interconnected environments.